CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-11234 – Configuring a proxy in a stream context might allow for CRLF injection in URIs
https://notcve.org/view.php?id=CVE-2024-11234
24 Nov 2024 — In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user. A flaw was found in PHP. In affected versions of PHP, when using streams with configured prox... • https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-11236 – Integer overflow in the firebird and dblib quoters causing OOB writes
https://notcve.org/view.php?id=CVE-2024-11236
24 Nov 2024 — In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. This update for php8 fixes the following issues. Single byte overr... • https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv • CWE-787: Out-of-bounds Write •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8929 – Leak partial content of the heap through heap buffer over-read in mysqlnd
https://notcve.org/view.php?id=CVE-2024-8929
22 Nov 2024 — In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server. A flaw was found in the PHP MySQL client library. This vulnerability allows a hostile MySQL server to disclose the content of the client's heap, potentially exposing data from other SQL requests and other users of the same server via malici... • https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8932 – OOB access in ldap_escape
https://notcve.org/view.php?id=CVE-2024-8932
22 Nov 2024 — In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components (OpenSSL, PHP) were found to contain vulnerabilities, and updated versions have been made available by the providers.Out of caution and in line with best practice... • https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 4%CPEs: 3EXPL: 0CVE-2024-8926 – PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)
https://notcve.org/view.php?id=CVE-2024-8926
03 Oct 2024 — In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. In PHP... • https://github.com/advisories/GHSA-vxpp-6299-mxw3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8925 – Erroneous parsing of multipart form data
https://notcve.org/view.php?id=CVE-2024-8925
30 Sep 2024 — In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior. A flaw was found in PHP's parsing of multipart form data contents, which affects both file and input form data. This may lead ... • https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8927 – cgi.force_redirect configuration is bypassable due to the environment variable collision
https://notcve.org/view.php?id=CVE-2024-8927
30 Sep 2024 — In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. A flaw was found in PHP. The configuration directive `cgi... • https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-9026 – PHP-FPM logs from children may be altered
https://notcve.org/view.php?id=CVE-2024-9026
30 Sep 2024 — In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability. A flaw was found in PHP-FPM, the FastCGI Process Manager. T... • https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5 • CWE-117: Improper Output Neutralization for Logs CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 9.7EPSS: 54%CPEs: 3EXPL: 1CVE-2024-1874 – Command injection via array-ish $command parameter of proc_open()
https://notcve.org/view.php?id=CVE-2024-1874
29 Apr 2024 — In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell. En las versiones de PHP 8.1.* anteriores a 8.1.28, 8.2.* anteriores a 8.2.18, 8.3.* anteriores a 8.3.5, cuando se utiliza el comando proc_open() con sintaxis de matriz, debido a un escape ins... • https://github.com/Tgcohce/CVE-2024-1874 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2757 – PHP mb_encode_mimeheader runs endlessly for some inputs
https://notcve.org/view.php?id=CVE-2024-2757
29 Apr 2024 — In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function. En PHP 8.3.* anterior a 8.3.5, la función mb_encode_mimeheader() se ejecuta sin cesar para algunas entradas que contienen cadenas largas de caracteres que no son espacios seguidos de un espacio. Esto podría provocar un posible ataque DoS... • http://www.openwall.com/lists/oss-security/2024/04/12/11 • CWE-400: Uncontrolled Resource Consumption •