CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2757 – PHP mb_encode_mimeheader runs endlessly for some inputs
https://notcve.org/view.php?id=CVE-2024-2757
In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function. En PHP 8.3.* anterior a 8.3.5, la función mb_encode_mimeheader() se ejecuta sin cesar para algunas entradas que contienen cadenas largas de caracteres que no son espacios seguidos de un espacio. Esto podría provocar un posible ataque DoS si un usuario hostil envía datos a una aplicación que utiliza esta función. • http://www.openwall.com/lists/oss-security/2024/04/12/11 https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq https://security.netapp.com/advisory/ntap-20240510-0011 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-2756 – __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
https://notcve.org/view.php?id=CVE-2024-2756
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. Debido a una solución incompleta de CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p, los atacantes de la red y del mismo sitio pueden establecer una cookie estándar insegura en el navegador de la víctima que se trata como una __Host- o __Secure- cookie por aplicaciones PHP. • http://www.openwall.com/lists/oss-security/2024/04/12/11 https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html https://security.netapp.com/advisory/ntap-20240510-0008 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3096 – PHP function password_verify can erroneously return true when argument contains NUL
https://notcve.org/view.php?id=CVE-2024-3096
In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. En la versión PHP 8.1.* anterior a 8.1.28, 8.2.* anterior a 8.2.18, 8.3.* anterior a 8.3.5, si una contraseña almacenada con contraseña_hash() comienza con un byte nulo (\x00), se prueba una cadena en blanco como la contraseña a través de contraseña_verify() devolverá verdadero incorrectamente. • http://www.openwall.com/lists/oss-security/2024/04/12/11 https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html https://security.netapp.com/advisory/ntap-20240510-0010 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 2CVE-2006-7205
https://notcve.org/view.php?id=CVE-2006-7205
The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value. La función array_fill en ext/standard/array.c de PHP 4.4.2 y 5.1.2 permite a atacantes remotos dependientes de contexto provocar una denegación de servicio (consumo de memoria) mediante una valor num largo. • http://securitytracker.com/id?1015979 http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-04-02 http://www.osvdb.org/24945 •
CVSS: 6.8EPSS: 5%CPEs: 59EXPL: 2CVE-2007-2519 – PHP PEAR 1.5.3 - INSTALL-AS Attribute Arbitrary File Overwrite
https://notcve.org/view.php?id=CVE-2007-2519
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the install element in package.xml 2.0. NOTE: it could be argued that this does not cross privilege boundaries in typical installations, since the code being installed could perform the same actions. Vulnerabilidad de salto de directorio en el instalador en PEAR 1.0 hasat 1.5.3 permite a atacantes remotos con la intervención del usuario sobrescribir archivos de su elección mediante una secuencia .. (punto punto) en (1) el atributo install-as en el elemento fichero (file) en package.xml 1.0 o (2) el atributo as en el elemento instación (install) en package.xml 2.0. • https://www.exploit-db.com/exploits/30074 http://osvdb.org/42108 http://pear.php.net/advisory-20070507.txt http://pear.php.net/news/vulnerability2.php http://secunia.com/advisories/25372 http://www.mandriva.com/security/advisories?name=MDKSA-2007:110 http://www.securityfocus.com/bid/24111 http://www.ubuntu.com/usn/usn-462-1 http://www.vupen.com/english/advisories/2007/1926 https://exchange.xforce.ibmcloud.com/vulnerabilities/34482 •