CVSS: 5.8EPSS: %CPEs: 3EXPL: 0CVE-2024-8929 – Leak partial content of the heap through heap buffer over-read in mysqlnd
https://notcve.org/view.php?id=CVE-2024-8929
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server. • https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: %CPEs: 3EXPL: 0CVE-2024-8932 – OOB access in ldap_escape
https://notcve.org/view.php?id=CVE-2024-8932
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. • https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8926 – PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)
https://notcve.org/view.php?id=CVE-2024-8926
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. • https://github.com/advisories/GHSA-vxpp-6299-mxw3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-9026 – PHP-FPM logs from children may be altered
https://notcve.org/view.php?id=CVE-2024-9026
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability. • https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5 • CWE-117: Improper Output Neutralization for Logs CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8925 – Erroneous parsing of multipart form data
https://notcve.org/view.php?id=CVE-2024-8925
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior. • https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32 •