EUVD-2019-18407

Malware in sbrugna...

Oracle Linux 7 : php (ELSA-2020-1112)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1112 advisory. - fix underflow in envpathinfo in fpmmain.c CVE-2019-11043 - fix stack-buffer-overflow while parsing HTTP response CVE-2018-7584 - fix out-of-bounds re...

K37681312: PHP vulnerability CVE-2019-9020

Security Advisory Description An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpcdecode can lead to an invalid memory access heap out of bounds read or read after free. This is related to xmlelemparsebu...

SUSE CVE-2019-9020

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpcdecode can lead to an invalid memory access heap out of bounds read or read after free. This is related to xmlelemparsebuf in...

SUSE CVE-2019-9024

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpcdecode can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64decodexmlrpc in ext/xmlrpc/libxmlrpc/base64.c...

php: Invalid memory access in function xmlrpc_decode()

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpcdecode can lead to an invalid memory access heap out of bounds read or read after free. This is related to xmlelemparsebuf in...

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-1100)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for php7 (openSUSE-SU-2019:1572-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for php5 (openSUSE-SU-2019:1256-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : php5 (openSUSE-2019-1256)

This update for php5 fixes the following issues : Security issues fixed: - CVE-2019-9024: Fixed a vulnerability in xmlrpcdecode function which could allow to a hostile XMLRPC server to cause memory read outside the allocated areas bsc1126821. - CVE-2019-9020: Fixed a heap out of bounds in...

Security update for php5 (moderate)

openSUSE Security Update: Security update for php5 Announcement ID: openSUSE-SU-2019:1256-1 Rating: moderate References: 1126711 1126713 1126821 1126823 1127122 1128722 Cross-References: CVE-2018-20783 CVE-2019-9020 CVE-2019-9021 CVE-2019-9023 CVE-2019-9024 CVE-2019-9641 Affected Products: openSU...

SUSE SLES11 Security Update : php53 (SUSE-SU-2019:14013-1)

This update for php53 fixes the following issues : Security issues fixed : CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension bsc1128892. CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory...

EulerOS Virtualization 2.5.3 : php (EulerOS-SA-2019-1265)

According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the...

PHP has an unspecified vulnerability (CNVD-2019-42540)

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development, supports a variety of databases and operating systems. A...

Design/Logic Flaw

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpcdecode can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64decodexmlrpc in ext/xmlrpc/libxmlrpc/base64.c...

CVE-2019-9020

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpcdecode can lead to an invalid memory access heap out of bounds read or read after free. This is related to xmlelemparsebuf in...

CVE-2019-9020

CVE-2019-9020 affects PHP versions before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. It stems from invalid input to xmlrpc_decode(), enabling a heap out-of-bounds read via xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c. The impact is a memory access issue th...

EUVD-2019-18411

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpcdecode can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64decodexmlrpc in ext/xmlrpc/libxmlrpc/base64.c...

CVE-2019-9020

Removed by vendor...

CVE-2019-9024

CVE-2019-9024 affects PHP’s xmlrpc_decode() path via base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c. A hostile XMLRPC server can cause memory to be read outside allocated areas. Affected: PHP 5.6.x before 5.6.40; PHP 7.x before 7.1.26; 7.2.x before 7.2.14; 7.3.x before 7.3.1. Remediation (...