Page 2 of 224 results (0.013 seconds)

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1

Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value. Una vulnerabilidad de uso de la memoria previamente liberada en la función add_post_var en el componente Posthandler en PHP versiones 5.6.x anteriores a 5.6.1, podría permitir a atacantes remotos ejecutar código arbitrario al aprovechar una extensión del filtro de terceros que accede a un determinado valor de ksep. • http://php.net/ChangeLog-5.php https://bugs.php.net/bug.php?id=68088 https://bugzilla.redhat.com/show_bug.cgi?id=1151423 • CWE-416: Use After Free •

CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. Se ha detectado un fallo en el componente EXIF en PHP, en versiones anteriores a la 7.1.27, en las 7.2.x anteriores a la 7.2.16 y en las 7.3.x anteriores a la 7.3.3. Hay una lectura no inicializada en exif_process_IFD_in_MAKERNOTE debido a la mala gestión de maker_note->offset relationship en value_len. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php.net/bug.php?id=77563 https://lists.debian.org/debian-lts-announce/2019/03/msg0 • CWE-125: Out-of-bounds Read CWE-665: Improper Initialization •

CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. Se ha detectado un fallo en el componente EXIF en PHP, en versiones anteriores a la 7.1.27, en las 7.2.x anteriores a la 7.2.16 y en las 7.3.x anteriores a la 7.3.3. Hay una lectura no inicializada en exif_process_IFD_in_MAKERNOTE debido a la mala gestión de la variable data_len. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php.net/bug.php?id=77659 https://lists.debian.org/debian-lts-announce/2019/03/msg0 • CWE-665: Improper Initialization CWE-908: Use of Uninitialized Resource CWE-909: Missing Initialization of Resource •

CVSS: 9.8EPSS: 3%CPEs: 14EXPL: 2

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. Se ha detectado un fallo en el componente EXIF en PHP, en versiones anteriores a la 7.1.27, en las 7.2.x anteriores a la 7.2.16 y en las 7.3.x anteriores a la 7.3.3. Hay una lectura no inicializada en exif_process_IFD_in_TIFF. • https://github.com/Schnaidr/CVE-2019-9641-php-RCE http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://bugs.php.net/bug.php?id=77509 https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html https://security.netapp.com/advisory/ • CWE-908: Use of Uninitialized Resource •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data. Se ha detectado un fallo en PHP en versiones anteriores a la 7.1.27, en las 7.2.x anteriores a la 7.2.16 y en las 7.3.x anteriores a la 7.3.3. Debido a la manera en la que "rename()" se implementa en los sistemas de archivos es posible que el archivo que se está renombrado esté brevemente disponible con los permisos incorrectos mientras que dicho proceso siga en curso, habilitando el acceso a los datos a usuarios no autenticados. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php.net/bug.php?id=77630 https://lists.debian.org/debian-lts-announce/2019/03/msg0 • CWE-264: Permissions, Privileges, and Access Controls CWE-266: Incorrect Privilege Assignment •