Lucene search
K

534 matches found

OSV
OSV
added 2020/02/27 9:15 p.m.3 views

UBUNTU-CVE-2020-7063

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function, the files are added with default permissions 0666, or all access even if the original files on the filesystem were with more restrictive permissions...

5.5CVSS6.8AI score0.01599EPSS
Exploits1References4
OSV
OSV
added 2020/02/27 9:15 p.m.2 views

UBUNTU-CVE-2020-7062

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.uploadprogress.cleanup is set to 0 disabled, and the file upload fails, the upload procedure would try to clean up data that does...

7.5CVSS6.7AI score0.0351EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2020/02/27 8:25 p.m.36 views

CVE-2020-7062

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.uploadprogress.cleanup is set to 0 disabled, and the file upload fails, the upload procedure would try to clean up data that does...

7.5CVSS8.6AI score0.0351EPSS
Exploits1
OSV
OSV
added 2020/02/10 8:15 a.m.2 views

DEBIAN-CVE-2020-7060

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbflfiltconvbig5wchar to read past the allocated buffer. This may lead to information disclosur...

9.1CVSS6.9AI score0.08888EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2020/02/10 7:45 a.m.59 views

CVE-2020-7059

When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...

9.1CVSS6.6AI score0.07402EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.60 views

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1058)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.3AI score0.9947EPSS
Exploits54References4
Positive Technologies
Positive Technologies
added 2019/12/26 12:0 a.m.7 views

PT-2019-4809 · Php +7 · Php +7

Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.26 PHP versions 7.3.x through 7.3.13 PHP versions 7.4.x through 7.4.1 Description: The issue is related to the use of certain mbstring functions for converting multibyte encodings, which can cause the mbfl filt...

9.8CVSS6.7AI score0.9947EPSS
Exploits102References432
VulnCheck KEV
VulnCheck KEV
added 2019/12/24 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-11043

In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution...

9.8CVSS7.2AI score0.9947EPSS
Exploits54References1
OSV
OSV
added 2019/12/23 3:15 a.m.3 views

CVE-2019-11046

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII...

5.3CVSS6.7AI score
Exploits0References14
OSV
OSV
added 2019/12/23 3:15 a.m.3 views

CVE-2019-11045

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

5.9CVSS6.8AI score
Exploits0References13
Positive Technologies
Positive Technologies
added 2019/12/21 12:0 a.m.4 views

PT-2019-4729 · Php +7 · Php +7

Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.25 PHP versions 7.3.x through 7.3.12 PHP version 7.4.0 Description: The issue is caused by a buffer overflow in the exif read data function of the PHP interpreter. This can allow a remote attacker to disclose...

9.8CVSS7.8AI score0.9947EPSS
Exploits101References427
RedHat Linux
RedHat Linux
added 2019/11/06 2:4 p.m.4 views

php: underflow in env_path_info in fpm_main.c

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution...

9.8CVSS7.7AI score0.9947EPSS
Exploits54References6
RedHat Linux
RedHat Linux
added 2019/11/01 1:3 p.m.4 views

php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpcdecode can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64decodexmlrpc in ext/xmlrpc/libxmlrpc/base64.c...

7.5CVSS7.4AI score0.0712EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2019/11/01 1:3 p.m.5 views

php: Heap-based buffer over-read in PHAR reading functions

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the...

9.8CVSS7.5AI score0.10059EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2019/11/01 1:3 p.m.3 views

php: Heap-based buffer over-read in mbstring regular expression functions

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in...

9.8CVSS7.5AI score0.09317EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2019/11/01 1:3 p.m.3 views

gd: Information disclosure in gdImageCreateFromXbm()

When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized...

5.3CVSS7AI score0.04332EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2019/11/01 1:3 p.m.5 views

gd: Heap-based buffer overflow in gdImageColorMatch() in gd_color_match.c

gdImageColorMatch in gdcolormatch.c in the GD Graphics Library aka LibGD 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigg...

8.8CVSS7.7AI score0.65116EPSS
Exploits7References4
OSV
OSV
added 2019/10/28 5:19 p.m.4 views

USN-4166-1 php7.0, php7.2, php7.3 vulnerability

It was discovered that PHP incorrectly handled certain paths when being used in FastCGI configurations. A remote attacker could possibly use this issue to execute arbitrary code...

9.8CVSS7.2AI score0.9947EPSS
Exploits54References2
Tenable Nessus
Tenable Nessus
added 2019/09/30 12:0 a.m.32 views

EulerOS 2.0 SP8 : php (EulerOS-SA-2019-2089)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below...

7.1CVSS6.5AI score0.0442EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2019/08/19 8:42 a.m.2 views

php: Buffer over-read in exif_read_data()

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...

9.1CVSS7.3AI score0.04068EPSS
Exploits1References4
Rows per page
Query Builder