27 matches found
CVE-2019-11043
CVE-2019-11043 affects PHP in FPM configurations where known underflow in env_path_info in fpm_main.c allows writing past buffers, enabling remote code execution. Affected versions are PHP 7.1.x < 7.1.33, 7.2.x < 7.2.24, and 7.3.x
CVE-2022-24785
CVE-2022-24785 concerns Moment.js where a path traversal vulnerability could be triggered in npm/server contexts when a user-supplied locale string is directly used to switch locales. Affected versions are Moment.js up to 2.29.1 (inclusive); the issue is patched in 2.29.2. The fixed version shoul...
CVE-2020-7069
CVE-2020-7069 affects PHP AES-CCM encryption: when using openssl_encrypt() with a 12-byte IV, only the first 7 bytes are used in versions 7.2.x < 7.2.34, 7.3.x < 7.3.23, and 7.4.x
CVE-2019-8331
CVE-2019-8331 affects Bootstrap: XSS in tooltip/popover data-template attribute observed in Bootstrap 3.4.1 and 4.3.x before 4.3.1. The underlying issue is an input that can inject script into a client browser when the vulnerable template is rendered. Affected versions include Bootstrap 3.x prior...
CVE-2021-21707
CVE-2021-21707 affects PHP 7.3.x < 7.3.33, 7.4.x < 7.4.26, and 8.0.x
CVE-2020-7070
CVE-2020-7070 affects PHP 7.2.x < 7.2.34, 7.3.x < 7.3.23 and 7.4.x
CVE-2021-41182
CVE-2021-41182 is an XSS in the jQuery-UI Datepicker altField path (embedded in some OTRS deployments). Affected version observed as 1.12.1 copy; the issue is fixed in jQuery UI 1.13.0 by treating any altField value as a CSS selector. Debris from related CVEs (41183/41184) describe similar issues...
CVE-2020-7065
CVE-2020-7065 concerns PHP mb_strtolower() with UTF-32LE encoding. Affects PHP 7.3.x below 7.3.16 and 7.4.x below 7.4.4; invalid strings can cause a stack-allocated buffer overrun, leading to memory corruption, crashes, and potential code execution. Publicly documented fixes appear in PHP 7.3.16+...
CVE-2021-41184
CVE-2021-41184 describes an XSS in jQuery-UI before 1.13.0 where untrusted input passed to the of option of the .position() utility could lead to code execution. The connected documents confirm the issue affects jQuery-UI embedded in other software (e.g., OTRS/IU contexts) and state the fix is to...
CVE-2020-7068
CVE-2020-7068 affects PHP’s phar_parse_zipfile when processing PHAR archives. The flaw allows a use-after-free on freed memory, potentially causing a crash or information disclosure. Affected versions: PHP 7.2.x below 7.2.33, 7.3.x below 7.3.21, and 7.4.x below 7.4.9. Remediation details present ...
CVE-2020-7064
CVE-2020-7064 is a PHP EXIF parsing vulnerability: when exif_read_data() processes EXIF data, malicious input may cause PHP to read one byte of uninitialized memory, enabling information disclosure or a crash. Affected are PHP 7.2.x below 7.2.9, 7.3.x below 7.3.16, and 7.4.x below 7.4.4. The issu...
CVE-2019-11042
CVE-2019-11042 affects PHP’s EXIF extension when parsing EXIF data (exif_read_data) across PHP 7.1.x < 7.1.31, 7.2.x < 7.2.21, and 7.3.x
CVE-2019-11041
CVE-2019-11041 affects PHP EXIF parsing (exif_read_data) and can read past the allocated buffer, enabling information disclosure or crash. Affected PHP versions are 7.1.x < 7.1.31, 7.2.x < 7.2.21, and 7.3.x
CVE-2020-7066
CVE-2020-7066 (PHP) : get_headers() with a user-supplied URL can truncate at a NULL byte, causing target confusion and possible data leakage to a wrong server. Affected: PHP 7.2.x < 7.2.29, 7.3.x < 7.3.16, 7.4.x
CVE-2020-7059
CVE-2020-7059 concerns PHP’s fgetss() reading data with stripped tags, allowing a read past the allocated buffer in PHP versions affected: 7.2.x < 7.2.27, 7.3.x < 7.3.14, and 7.4.x
CVE-2020-7067
CVE-2020-7067 describes an out-of-bounds read in PHP’s urldecode() when PHP is built with EBCDIC support. Affected versions are PHP 7.2.x < 7.2.30, 7.3.x < 7.3.17, and 7.4.x
CVE-2020-7060
CVE-2020-7060: In PHP mbstring mbfl_filt_conv_big5_wchar, crafted data can read past the allocated buffer, causing information disclosure or crash. Affected: PHP 7.2.x < 7.2.27, 7.3.x < 7.3.14, 7.4.x
CVE-2020-7063
The CVE-2020-7063 issue affects PHP 7.2.x < 7.2.28, 7.3.x < 7.3.15, and 7.4.x
CVE-2021-41183
CVE-2021-41183 concerns jQuery-UI’s Datepicker in the embedded jQuery-UI copy used by OTRS (notably in the 1.12.1 series). The vulnerability arises from accepting values for the various *Text options from untrusted sources, which could allow execution of untrusted code. The issue is fixed in jQue...
CVE-2020-7061
CVE-2020-7061 is a PHP issue: when PHP 7.3.x below 7.3.15 and 7.4.x below 7.4.3 extract PHAR files on Windows using the phar extension, one byte could read past the allocated buffer, potentially enabling information disclosure or a crash. Public documentation consistently ties this to PHAR extrac...
CVE-2020-11655
SQLite through 3.31.1 is vulnerable to denial of service via a malformed window-function query caused by improper AggInfo initialization (CVE-2020-11655). Affected is the sqlite3 library used across distributions and apps; exploitation leads to segmentation faults. Remediation in the connected ad...
CVE-2019-19919
CVE-2019-19919 affects the Node.js Handlebars package prior to 4.3.0. Root cause: a prototype pollution flaw that can alter Object.prototype properties, enabling an attacker to execute arbitrary code via crafted payloads (Remote Code Execution). Affected context includes Handlebars usage in serve...
CVE-2019-19645
CVE-2019-19645 affects SQLite. Vulnerable component: alter.c in SQLite up to version 3.30.1. Description: attackers can trigger infinite recursion through certain self-referential views when used with ALTER TABLE statements. Impact stated as infinite recursion, implying potential crash/denial of ...
CVE-2019-19646
SQLite: CVE-2019-19646 affects SQLite 3.30.1 and earlier; pragma.c mishandles NOT NULL in an integrity_check PRAGMA when used with generated columns. This is a generated-column-related NOT NULL handling issue in the integrity_check PRAGMA, per the description. It is high-severity (per CVSS) and m...
CVE-2022-24828
The CVE-2022-24828 entry concerns Composer’s VcsDriver::getFileContent accepting user-controlled $file or $identifier. The root cause is input that can lead to parameter/command injection when interacting with Mercurial or Git drivers, impacting integrations like Packagist.org where readme conten...
CVE-2021-41116
CVE-2021-41116 affects the PHP package manager Composer . The vulnerability allows command injection on Windows when installing untrusted dependencies; other OSes and WSL are not affected. The issue has been fixed in Composer versions 1.10.23 and 2.1.9 ; there are no workarounds reported. This CV...
CVE-2020-5808
Technical details about CVE-2020-5808 are not publicly provided in the supplied connected documents. Monitor for updates from the listed sources (Red Hat, NVD, NSTG/NESSUS plugin) for concrete affected products, versions, and fixes.