Lucene search
K

27 matches found

CVE
CVE
added 2019/10/28 2:19 p.m.4738 views

CVE-2019-11043

CVE-2019-11043 affects PHP in FPM configurations where known underflow in env_path_info in fpm_main.c allows writing past buffers, enabling remote code execution. Affected versions are PHP 7.1.x < 7.1.33, 7.2.x < 7.2.24, and 7.3.x

9.8CVSS9.6AI score0.9947EPSS
In wildWeb
CVE
CVE
added 2022/04/04 12:0 a.m.1813 views

CVE-2022-24785

CVE-2022-24785 concerns Moment.js where a path traversal vulnerability could be triggered in npm/server contexts when a user-supplied locale string is directly used to switch locales. Affected versions are Moment.js up to 2.29.1 (inclusive); the issue is patched in 2.29.2. The fixed version shoul...

7.5CVSS8AI score0.05664EPSS
In wild
CVE
CVE
added 2020/10/02 2:14 p.m.1685 views

CVE-2020-7069

CVE-2020-7069 affects PHP AES-CCM encryption: when using openssl_encrypt() with a 12-byte IV, only the first 7 bytes are used in versions 7.2.x < 7.2.34, 7.3.x < 7.3.23, and 7.4.x

6.5CVSS6.2AI score0.02055EPSS
CVE
CVE
added 2019/02/20 4:0 p.m.1556 views

CVE-2019-8331

CVE-2019-8331 affects Bootstrap: XSS in tooltip/popover data-template attribute observed in Bootstrap 3.4.1 and 4.3.x before 4.3.1. The underlying issue is an input that can inject script into a client browser when the vulnerable template is rendered. Affected versions include Bootstrap 3.x prior...

6.1CVSS5.8AI score0.1686EPSS
CVE
CVE
added 2021/11/29 6:25 a.m.1461 views

CVE-2021-21707

CVE-2021-21707 affects PHP 7.3.x < 7.3.33, 7.4.x < 7.4.26, and 8.0.x

5.3CVSS6.9AI score0.25951EPSS
CVE
CVE
added 2020/10/02 2:14 p.m.1283 views

CVE-2020-7070

CVE-2020-7070 affects PHP 7.2.x < 7.2.34, 7.3.x < 7.3.23 and 7.4.x

5.3CVSS6.5AI score0.05029EPSS
CVE
CVE
added 2021/10/26 12:0 a.m.1090 views

CVE-2021-41182

CVE-2021-41182 is an XSS in the jQuery-UI Datepicker altField path (embedded in some OTRS deployments). Affected version observed as 1.12.1 copy; the issue is fixed in jQuery UI 1.13.0 by treating any altField value as a CSS selector. Debris from related CVEs (41183/41184) describe similar issues...

6.5CVSS6.4AI score0.42229EPSS
CVE
CVE
added 2020/04/01 3:35 a.m.1029 views

CVE-2020-7065

CVE-2020-7065 concerns PHP mb_strtolower() with UTF-32LE encoding. Affects PHP 7.3.x below 7.3.16 and 7.4.x below 7.4.4; invalid strings can cause a stack-allocated buffer overrun, leading to memory corruption, crashes, and potential code execution. Publicly documented fixes appear in PHP 7.3.16+...

8.8CVSS8.2AI score0.04764EPSS
In wild
CVE
CVE
added 2021/10/26 12:0 a.m.913 views

CVE-2021-41184

CVE-2021-41184 describes an XSS in jQuery-UI before 1.13.0 where untrusted input passed to the of option of the .position() utility could lead to code execution. The connected documents confirm the issue affects jQuery-UI embedded in other software (e.g., OTRS/IU contexts) and state the fix is to...

6.5CVSS6.5AI score0.44515EPSS
Web
CVE
CVE
added 2020/09/09 5:58 p.m.910 views

CVE-2020-7068

CVE-2020-7068 affects PHP’s phar_parse_zipfile when processing PHAR archives. The flaw allows a use-after-free on freed memory, potentially causing a crash or information disclosure. Affected versions: PHP 7.2.x below 7.2.33, 7.3.x below 7.3.21, and 7.4.x below 7.4.9. Remediation details present ...

4.8CVSS4.9AI score0.01661EPSS
CVE
CVE
added 2020/04/01 3:35 a.m.891 views

CVE-2020-7064

CVE-2020-7064 is a PHP EXIF parsing vulnerability: when exif_read_data() processes EXIF data, malicious input may cause PHP to read one byte of uninitialized memory, enabling information disclosure or a crash. Affected are PHP 7.2.x below 7.2.9, 7.3.x below 7.3.16, and 7.4.x below 7.4.4. The issu...

6.5CVSS6.8AI score0.04295EPSS
In wild
CVE
CVE
added 2019/08/09 7:26 p.m.768 views

CVE-2019-11042

CVE-2019-11042 affects PHP’s EXIF extension when parsing EXIF data (exif_read_data) across PHP 7.1.x < 7.1.31, 7.2.x < 7.2.21, and 7.3.x

7.1CVSS7.2AI score0.0442EPSS
CVE
CVE
added 2019/08/09 7:26 p.m.754 views

CVE-2019-11041

CVE-2019-11041 affects PHP EXIF parsing (exif_read_data) and can read past the allocated buffer, enabling information disclosure or crash. Affected PHP versions are 7.1.x < 7.1.31, 7.2.x < 7.2.21, and 7.3.x

7.1CVSS7.2AI score0.0442EPSS
CVE
CVE
added 2020/04/01 3:35 a.m.748 views

CVE-2020-7066

CVE-2020-7066 (PHP) : get_headers() with a user-supplied URL can truncate at a NULL byte, causing target confusion and possible data leakage to a wrong server. Affected: PHP 7.2.x < 7.2.29, 7.3.x < 7.3.16, 7.4.x

5.3CVSS6.5AI score0.02767EPSS
CVE
CVE
added 2020/02/10 7:45 a.m.713 views

CVE-2020-7059

CVE-2020-7059 concerns PHP’s fgetss() reading data with stripped tags, allowing a read past the allocated buffer in PHP versions affected: 7.2.x < 7.2.27, 7.3.x < 7.3.14, and 7.4.x

9.1CVSS7.6AI score0.07116EPSS
CVE
CVE
added 2020/04/27 8:38 p.m.683 views

CVE-2020-7067

CVE-2020-7067 describes an out-of-bounds read in PHP’s urldecode() when PHP is built with EBCDIC support. Affected versions are PHP 7.2.x < 7.2.30, 7.3.x < 7.3.17, and 7.4.x

7.5CVSS7.5AI score0.04311EPSS
In wild
CVE
CVE
added 2020/02/10 7:45 a.m.677 views

CVE-2020-7060

CVE-2020-7060: In PHP mbstring mbfl_filt_conv_big5_wchar, crafted data can read past the allocated buffer, causing information disclosure or crash. Affected: PHP 7.2.x < 7.2.27, 7.3.x < 7.3.14, 7.4.x

9.1CVSS7.6AI score0.08888EPSS
CVE
CVE
added 2020/02/27 8:25 p.m.647 views

CVE-2020-7063

The CVE-2020-7063 issue affects PHP 7.2.x < 7.2.28, 7.3.x < 7.3.15, and 7.4.x

5.5CVSS7.3AI score0.01599EPSS
CVE
CVE
added 2021/10/26 12:0 a.m.609 views

CVE-2021-41183

CVE-2021-41183 concerns jQuery-UI’s Datepicker in the embedded jQuery-UI copy used by OTRS (notably in the 1.12.1 series). The vulnerability arises from accepting values for the various *Text options from untrusted sources, which could allow execution of untrusted code. The issue is fixed in jQue...

6.5CVSS6.5AI score0.07948EPSS
CVE
CVE
added 2020/02/27 8:25 p.m.531 views

CVE-2020-7061

CVE-2020-7061 is a PHP issue: when PHP 7.3.x below 7.3.15 and 7.4.x below 7.4.3 extract PHAR files on Windows using the phar extension, one byte could read past the allocated buffer, potentially enabling information disclosure or a crash. Public documentation consistently ties this to PHAR extrac...

9.1CVSS7.4AI score0.03976EPSS
CVE
CVE
added 2020/04/09 2:49 a.m.510 views

CVE-2020-11655

SQLite through 3.31.1 is vulnerable to denial of service via a malformed window-function query caused by improper AggInfo initialization (CVE-2020-11655). Affected is the sqlite3 library used across distributions and apps; exploitation leads to segmentation faults. Remediation in the connected ad...

7.5CVSS7.9AI score0.04223EPSS
CVE
CVE
added 2019/12/20 10:50 p.m.347 views

CVE-2019-19919

CVE-2019-19919 affects the Node.js Handlebars package prior to 4.3.0. Root cause: a prototype pollution flaw that can alter Object.prototype properties, enabling an attacker to execute arbitrary code via crafted payloads (Remote Code Execution). Affected context includes Handlebars usage in serve...

9.8CVSS9.6AI score0.07066EPSS
CVE
CVE
added 2019/12/09 3:15 p.m.222 views

CVE-2019-19645

CVE-2019-19645 affects SQLite. Vulnerable component: alter.c in SQLite up to version 3.30.1. Description: attackers can trigger infinite recursion through certain self-referential views when used with ALTER TABLE statements. Impact stated as infinite recursion, implying potential crash/denial of ...

5.5CVSS7AI score0.00566EPSS
CVE
CVE
added 2019/12/09 6:36 p.m.219 views

CVE-2019-19646

SQLite: CVE-2019-19646 affects SQLite 3.30.1 and earlier; pragma.c mishandles NOT NULL in an integrity_check PRAGMA when used with generated columns. This is a generated-column-related NOT NULL handling issue in the integrity_check PRAGMA, per the description. It is high-severity (per CVSS) and m...

9.8CVSS9.3AI score0.05231EPSS
CVE
CVE
added 2022/04/13 9:0 p.m.179 views

CVE-2022-24828

The CVE-2022-24828 entry concerns Composer’s VcsDriver::getFileContent accepting user-controlled $file or $identifier. The root cause is input that can lead to parameter/command injection when interacting with Mercurial or Git drivers, impacting integrations like Packagist.org where readme conten...

8.8CVSS8.7AI score0.01857EPSS
CVE
CVE
added 2021/10/05 5:40 p.m.137 views

CVE-2021-41116

CVE-2021-41116 affects the PHP package manager Composer . The vulnerability allows command injection on Windows when installing untrusted dependencies; other OSes and WSL are not affected. The issue has been fixed in Composer versions 1.10.23 and 2.1.9 ; there are no workarounds reported. This CV...

9.8CVSS9.2AI score0.02904EPSS
CVE
CVE
added 2020/12/21 5:45 p.m.64 views

CVE-2020-5808

Technical details about CVE-2020-5808 are not publicly provided in the supplied connected documents. Monitor for updates from the listed sources (Red Hat, NVD, NSTG/NESSUS plugin) for concrete affected products, versions, and fixes.

7.5CVSS7.4AI score0.01098EPSS