CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 2CVE-2019-9020 – php: Invalid memory access in function xmlrpc_decode()
https://notcve.org/view.php?id=CVE-2019-9020
22 Feb 2019 — An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.40, versiones 7.x anteriores a la 7.1.26, versiones 7.2.x anteriores a la 7.2.14 y versiones 7.3.x anteriores a la 7.3.1. Las ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 1CVE-2019-9021 – php: Heap-based buffer over-read in PHAR reading functions
https://notcve.org/view.php?id=CVE-2019-9021
22 Feb 2019 — An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.40, versiones 7.x ante... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 7CVE-2019-9023 – php: Heap-based buffer over-read in mbstring regular expression functions
https://notcve.org/view.php?id=CVE-2019-9023
22 Feb 2019 — An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains inval... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-20783 – php: Buffer over-read in PHAR reading functions
https://notcve.org/view.php?id=CVE-2018-20783
21 Feb 2019 — In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c. En PHP, en versiones anteriores a la 5.6.39, en las versiones 7.x anteriores a la 7.1.25 y en las 7.2.x anteriores a la 7.2.13, una sobrelectura de búfer en las funciones de lectura PHAR podría permitir ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 58%CPEs: 12EXPL: 3CVE-2019-6977 – PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write
https://notcve.org/view.php?id=CVE-2019-6977
27 Jan 2019 — gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. gdImageColorMatch in gd_color_match.c en la versión 2.2.5 de GD Graphics Library (también conocido como LibGD), tal y como se utiliza en la función imagecolormat... • https://packetstorm.news/files/id/152459 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 7%CPEs: 6EXPL: 0CVE-2018-19935 – Debian Security Advisory 4353-1
https://notcve.org/view.php?id=CVE-2018-19935
07 Dec 2018 — ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function. ext/imap/php_imap.c en PHP 5.x y 7.x anteriores a la 7.3.0 permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado de la aplicación) mediante una cadena vacía en el argumento del mensaje en la función imap_mail. Multiple secu... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-19520
https://notcve.org/view.php?id=CVE-2018-19520
25 Nov 2018 — An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management. Se ha descubierto un problema en la versión 1.6 de SDCMS con PHP 5.x. app/admin/controller/themecontroller.php utiliza una función check_bad para intentar bloquear determinadas funciones PHP,... • https://blog.whiterabbitxyj.com/cve/SDCMS_1.6_code_execution.doc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 93%CPEs: 10EXPL: 8CVE-2018-19518 – PHP imap_open - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-19518
25 Nov 2018 — University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics.... • https://www.exploit-db.com/exploits/45914 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19395
https://notcve.org/view.php?id=CVE-2018-19395
20 Nov 2018 — ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell"). ext/standard/var.c en PHP 5.x hasta la versión 7.1.24 en Windows permite que los atacantes provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado de la aplicación)... • http://www.securityfocus.com/bid/105989 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19396
https://notcve.org/view.php?id=CVE-2018-19396
20 Nov 2018 — ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class. ext/standard/var_unserializer.c en PHP 5.x hasta la versión 7.1.24 permite que los atacantes provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante una llamada unserialize para las clases com, dotnet o variant. • http://www.securityfocus.com/bid/105989 • CWE-502: Deserialization of Untrusted Data •