Lucene search
K

7 matches found

CVE
CVE
added 2019/12/23 2:40 a.m.748 views

CVE-2019-11049

CVE-2019-11049 affects PHP 7.3.x with versions below 7.3.13 and PHP 7.4.0 on Windows. The issue arises when supplying custom headers to mail() with the header in lowercase, which can cause double-free of memory locations. There are no exploitation details in the provided documents beyond this des...

9.8CVSS7.8AI score0.04218EPSS
CVE
CVE
added 2019/12/23 2:40 a.m.662 views

CVE-2019-11045

In PHP, DirectoryIterator vulnerability CVE-2019-11045 affects PHP 7.2.x < 7.2.26, 7.3.x

5.9CVSS7AI score0.08818EPSS
CVE
CVE
added 2019/12/23 2:40 a.m.657 views

CVE-2019-11050

CVE-2019-11050 concerns the PHP EXIF extension: when parsing EXIF data via exif_read_data(), PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13, and 7.4.0 allow data to read beyond the allocated buffer, leading to potential information disclosure or a crash. Connected advisories confirm the vuln...

6.5CVSS7.1AI score0.07624EPSS
CVE
CVE
added 2019/12/23 2:40 a.m.513 views

CVE-2019-11046

Summary (CVE-2019-11046) : PHP versions affected are 7.2.x below 7.2.26, 7.3.x below 7.3.13, and 7.4.0. The vulnerability is in the bcmath extension where a string containing characters identified as numeric by the OS but not ASCII digits can cause reading beyond allocated space, potentially disc...

5.3CVSS6.4AI score0.04082EPSS
CVE
CVE
added 2019/12/23 2:40 a.m.461 views

CVE-2019-11044

The CVE-2019-11044 issue affects PHP when running on Windows, where the link() function accepts filenames with embedded null bytes and treats them as terminating at that byte. Affected PHP versions are 7.2.x below 7.2.26, 7.3.x below 7.3.13, and 7.4.0 on Windows. The underlying cause is null-byte...

7.5CVSS6.7AI score0.05124EPSS
CVE
CVE
added 2018/08/02 7:0 p.m.55 views

CVE-2018-1154

The CVE-2018-1154 issue affects SecurityCenter prior to version 5.7.0, where an unauthenticated attacker could enumerate username aliases by brute-forcing responses, potentially leading to unauthorized access. The issue’s root cause is a username enumeration mechanism; mitigation configured in th...

8.8CVSS8.5AI score0.00673EPSS
CVE
CVE
added 2018/08/02 7:0 p.m.51 views

CVE-2018-1155

Tenable SecurityCenter (pre-5.7.0) is affected by an XSS vulnerability in the Reports feature: an authenticated attacker can inject JavaScript via the image filename parameter due to insufficient input validation. The issue is addressed in versions 5.7.0 and later through updated input validation...

5.4CVSS5.3AI score0.00569EPSS