CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-15132
https://notcve.org/view.php?id=CVE-2018-15132
An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories. Se ha descubierto un problema en ext/standard/link_win32.c en PHP en versiones anteriores a la 5.6.37, versiones 7.0.x anteriores a la 7.0.31, versiones 7.1.x anteriores a la 7.1.20 y versiones 7.2.x anteriores a la 7.2.8. La función linkinfo en Windows no implementa la comprobación open_basedir. • http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php https://bugs.php.net/bug.php?id=76459 https://github.com/php/php-src/commit/f151e048ed27f6f4eef729f3310d053ab5da71d4 https://security.netapp.com/advisory/ntap-20181107-0003 https://www.tenable.com/security/tns-2018-12 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2018-14883
https://notcve.org/view.php?id=CVE-2018-14883
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.37, versiones 7.0.x anteriores a la 7.0.31, versiones 7.1.x anteriores a la 7.1.20 y versiones 7.2.x anteriores a la 7.2.8. Un desbordamiento de enteros conduce a una sobrelectura de búfer basada en memoria dinámica (heap) en exif_thumbnail_extract en exif.c. • http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/104871 https://bugs.php.net/bug.php?id=76423 https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html https://security.netapp.com/advisory/ntap-20181107-0003 https://usn.ubuntu.com/3766-1 https://usn.ubuntu.com/3766-2 https://www.debian.org/security/2018/dsa-4353 https://www.tenable.com/security/tns-2018-12 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 5.9EPSS: 0%CPEs: 11EXPL: 0CVE-2018-14851 – php: exif: Buffer over-read in exif_process_IFD_in_MAKERNOTE()
https://notcve.org/view.php?id=CVE-2018-14851
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file. exif_process_IFD_in_MAKERNOTE en ext/exif/exif.c en PHP en versiones anteriores a la 5.6.37, versiones 7.0.x anteriores a la 7.0.31, versiones 7.1.x anteriores a la 7.1.20 y versiones 7.2.x anteriores a la 7.2.8 permite que atacantes remotos provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado de la aplicación) mediante un archivo JPEG manipulado. • http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/104871 https://access.redhat.com/errata/RHSA-2019:2519 https://bugs.php.net/bug.php?id=76557 https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html https://security.netapp.com/advisory/ntap-20181107-0003 https://usn.ubuntu.com/3766-1 https://usn.ubuntu.com/3766-2 https://www.debian.org/security/2018/dsa-4353 https://www.tenable.com/security/tns- • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 13EXPL: 0CVE-2018-10545 – php: Dumpable FPM child processes allow bypassing opcache access controls
https://notcve.org/view.php?id=CVE-2018-10545
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process. Se ha descubierto un problema en PHP en versiones anteriores a la 05/06/1935, versiones 7.0.x anteriores a la 7.0.29, versiones 7.1.x anteriores a la 07/01/2016 y versiones 7.2.x anteriores a la 7.2.4. Los procesos hijo FPM volcables permiten la omisión de los controles de acceso de opcache debido a que fpm_unix.c realiza una llamada prctl PR_SET_DUMPABLE, que permite que un usuario (en un entorno multiusuario) obtenga información sensible de la memoria del proceso de las aplicaciones PHP de un segundo usuario ejecutando gcore en el PID del proceso trabajador PHP-FPM. • http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/104022 https://access.redhat.com/errata/RHSA-2019:2519 https://bugs.php.net/bug.php?id=75605 https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html https://security.gentoo.org/glsa/201812-01 https://security.netapp.com/advisory/ntap-20180607-0003 https://usn.ubuntu.com/3646-1 https:// • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 2%CPEs: 11EXPL: 1CVE-2018-10546 – php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service
https://notcve.org/view.php?id=CVE-2018-10546
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.36, versiones 7.0.x anteriores a la 7.0.30, versiones 7.1.x anteriores a la 7.1.17 y versiones 7.2.x anteriores a la 7.2.5. Existe un bucle infinito en ext/iconv/iconv.c debido a que el filtro de transmisiones iconv no rechaza las secuencias multibyte no válidas. An infinite loop vulnerability was found in ext/iconv/iconv.c in PHP due to the iconv stream not rejecting invalid multibyte sequences. • https://github.com/dsfau/CVE-2018-10546 http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/104019 http://www.securitytracker.com/id/1040807 https://access.redhat.com/errata/RHSA-2019:2519 https://bugs.php.net/bug.php?id=76249 https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html https://security.gentoo.org/glsa/201812-01 https://security.netapp.com/advisory/ntap-20180607-0003 https://usn.ubuntu.com/364 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •