CVSS: 8.8EPSS: 89%CPEs: 12EXPL: 3CVE-2019-6977 – PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write
https://notcve.org/view.php?id=CVE-2019-6977
27 Jan 2019 — gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data. gdImageColorMatch in gd_color_match.c en la versión 2.2.5 de GD Graphics Library (también conocido como LibGD), tal y como se utiliza en la función imagecolormat... • https://packetstorm.news/files/id/152459 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 15%CPEs: 6EXPL: 0CVE-2018-19935 – Debian Security Advisory 4353-1
https://notcve.org/view.php?id=CVE-2018-19935
07 Dec 2018 — ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function. ext/imap/php_imap.c en PHP 5.x y 7.x anteriores a la 7.3.0 permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado de la aplicación) mediante una cadena vacía en el argumento del mensaje en la función imap_mail. Multiple secu... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 2CVE-2018-19520
https://notcve.org/view.php?id=CVE-2018-19520
25 Nov 2018 — An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management. Se ha descubierto un problema en la versión 1.6 de SDCMS con PHP 5.x. app/admin/controller/themecontroller.php utiliza una función check_bad para intentar bloquear determinadas funciones PHP,... • https://blog.whiterabbitxyj.com/cve/SDCMS_1.6_code_execution.doc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 94%CPEs: 10EXPL: 8CVE-2018-19518 – PHP imap_open - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-19518
25 Nov 2018 — University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics.... • https://www.exploit-db.com/exploits/45914 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2018-19395
https://notcve.org/view.php?id=CVE-2018-19395
20 Nov 2018 — ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell"). ext/standard/var.c en PHP 5.x hasta la versión 7.1.24 en Windows permite que los atacantes provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado de la aplicación)... • http://www.securityfocus.com/bid/105989 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2018-19396
https://notcve.org/view.php?id=CVE-2018-19396
20 Nov 2018 — ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class. ext/standard/var_unserializer.c en PHP 5.x hasta la versión 7.1.24 permite que los atacantes provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante una llamada unserialize para las clases com, dotnet o variant. • http://www.securityfocus.com/bid/105989 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 21%CPEs: 7EXPL: 1CVE-2018-17082 – php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request
https://notcve.org/view.php?id=CVE-2018-17082
16 Sep 2018 — The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. El componente Apache2 en PHP en versiones anteriores a la 5.6.38, versiones 7.0.x anteriores a la 7.0.32, versiones 7.1.x anteriores a la 7.1.22 y versiones 7.2.x anteriores a la 7.2.10 permite Cross-Site Scripting (XSS) median... • http://php.net/ChangeLog-5.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 1CVE-2018-15132
https://notcve.org/view.php?id=CVE-2018-15132
07 Aug 2018 — An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories. Se ha descubierto un problema en ext/standard/link_win32.c en PHP en versiones anteriores a la 5.6.37, versiones 7.0.x anteriores a la 7.0.31, versiones 7.1.x anteriores a la 7.1.20 y versiones 7.2.x anteriores a la ... • http://php.net/ChangeLog-5.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 49%CPEs: 11EXPL: 1CVE-2018-14883 – Debian Security Advisory 4353-1
https://notcve.org/view.php?id=CVE-2018-14883
03 Aug 2018 — An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.37, versiones 7.0.x anteriores a la 7.0.31, versiones 7.1.x anteriores a la 7.1.20 y versiones 7.2.x anteriores a la 7.2.8. Un desbordamiento de enteros conduce a una sobrelectura de búfer basada en memoria dinámica (heap) en exif_thu... • http://php.net/ChangeLog-5.php • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-14884 – php: Mishandled http_header_value in an atoi() call in http_fopen_wrapper.c
https://notcve.org/view.php?id=CVE-2018-14884
03 Aug 2018 — An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call. Se ha descubierto un problema en PHP en versiones 7.0.x anteriores a la 7.0.27, versiones 7.1.x anteriores a la 7.1.13 y versiones 7.2.x anteriores a la 7.2.1. El análisis inadecuado de una respuesta HTTP conduce a un fallo d... • http://php.net/ChangeLog-7.php • CWE-476: NULL Pointer Dereference CWE-665: Improper Initialization •