Lucene search
K

47 matches found

Tenable Nessus
Tenable Nessus
added 2019/01/31 12:0 a.m.17 views

PHP 7.1.x < 7.1.20 exif_thumbnail_extract() DoS

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.37 or 7.1.x prior to 7.1.20. It is, therefore, affected by a denial of service vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's...

7.5CVSS6.9AI score0.08975EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2019/01/09 12:0 a.m.17 views

PHP 7.1.x < 7.1.6 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.6. It is, therefore, affected by the following vulnerabilities : - A flaw exists in zendhashaddorupdatei within file main/phpini.c when handling a malformed php.ini file. An attacker can exploit thi...

8.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/01/09 12:0 a.m.79 views

PHP 7.1.x < 7.1.7 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.7. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the GD Graphics Library LibGD in the gdImageCreateFromGifCtx function within file gdgifin.c...

9.8CVSS9.7AI score0.07511EPSS
Exploits5References13
Tenable Nessus
Tenable Nessus
added 2019/01/09 12:0 a.m.16 views

PHP 7.1.x < 7.1.15 Stack Buffer Overflow

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.15. It is, therefore, affected by a stack buffer overflow vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

9.8CVSS10AI score0.87606EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2019/01/09 12:0 a.m.17 views

PHP 7.1.x < 7.1.2 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.2. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in mysqli.c due to a memory leak. An unauthenticated, remote attacker can exploit this to...

8.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/01/09 12:0 a.m.50 views

PHP 7.1.x < 7.1.1 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.1. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists that is triggered when handling unserialized object properties. An unauthenticated, remote attacker c...

9.8CVSS9.5AI score0.41943EPSS
Exploits4References9
OSV
OSV
added 2018/08/03 1:29 p.m.23 views

CVE-2018-14884

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because httpheadervalue in ext/standard/httpfopenwrapper.c can be a NULL value that is mishandled in an atoi call...

7.5CVSS6.6AI score
Exploits0References4
AlpineLinux
AlpineLinux
added 2018/08/02 7:0 p.m.44 views

CVE-2018-14851

exifprocessIFDinMAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted JPEG file...

5.5CVSS6.3AI score0.04306EPSS
Exploits0
Prion
Prion
added 2018/03/01 7:29 p.m.38 views

Stack overflow

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in copying a large string...

7.5CVSS9.4AI score0.87606EPSS
Exploits3References14Affected Software3
CVE
CVE
added 2018/02/19 7:0 p.m.994 views

CVE-2015-9253

CVE-2015-9253 affects PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and earlier than 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, system) with a non-blocking STDIN stream, causing the m...

6.8CVSS7.7AI score0.04255EPSS
Exploits1References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/01/12 12:0 a.m.207 views

PHP 7.1.x < 7.1.13 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.13. It is, therefore, affected by the following vulnerabilities : - A denial of service DoS vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gdgifin.c script...

7.5CVSS7.1AI score0.79949EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2017/10/23 12:0 a.m.22 views

openSUSE Security Update : cacti and cacti-spine (openSUSE-2017-1173)

This update for cacti and cacti-spine fixes the following issues : Build version 1.1.26 - issue841: --input-fields variable not working with addgraphs.php cli - issue986: Resolve minor appearance problem on Modern theme - issue989: Resolve issue with data input method commands loosing spaces on...

6.1CVSS7.1AI score0.0107EPSS
Exploits1References2
Hacker One
Hacker One
added 2017/08/18 1:24 p.m.49 views

Internet Bug Bounty: Heap Use After Free in unserialize()

ext/standard/varunserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zvalgettype function in Zend/zendtypes.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP. This...

5CVSS8.8AI score0.03634EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2017/08/18 3:29 a.m.27 views

CVE-2017-12932

ext/standard/varunserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an...

9.8CVSS7.2AI score0.0742EPSS
Exploits0References2
Prion
Prion
added 2017/08/18 3:29 a.m.22 views

Design/Logic Flaw

ext/standard/varunserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an...

7.5CVSS9.6AI score0.0742EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2017/08/18 3:29 a.m.27 views

CVE-2017-12932

ext/standard/varunserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an...

9.8CVSS6.9AI score
Exploits0References9
UbuntuCve
UbuntuCve
added 2017/08/18 3:29 a.m.27 views

CVE-2017-12934

ext/standard/varunserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zvalgettype function in Zend/zendtypes.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP...

7.5CVSS7.2AI score0.03634EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2017/08/18 3:0 a.m.47 views

CVE-2017-12934

Removed by vendor...

7.5CVSS8.6AI score0.03634EPSS
Exploits0
CVE
CVE
added 2017/08/18 3:0 a.m.131 views

CVE-2017-12934

PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 are vulnerable to a heap use-after-free in unserializing untrusted data, specifically in ext/standard/var_unserializer.re, tied to the zval_get_type function in Zend/zend_types.h. Exploitation can impact PHP integrity (official CVE description: CVE-2...

7.5CVSS8.5AI score0.03634EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/05/25 12:0 a.m.96 views

PHP 7.1.x < 7.1.5 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.5. It is, therefore, affected by the following vulnerabilities : - A memory allocation issue exists in the zendstringextend function in file Zend/zendstring.h when concatenating strings due to a...

9.8CVSS7.1AI score0.07191EPSS
Exploits2References3
Rows per page
Query Builder