CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-21702 – Null Dereference in SoapClient
https://notcve.org/view.php?id=CVE-2021-21702
15 Feb 2021 — In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash. En PHP versiones 7.3.x por debajo de 7.3.27, 7.4.x por debajo de 7.4.15 y 8.0.x por debajo de 8.0.2, cuando se usa la extensión SOAP para conectarse a un servidor SOAP, un servidor SOAP malicioso podría devolver datos XML malformados como ... • https://bugs.php.net/bug.php?id=80672 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 1CVE-2020-7071 – FILTER_VALIDATE_URL accepts URLs with invalid userinfo
https://notcve.org/view.php?id=CVE-2020-7071
15 Feb 2021 — In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL. En PHP versiones 7.3.x por debajo de 7.3.26, 7.4.x por debajo de 7.4.14 y 8.0.0, cuando se comprueba una URL con funciones como filter_var ($url, FILTER_VALIDATE_URL), PHP aceptará u... • https://bugs.php.net/bug.php?id=77423 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 1CVE-2020-7070 – PHP parses encoded cookie names so malicious `__Host-` cookies can be sent
https://notcve.org/view.php?id=CVE-2020-7070
02 Oct 2020 — In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. En PHP versiones 7.2.x por debajo de 7.2.34, versiones 7.3.x por debajo de 7.3.23 y versiones 7.4.x por debajo de ... • http://cve.circl.lu/cve/CVE-2020-8184 • CWE-20: Improper Input Validation CWE-565: Reliance on Cookies without Validation and Integrity Checking •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2020-7069 – Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV
https://notcve.org/view.php?id=CVE-2020-7069
02 Oct 2020 — In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. En PHP versiones 7.2.x por debajo de 7.2.34, versiones 7.3.x por debajo de 7.3.23 y versiones 7.4.x por debajo de 7.4.11, cuando el modo AES-CCM es usado con la función openssl_encrypt() con 12 bytes IV, solo los primeros 7 bytes del IV e... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html • CWE-20: Improper Input Validation CWE-326: Inadequate Encryption Strength •
CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 1CVE-2020-7068 – Use of freed hash key in the phar_parse_zipfile function
https://notcve.org/view.php?id=CVE-2020-7068
09 Sep 2020 — In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure. En PHP versiones 7.2.x por debajo de 7.2.33, 7.3.x por debajo de 7.3.21 y 7.4.x por debajo de 7.4.9, mientras se procesan archivos PHAR con la extensión phar, la función phar_parse_zipfile podría ser engañada para que acceda a la memoria liberada, lo que podría co... • https://bugs.php.net/bug.php?id=79797 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2019-11048 – Temporary files are not cleaned after OOM when parsing HTTP request data
https://notcve.org/view.php?id=CVE-2019-11048
20 May 2020 — In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server. En PHP versiones 7.2.x por debajo de 7.2.31, v... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00045.html • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2020-7067 – OOB Read in urldecode()
https://notcve.org/view.php?id=CVE-2020-7067
27 Apr 2020 — In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes. En PHP versiones 7.2.x por debajo de 7.2.30, versiones 7.3.x debajo de 7.3.17 y versiones 7.4.x por debajo de 7.4.5, si PHP es compilado con soporte EBCDIC (poco común), la función urldecode() puede ser hecha para acceder a ubicaciones más allá ... • https://bugs.php.net/bug.php?id=79465 • CWE-125: Out-of-bounds Read CWE-196: Unsigned to Signed Conversion Error •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2020-7065 – mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full
https://notcve.org/view.php?id=CVE-2020-7065
27 Mar 2020 — In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution. En PHP versiones 7.3.x por debajo de 7.3.16 y versiones 7.4.x por debajo de 7.4.4, mientras se usa la función mb_strtolower() con codificación UTF-32LE, determinadas cadenas no comprobadas pueden causar que PHP sobrescriba el búfer asigna... • https://bugs.php.net/bug.php?id=79371 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 1CVE-2020-7066 – get_headers() silently truncates after a null byte
https://notcve.org/view.php?id=CVE-2020-7066
27 Mar 2020 — In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server. En las versiones de PHP 7.2.x anterior a la versión 7.2.29, 7.3.x anterior a 7.3.16 y 7.4.x anterior a 7.4.4, mientras usa get_headers () con la URL s... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html • CWE-170: Improper Null Termination CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 1CVE-2020-7064 – Use-of-uninitialized-value in exif
https://notcve.org/view.php?id=CVE-2020-7064
27 Mar 2020 — In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash. En PHP versiones 7.2.x por debajo de 7.2.9, versiones 7.3.x por debajo de 7.3.16 y versiones 7.4.x por debajo de 7.4.4, al analizar datos EXIF ??con la función exif_read_data(), es posible que unos datos maliciosos causen que ... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •