Page 2 of 428 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. PHP5 versiones anteriores a la versión 5.4.4, permite pasar cadenas utf-8 no válidas por medio de la función xmlTextWriterWriteAttribute, que libxml2 analiza incorrectamente. Esto resulta en una pérdida de memoria en la salida resultante. • https://access.redhat.com/security/cve/cve-2010-4657 https://bugs.launchpad.net/php/%2Bbug/655442 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4657 https://security-tracker.debian.org/tracker/CVE-2010-4657 • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. La fórmula de forma plural en la familia de llamadas ngettext en php-gettext versiones anteriores a la versión 1.0.12, permite a atacantes remotos ejecutar código arbitrario. • http://lists.opensuse.org/opensuse-updates/2017-02/msg00015.html http://seclists.org/fulldisclosure/2016/Aug/76 http://www.openwall.com/lists/oss-security/2017/01/18/4 http://www.securityfocus.com/bid/95754 https://bugzilla.redhat.com/show_bug.cgi?id=1367462 https://launchpad.net/php-gettext/trunk/1.0.12 https://lwn.net/Alerts/708838 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. Se ha detectado un fallo en el componente EXIF en PHP, en versiones anteriores a la 7.1.27, en las 7.2.x anteriores a la 7.2.16 y en las 7.3.x anteriores a la 7.3.3. Hay una lectura no inicializada en exif_process_IFD_in_MAKERNOTE debido a la mala gestión de maker_note->offset relationship en value_len. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php.net/bug.php?id=77563 https://lists.debian.org/debian-lts-announce/2019/03/msg0 • CWE-125: Out-of-bounds Read CWE-665: Improper Initialization •

CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. Se ha detectado un fallo en el componente EXIF en PHP, en versiones anteriores a la 7.1.27, en las 7.2.x anteriores a la 7.2.16 y en las 7.3.x anteriores a la 7.3.3. Hay una lectura no inicializada en exif_process_IFD_in_MAKERNOTE debido a la mala gestión de la variable data_len. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php.net/bug.php?id=77659 https://lists.debian.org/debian-lts-announce/2019/03/msg0 • CWE-665: Improper Initialization CWE-908: Use of Uninitialized Resource CWE-909: Missing Initialization of Resource •

CVSS: 9.8EPSS: 3%CPEs: 14EXPL: 2

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. Se ha detectado un fallo en el componente EXIF en PHP, en versiones anteriores a la 7.1.27, en las 7.2.x anteriores a la 7.2.16 y en las 7.3.x anteriores a la 7.3.3. Hay una lectura no inicializada en exif_process_IFD_in_TIFF. • https://github.com/Schnaidr/CVE-2019-9641-php-RCE http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html https://bugs.php.net/bug.php?id=77509 https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html https://security.netapp.com/advisory/ • CWE-908: Use of Uninitialized Resource •