CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7189
https://notcve.org/view.php?id=CVE-2017-7189
10 Jul 2019 — main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input. El archivo main/streams/xp_socket.c... • https://bugs.php.net/bug.php?id=74192 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-13224 – oniguruma: Use-after-free in onig_new_deluxe() in regext.c
https://notcve.org/view.php?id=CVE-2019-13224
10 Jul 2019 — A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. Un uso de memoria previamente liberada en la función onig_new_deluxe() e... • https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 10%CPEs: 25EXPL: 5CVE-2019-11038 – Uninitialized read in gdImageCreateFromXbm
https://notcve.org/view.php?id=CVE-2019-11038
18 Jun 2019 — When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. Cuando se usa la función gdImageCreateFromXbm () en la Biblioteca de gráficos GD (también conocida como LibGD) 2.... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-457: Use of Uninitialized Variable CWE-908: Use of Uninitialized Resource •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 1CVE-2019-11039 – Out-of-bounds read in iconv.c
https://notcve.org/view.php?id=CVE-2019-11039
05 Jun 2019 — Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash. La función iconv_mime_decode_headers () en las versiones de PHP 7.1.x por debajo de 7.1.30, 7.2.x por debajo de 7.2.19 y 7.3.x por debajo de 7.3.6 puede realizar una lectura fuera del búfer debido al desbordamiento de enteros al analizar los encabezados MIME. Esto p... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 1CVE-2019-11040 – Heap buffer overflow in EXIF extension
https://notcve.org/view.php?id=CVE-2019-11040
05 Jun 2019 — When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. Cuando la extensión PHP EXIF ??está analizando la información EXIF ??de una imagen, por ejemplo. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 1%CPEs: 19EXPL: 0CVE-2019-11036 – Heap over-read in PHP EXIF extension
https://notcve.org/view.php?id=CVE-2019-11036
03 May 2019 — When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. Al procesar ciertos archivos, la extensión PHP EXIF en las versiones 7.1.x anteriores a 7.1.29, 7.2.x anteriores a 7.2.18 y 7.3.x anteriores a 7.3.5, puede hacer que se lea el búfer asignado en la función exif_process_IFD_TAG. Esto puede conducir a la revelació... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 9.1EPSS: 4%CPEs: 16EXPL: 1CVE-2019-11035 – Heap over-read in PHP EXIF extension
https://notcve.org/view.php?id=CVE-2019-11035
18 Apr 2019 — When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash. Al procesar ciertos archivos, la extensión PHP EXIF en las versiones 7.1.x anteriores a la 7.1.28, 7.2.x anteriores a la 7.2.17 y 7.3.x anteriores a la 7.3.4 puede hacer que se lea el búfer asignado en la función exif_iif_add_value. Esto puede conducir a la revel... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 4%CPEs: 16EXPL: 0CVE-2019-11034 – Heap over-read in PHP EXIF extension
https://notcve.org/view.php?id=CVE-2019-11034
18 Apr 2019 — When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. Al procesar ciertos archivos, la extensión PHP EXIF en las versiones 7.1.x anteriores a la 7.1.28, 7.2.x anteriores a la 7.2.17 y 7.3.x anteriores a la 7.3.4 puede hacer que se lea el buffer asignado en la función exif_process_IFD_TAG. Esto puede conducir a la ... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2019-9675 – Ubuntu Security Notice USN-3922-3
https://notcve.org/view.php?id=CVE-2019-9675
11 Mar 2019 — An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot happen: "This issue allows theoretical compromise of security, but a practical attack is usually impossible. ** EN DISPUTA ** Se ha detectado un fallo en PHP, en las versiones 7.x anteriores a la 7.1.27 y en las 7.3.x anteriores a ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 11%CPEs: 12EXPL: 0CVE-2019-9637 – php: File rename across filesystems may allow unwanted access during processing
https://notcve.org/view.php?id=CVE-2019-9637
08 Mar 2019 — An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. Se ha detectado un fallo en PHP en versiones anteriores a la 7.1.27, en las 7.2.x anteriores a la 7.2.16 y en las 7.3.x anteriores a la 7.3.3. Debido a la manera en la que "rename()" se implementa ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html • CWE-264: Permissions, Privileges, and Access Controls CWE-266: Incorrect Privilege Assignment •