Lucene search
K

9 matches found

Prion
Prion
added 2020/10/02 3:15 p.m.40 views

Information disclosure

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

5CVSS6.2AI score0.05029EPSS
Exploits2References15Affected Software6
Amazon
Amazon
added 2020/05/13 12:0 a.m.101 views

Medium: php73

Issue Overview: In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...

8.8CVSS7.4AI score0.04764EPSS
Exploits4
Debian CVE
Debian CVE
added 2020/02/10 7:45 a.m.59 views

CVE-2020-7059

When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...

9.1CVSS6.6AI score0.07402EPSS
Exploits1
NVD
NVD
added 2019/12/23 3:15 a.m.18 views

CVE-2019-11050

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure o...

6.5CVSS6.8AI score0.07624EPSS
Exploits1References13
Debian CVE
Debian CVE
added 2019/12/23 2:40 a.m.26 views

CVE-2019-11046

Removed by vendor...

5.3CVSS7.3AI score0.04082EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2019/12/23 2:40 a.m.42 views

CVE-2019-11045

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

5.9CVSS7.2AI score0.08818EPSS
Exploits1
Debian CVE
Debian CVE
added 2019/12/23 2:40 a.m.39 views

CVE-2019-11044

Removed by vendor...

7.5CVSS6.4AI score0.05124EPSS
Exploits2
Cvelist
Cvelist
added 2019/06/18 11:28 p.m.35 views

CVE-2019-11039 Out-of-bounds read in iconv.c

Function iconvmimedecodeheaders in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash...

4.2CVSS9.2AI score0.0313EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2008/06/04 12:0 a.m.9 views

PT-2008-3575 · Cisco · Cisco Asa 5500 Series Adaptive Security Appliances +2

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA and Cisco PIX security appliance versions 7.2.x through 7.231 Cisco Adaptive Security Appliance ASA and Cisco PIX security appliance versions 8.0.x through 8.0216 Description: The issue allows remote...

7.8CVSS7AI score0.01671EPSS
Exploits0References7
Rows per page
Query Builder