Lucene search
K

74 matches found

CVE
CVE
added 2019/03/11 7:0 a.m.404 views

CVE-2019-9675

CVE-2019-9675 affects PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. The issue is a buffer overflow in phar_tar_writeheaders_int (ext/phar/tar.c) triggered by a long link value; vendor notes the link value is only used if an archive contains a symlink, which currently cannot happen, making a pract...

8.1CVSS8.6AI score0.06021EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2019/03/11 7:0 a.m.25 views

CVE-2019-9675

An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phartarwriteheadersint in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue...

8.7AI score0.06021EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2019/03/11 7:0 a.m.31 views

CVE-2019-9675

Removed by vendor...

8.1CVSS8.9AI score0.06021EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/03/11 12:0 a.m.23 views

CVE-2019-9675

An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phartarwriteheadersint in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue...

8.1CVSS7.1AI score0.06021EPSS
Exploits0References5
NVD
NVD
added 2019/02/22 11:29 p.m.19 views

CVE-2019-9022

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dnsgetrecord misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects phpparser...

7.5CVSS8.2AI score0.04188EPSS
Exploits1References12
CVE
CVE
added 2019/02/22 11:0 p.m.601 views

CVE-2019-9022

CVE-2019-9022 affects PHP 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.2. dns_get_record may misparse a DNS response, enabling a hostile DNS server to cause memcpy misuse and read past the buffer allocated for DNS data in php_parserr (ext/standard/dns.c) for DNS_CAA and DNS_...

7.5CVSS8.3AI score0.04188EPSS
Exploits1References12Affected Software1
Debian CVE
Debian CVE
added 2019/02/22 11:0 p.m.30 views

CVE-2019-9022

Removed by vendor...

7.5CVSS8.7AI score0.04188EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2019/02/22 12:0 a.m.22 views

CVE-2019-9022

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dnsgetrecord misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects phpparser...

7.5CVSS7AI score0.04188EPSS
Exploits1References4
Prion
Prion
added 2019/01/27 2:29 a.m.36 views

Heap overflow

gdImageColorMatch in gdcolormatch.c in the GD Graphics Library aka LibGD 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigg...

6.8CVSS9AI score0.65116EPSS
Exploits7References19Affected Software4
CVE
CVE
added 2018/08/03 1:0 p.m.192 views

CVE-2018-14884

CVE-2018-14884 affects PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. The issue is caused by inappropriately parsing an HTTP response: http_header_value in ext/standard/http_fopen_wrapper.c can be NULL and mishandled in an atoi call, leading to a segmentation fault. Affecte...

7.5CVSS7.3AI score0.03185EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2018/08/03 1:0 p.m.24 views

CVE-2018-14884

Removed by vendor...

7.5CVSS7.7AI score0.03185EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2018/08/02 3:29 p.m.42 views

CVE-2017-9120

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a long string because of an Integer overflow in mysqlirealescapestring...

9.8CVSS6.9AI score0.07562EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2018/08/02 12:0 a.m.87 views

CVE-2017-9120

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a long string because of an Integer overflow in mysqlirealescapestring. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

9.8CVSS6.6AI score0.07562EPSS
In wildExploits1References4
Amazon
Amazon
added 2018/04/05 12:0 a.m.53 views

Medium: php70, php56

Issue Overview: Stack-based buffer under-read in ext/standard/httpfopenwrapper.c:phpstreamurlwraphttpex function when parsing HTTP response allows denial of service In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read...

9.8CVSS9AI score0.87606EPSS
Exploits3
OSV
OSV
added 2017/11/07 9:29 p.m.48 views

CVE-2017-16642

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelibmeridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c...

7.5CVSS6.2AI score
Exploits0References13
Debian CVE
Debian CVE
added 2017/07/17 6:0 a.m.42 views

CVE-2017-11362

Removed by vendor...

9.8CVSS8.6AI score0.0291EPSS
Exploits0
Cvelist
Cvelist
added 2017/07/10 2:0 p.m.39 views

CVE-2016-10397

In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:[email protected]/ and evil.example.com:[email protected]/ inputs to the parseurl...

8.3AI score0.01908EPSS
Exploits0References7
Amazon
Amazon
added 2017/01/26 12:0 a.m.63 views

Medium: php70

Issue Overview: The SplObjectStorage unserialize implementation in ext/spl/splobserver.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service uninitialized memory access via crafted serialized data...

9.8CVSS10AI score0.46801EPSS
Exploits8
OSV
OSV
added 2017/01/04 8:59 p.m.59 views

CVE-2016-9936

The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834...

9.8CVSS7.9AI score
Exploits0References7
Cvelist
Cvelist
added 2017/01/04 8:0 p.m.46 views

CVE-2016-9936

The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834...

8.8AI score0.04303EPSS
Exploits2References7
Rows per page
Query Builder