Page 3 of 15 results (0.019 seconds)

CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 1

CVE-2024-1874 – Command injection via array-ish $command parameter of proc_open()

https://notcve.org/view.php?id=CVE-2024-1874

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell. En las versiones de PHP 8.1.* anteriores a 8.1.28, 8.2.* anteriores a 8.2.18, 8.3.* anteriores a 8.3.5, cuando se utiliza el comando proc_open() con sintaxis de matriz, debido a un escape insuficiente, si los argumentos del comando ejecutado son controlado por un usuario malintencionado, el usuario puede proporcionar argumentos que ejecutarían comandos arbitrarios en el shell de Windows. • https://github.com/Tgcohce/CVE-2024-1874 http://www.openwall.com/lists/oss-security/2024/04/12/11 http://www.openwall.com/lists/oss-security/2024/06/07/1 https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK https://security.netapp.com/advisor • CWE-116: Improper Encoding or Escaping of Output •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-2757 – PHP mb_encode_mimeheader runs endlessly for some inputs

https://notcve.org/view.php?id=CVE-2024-2757

In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function. En PHP 8.3.* anterior a 8.3.5, la función mb_encode_mimeheader() se ejecuta sin cesar para algunas entradas que contienen cadenas largas de caracteres que no son espacios seguidos de un espacio. Esto podría provocar un posible ataque DoS si un usuario hostil envía datos a una aplicación que utiliza esta función. • http://www.openwall.com/lists/oss-security/2024/04/12/11 https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq https://security.netapp.com/advisory/ntap-20240510-0011 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2024-2756 – __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix

https://notcve.org/view.php?id=CVE-2024-2756

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. Debido a una solución incompleta de CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p, los atacantes de la red y del mismo sitio pueden establecer una cookie estándar insegura en el navegador de la víctima que se trata como una __Host- o __Secure- cookie por aplicaciones PHP. • http://www.openwall.com/lists/oss-security/2024/04/12/11 https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html https://security.netapp.com/advisory/ntap-20240510-0008 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2024-3096 – PHP function password_verify can erroneously return true when argument contains NUL

https://notcve.org/view.php?id=CVE-2024-3096

In PHP  version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. En la versión PHP 8.1.* anterior a 8.1.28, 8.2.* anterior a 8.2.18, 8.3.* anterior a 8.3.5, si una contraseña almacenada con contraseña_hash() comienza con un byte nulo (\x00), se prueba una cadena en blanco como la contraseña a través de contraseña_verify() devolverá verdadero incorrectamente. • http://www.openwall.com/lists/oss-security/2024/04/12/11 https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html https://security.netapp.com/advisory/ntap-20240510-0010 • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 5%CPEs: 85EXPL: 0

CVE-2006-3017

https://notcve.org/view.php?id=CVE-2006-3017

zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2 http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/19927 http://secunia.com/advisories/21031 http://secunia.com/advisories/21050 •