CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2016-10712 – Ubuntu Security Notice USN-3566-2
https://notcve.org/view.php?id=CVE-2016-10712
09 Feb 2018 — In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker. En PHP, en versiones anteriores a la 5.5.32, versiones 5.6.x anteriores a la 5.6.18 y versiones 7.x anteriores a la 7.0.3, to... • https://bugs.php.net/bug.php?id=71323 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 2CVE-2018-5711 – gd: Infinite loop in gdImageCreateFromGifCtx() in gd_gif_in.c
https://notcve.org/view.php?id=CVE-2018-5711
16 Jan 2018 — gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. gd_gif_in.c en GD Graphics Library (también conocida como libgd), tal y como se emplea en PHP en versiones anteriores a la 5.6.33... • https://github.com/huzhenghui/Test-7-2-0-PHP-CVE-2018-5711 • CWE-681: Incorrect Conversion between Numeric Types CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.1EPSS: 20%CPEs: 9EXPL: 0CVE-2018-5712 – php: Reflected XSS on PHAR 404 page
https://notcve.org/view.php?id=CVE-2018-5712
16 Jan 2018 — An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.33, versiones 7.0.x anteriores a la 7.0.27, versiones 7.1.x anteriores a la 7.1.13 y versiones 7.2.x anteriores a la 7.2.1. Hay XSS reflejado en la página de error PHAR 404 mediante el URI de una petición de un archivo .phar. It was disc... • http://php.net/ChangeLog-5.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2017-16642 – PHP 7.1.8 - Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2017-16642
07 Nov 2017 — In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145. En PHP, en versiones anteriores a la 5.6.32, versiones 7.x anteriores a la 7.0.25 y versiones 7.1.x an... • https://www.exploit-db.com/exploits/43133 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-12868
https://notcve.org/view.php?id=CVE-2017-12868
01 Sep 2017 — The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation. El método secureCompare en lib/SimpleSAML/Utils/Crypto.php en SimpleSAMLphp 1.14.13 y anteriores, al usarse con PHP en versiones anteriores a la 5.6, permite que los atacantes lleven a cabo ataques de fijación de sesión o que, ... • https://github.com/simplesamlphp/simplesamlphp/commit/4bc629658e7b7d17c9ac3fe0da7dc5df71f1b85e • CWE-384: Session Fixation •
CVSS: 9.8EPSS: 1%CPEs: 29EXPL: 0CVE-2017-12933 – php: buffer over-read in finish_nested_data function
https://notcve.org/view.php?id=CVE-2017-12933
18 Aug 2017 — The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP. La función finish_nested_data en ext/standard/var_unserializer.re en PHP en versiones anteriores a la 5.6.31, versiones 7.0.x anteriores a la 7.0.21 y versiones 7.1.x anteriores a la 7.1.7 es propenso a sufrir un buffer over-rea... • http://php.net/ChangeLog-5.php • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 12%CPEs: 29EXPL: 0CVE-2017-7890 – php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function
https://notcve.org/view.php?id=CVE-2017-7890
02 Aug 2017 — The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information. La función de descodificación de GIF "gdImageCreateFromGifCtx " en gd_gif_in.c en GD Graphics Library (también conocido como libgd),que se usa en PHP en vers... • http://php.net/ChangeLog-5.php • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2017-11628 – php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c
https://notcve.org/view.php?id=CVE-2017-11628
25 Jul 2017 — In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives. En PHP, en versiones anteriores a la 5.6.31, versio... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=05255749139b3686c8a6a58ee01131ac0047465e • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2017-11145 – php: wddx_deserialize() heap out-of-bound read via php_parse_date()
https://notcve.org/view.php?id=CVE-2017-11145
10 Jul 2017 — In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist. En PHP anterior a versión 5.6.31, versión 7.x anterior a 7.0.21... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e8b7698f5ee757ce2c8bd10a192a491a498f891c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 29EXPL: 0CVE-2017-11144 – php: Incorrect return value check of OpenSSL sealing function leads to crash
https://notcve.org/view.php?id=CVE-2017-11144
10 Jul 2017 — In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission. En PHP, en versiones anteriores a la 5.6.31, las versiones 7.x anteriores a la 7.0.21 y las versiones 7.1.x anteriores a la 7.1.7, el código de sellado PEM de la exten... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=73cabfedf519298e1a11192699f44d53c529315e • CWE-253: Incorrect Check of Function Return Value CWE-754: Improper Check for Unusual or Exceptional Conditions •