CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

233 matches found

Tenable Nessus•added 2020/07/30 12:0 a.m.•53 views

EulerOS 2.0 SP8 : php (EulerOS-SA-2020-1821)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function...

9.1CVSS7.4AI score0.93869EPSS

Exploits13References9

RedHat Linux•added 2020/04/28 4:8 p.m.•4 views

php: Heap-based buffer over-read in mbstring regular expression functions

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in...

9.8CVSS7.5AI score0.10503EPSS

Exploits1References4

Veracode•added 2020/04/10 12:31 a.m.•43 views

Arbitrary Code Execution

php is vulnerable to arbitrary code execution. A heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to crash or, possibly, execute arbitrary code...

10CVSS5.6AI score0.29698EPSS

Exploits2References31Affected Software1

Veracode•added 2020/04/10 12:15 a.m.•30 views

Arbitrary Code Execution

php is vulnerable to arbitrary code execution. A flaw was found in the way the mbstring extension set global variables. A script which used the mbparsestr function to set global variables could be forced to enable the registerglobals configuration option, possibly resulting in global variable...

6.8CVSS2.6AI score0.25606EPSS

Exploits1References32Affected Software1

Tenable Nessus•added 2020/03/27 12:0 a.m.•51 views

Fedora 30 : php (2020-ce5a2a7403)

PHP version 7.3.16 19 Mar 2020 Core: - Fixed bug php63206 restoreerrorhandler does not restore previous errors mask. Mark Plomer DOM: - Fixed bug php77569: Write Access Violation in DomImplementation. Nikita, cmb - Fixed bug php79271 DOMDocumentType::$childNodes is NULL. cmb Enchant: - Fixed bug...

8.8CVSS7AI score0.04994EPSS

Exploits3References4

Tenable Nessus•added 2020/03/26 12:0 a.m.•63 views

Fedora 31 : php (2020-0bf228857a)

8.8CVSS7AI score0.04994EPSS

Exploits3References4

Mageia•added 2020/03/06 4:13 p.m.•69 views

Updated php packages fix bugs and security vulnerabilities

Updated php packages fix bugs and security vulnerabilities: Core: - Fixed bug 71876 Memory corruption htmlspecialchars: charset ' not supported. - Fixed bug 79146 cscript can fail to run on some systems. - Fixed bug 78323 Code 0 is returned on invalid options. - Fixed bug 76047 Use-after-free...

9.1CVSS8.3AI score0.03088EPSS

Exploits3References2

Tenable Nessus•added 2020/02/28 12:0 a.m.•51 views

Amazon Linux AMI : php73 (ALAS-2020-1347)

The version of php73 installed on the remote host is prior to 7.3.14-1.23. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1347 advisory. When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and...

9.1CVSS7.1AI score0.06404EPSS

Exploits2References5

Tenable Nessus•added 2020/02/28 12:0 a.m.•56 views

Amazon Linux AMI : php72 (ALAS-2020-1346)

The version of php72 installed on the remote host is prior to 7.2.27-1.20. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1346 advisory. When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and...

9.1CVSS7.1AI score0.06404EPSS

Exploits2References5

Tenable Nessus•added 2020/02/28 12:0 a.m.•48 views

Fedora 31 : php (2020-32f9a2b308)

PHP version 7.3.15 20 Feb 2020 Core: - Fixed bug php71876 Memory corruption htmlspecialchars: charset ' not supported. Nikita - Fixed bug php79146 cscript can fail to run on some systems. clarodeus - Fixed bug php78323 Code 0 is returned on invalid options. Ivan Mikheykin - Fixed bug php76047...

9.1CVSS7.2AI score0.03088EPSS

Exploits3References4

Amazon•added 2020/02/24 12:0 a.m.•69 views

Medium: php72

Issue Overview: When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...

9.1CVSS7.5AI score0.06404EPSS

Exploits2

OSV•added 2020/02/10 8:15 a.m.•41 views

CVE-2020-7060

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbflfiltconvbig5wchar to read past the allocated buffer. This may lead to information disclosur...

9.1CVSS6.3AI score

Exploits0References14

NVD•added 2020/02/10 8:15 a.m.•28 views

CVE-2020-7060

9.1CVSS7.5AI score0.06404EPSS

Exploits1References14

OSV•added 2020/02/10 8:15 a.m.•2 views

DEBIAN-CVE-2020-7060

9.1CVSS6.9AI score0.06404EPSS

Exploits1References1

Prion•added 2020/02/10 8:15 a.m.•30 views

Information disclosure

6.4CVSS8.6AI score0.06404EPSS

Exploits1References14Affected Software5

OSV•added 2020/02/10 8:15 a.m.•0 views

UBUNTU-CVE-2020-7060

9.1CVSS6.7AI score0.06404EPSS

Exploits1References3

UbuntuCve•added 2020/02/10 8:15 a.m.•48 views

CVE-2020-7060

9.1CVSS6.8AI score0.06404EPSS

Exploits1References2

CVE•added 2020/02/10 7:45 a.m.•654 views

CVE-2020-7060

CVE-2020-7060: In PHP mbstring mbfl_filt_conv_big5_wchar, crafted data can read past the allocated buffer, causing information disclosure or crash. Affected: PHP 7.2.x < 7.2.27, 7.3.x < 7.3.14, 7.4.x

9.1CVSS7.6AI score0.06404EPSS

Exploits1References14Affected Software1