CVSS: 10.0EPSS: 1%CPEs: 15EXPL: 1CVE-2022-37454 – XKCP: buffer overflow in the SHA-3 reference implementation
https://notcve.org/view.php?id=CVE-2022-37454
21 Oct 2022 — The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. La implementación de referencia de Keccak XKCP SHA-3 versiones anteriores a fdc6fef, presenta un desbordamiento de enteros y un desbordamiento de búfer resultante que permite a atacantes ejecutar código arbitrario o eliminar las propiedades criptográfica... • https://csrc.nist.gov/projects/hash-functions/sha-3-project • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.8EPSS: 32%CPEs: 8EXPL: 2CVE-2022-31629 – $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities
https://notcve.org/view.php?id=CVE-2022-31629
28 Sep 2022 — In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. En PHP versiones anteriores a 7.4.31, 8.0.24 y 8.1.11, la vulnerabilidad permite a atacantes de la red y del mismo sitio establecer una cookie no segura estándar en el navegador de la víctima que es tratada como una cookie "__Host-" o "__Secure-" por las aplicaciones PHP... • https://github.com/silnex/CVE-2022-31629-poc • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-31628 – phar wrapper can occur dos when using quine gzip file
https://notcve.org/view.php?id=CVE-2022-31628
28 Sep 2022 — In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. En PHP versiones anteriores a 7.4.31, 8.0.24 y 8.1.11, el código del descompresor phar descomprimía recursivamente archivos gzip "quines", resultando en un bucle infinito A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a s... • https://bugs.php.net/bug.php?id=81726 • CWE-674: Uncontrolled Recursion CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31627 – Heap buffer overflow in finfo_buffer
https://notcve.org/view.php?id=CVE-2022-31627
25 Jul 2022 — In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption. En PHP versiones 8.1.x anteriores a 8.1.8, cuando las funciones fileinfo, como finfo_buffer, debido a un parche incorrecto aplicado al código de terceros de libmagic, puede usarse una función incorrecta para liberar la memoria asignada, lo que puede conllevar a una co... • https://bugs.php.net/bug.php?id=81723 • CWE-590: Free of Memory not on the Heap CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 14%CPEs: 5EXPL: 2CVE-2022-31626 – mysqlnd/pdo password buffer overflow
https://notcve.org/view.php?id=CVE-2022-31626
16 Jun 2022 — In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. En PHP versiones 7.4.x anteriores a 7.4.30, 8.0.x anteriores a 8.0.20 y 8.1.x anteriores a 8.1.7, cuando la extensión pdo_mysql con el controlador mysqlnd, si es permi... • https://github.com/amitlttwo/CVE-2022-31626 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 1CVE-2022-31625 – Freeing unallocated memory in php_pgsql_free_params()
https://notcve.org/view.php?id=CVE-2022-31625
16 Jun 2022 — In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. En PHP versiones 7.4.x anteriores a 7.4.30, 8.0.x anteriores a 8.0.20 y 8.1.x anteriores a 8.1.7, cuando es usada la extensión de la base de datos Postgres, el suministro de parámetros no válidos a l... • https://bugs.php.net/bug.php?id=81720 • CWE-590: Free of Memory not on the Heap CWE-763: Release of Invalid Pointer or Reference CWE-824: Access of Uninitialized Pointer •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-21708 – UAF due to php_filter_float() failing
https://notcve.org/view.php?id=CVE-2021-21708
27 Feb 2022 — In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits. En PHP versiones 7.4.x anteriores a 7.4.28, versiones 8.0.x anteriores a 8.0.16 y versiones ... • https://bugs.php.net/bug.php?id=81708 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2017-9118 – php: Out of bounds access in php_pcre.c:php_pcre_replace_impl()
https://notcve.org/view.php?id=CVE-2017-9118
02 Aug 2018 — PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call. PHP 7.1.5 tiene un acceso fuera de límites en php_pcre_replace_impl mediante una llamada preg_replace. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow, bypass, cross site scripting, denial of service, information leakage, and null pointer vulnerabilities. • https://access.redhat.com/errata/RHSA-2019:2519 • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.3EPSS: 4%CPEs: 85EXPL: 0CVE-2006-3017
https://notcve.org/view.php?id=CVE-2006-3017
14 Jun 2006 — zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U •