7 matches found
CVE-2019-11049
CVE-2019-11049 affects PHP 7.3.x with versions below 7.3.13 and PHP 7.4.0 on Windows. The issue arises when supplying custom headers to mail() with the header in lowercase, which can cause double-free of memory locations. There are no exploitation details in the provided documents beyond this des...
CVE-2019-11045
In PHP, DirectoryIterator vulnerability CVE-2019-11045 affects PHP 7.2.x < 7.2.26, 7.3.x
CVE-2019-11050
CVE-2019-11050 concerns the PHP EXIF extension: when parsing EXIF data via exif_read_data(), PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13, and 7.4.0 allow data to read beyond the allocated buffer, leading to potential information disclosure or a crash. Connected advisories confirm the vuln...
CVE-2019-11046
Summary (CVE-2019-11046) : PHP versions affected are 7.2.x below 7.2.26, 7.3.x below 7.3.13, and 7.4.0. The vulnerability is in the bcmath extension where a string containing characters identified as numeric by the OS but not ASCII digits can cause reading beyond allocated space, potentially disc...
CVE-2019-11044
The CVE-2019-11044 issue affects PHP when running on Windows, where the link() function accepts filenames with embedded null bytes and treats them as terminating at that byte. Affected PHP versions are 7.2.x below 7.2.26, 7.3.x below 7.3.13, and 7.4.0 on Windows. The underlying cause is null-byte...
CVE-2018-1154
The CVE-2018-1154 issue affects SecurityCenter prior to version 5.7.0, where an unauthenticated attacker could enumerate username aliases by brute-forcing responses, potentially leading to unauthorized access. The issue’s root cause is a username enumeration mechanism; mitigation configured in th...
CVE-2018-1155
Tenable SecurityCenter (pre-5.7.0) is affected by an XSS vulnerability in the Reports feature: an authenticated attacker can inject JavaScript via the image filename parameter due to insufficient input validation. The issue is addressed in versions 5.7.0 and later through updated input validation...