Page 6 of 236 results (0.004 seconds)

CVSS: 7.5EPSS: 90%CPEs: 13EXPL: 0

CVE-2018-10548 – php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply

https://notcve.org/view.php?id=CVE-2018-10548

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.36, versiones 7.0.x anteriores a la 7.0.30, versiones 7.1.x anteriores a la 07.1.17 y versiones 7.2.x anteriores a la 7.2.5. ext/ldap/ldap.c permite que servidores LDAP remotos provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado de la aplicación) debido a la gestión incorrecta del valor de retorno ldap_get_dn. • http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/104019 http://www.securitytracker.com/id/1040807 https://access.redhat.com/errata/RHSA-2019:2519 https://bugs.php.net/bug.php?id=76248 https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html https://security.gentoo.org/glsa/201812-01 https://security.netapp.com/advisory/ntap-20180607-0003 https • CWE-476: NULL Pointer Dereference •

CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2018-10549 – php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data

https://notcve.org/view.php?id=CVE-2018-10549

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.36, versiones 7.0.x anteriores a la 7.0.30, versiones 7.1.x anteriores a la 7.1.17 y versiones 7.2.x anteriores a la 7.2.5. exif_read_data en ext/exif/exif.c tiene una lectura fuera de límites para los datos JPEG manipulados debido a que exif_iif_add_value gestiona de manera incorrecta el caso de un MakerNote que carece de un carácter "\0" final. An out-of-bounds read has been found in PHP when function exif_iif_add_value handles the case of a MakerNote that lacks a final terminator character. A remote attacker could use this vulnerability to cause a crash. • http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/104019 http://www.securitytracker.com/id/1040807 https://access.redhat.com/errata/RHSA-2019:2519 https://bugs.php.net/bug.php?id=76130 https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html https://security.gentoo.org/glsa/201812-01 https://security.netapp.com/advisory/ntap-20180607-0003 https://usn.ubuntu.com/3646-1 https://www.debian.org/security/2018 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 75%CPEs: 11EXPL: 1

CVE-2018-7584 – PHP 7.2.2 - 'php_stream_url_wrap_http_ex' Buffer Overflow

https://notcve.org/view.php?id=CVE-2018-7584

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string. En PHP hasta la versión 5.6.33, versiones 7.0.x anteriores a la 7.0.28, versiones 7.1.x hasta la 7.1.14 y versiones 7.2.x hasta la 7.2.2, hay una sublectura de búfer basada en pila al analizar una respuesta HTTP en la función php_stream_url_wrap_http_ex en ext/standard/http_fopen_wrapper.c. Esto resulta en la copia de una cadena larga. PHP version 7.2.2 contains a memory corruption bug while parsing malformed HTTP response packets. • https://www.exploit-db.com/exploits/44846 http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/103204 http://www.securitytracker.com/id/1041607 https://access.redhat.com/errata/RHSA-2019:2519 https://bugs.php.net/bug.php?id=75981 https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba https://lists.debian.org/debian-lts-announce/2018/03/msg00030.html https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html https://usn.ubuntu.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 4

CVE-2015-9253

https://notcve.org/view.php?id=CVE-2015-9253

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility. Se ha descubierto un problema en PHP en versiones 7.3.x anteriores a la 7.3.0alpha3, versiones 7.2.x anteriores a la 7.2.8 y anteriores a la 7.1.20. El proceso maestro php-fpm reinicia un proceso hijo en un bucle infinito cuando se utilizan funciones de ejecución de programas (por ejemplo, passthru, exec, shell_exec o system) con un flujo non-blocking-STDIN y consumir el espacio del disco con un gran volumen de logs de error, tal y como queda demostrado con un ataque a un cliente de una instalación de alojamiento compartido. • https://bugs.php.net/bug.php?id=70185 https://bugs.php.net/bug.php?id=73342https://github.com/php/php-src/pull/3287 https://bugs.php.net/bug.php?id=75968 https://github.com/php/php-src/blob/PHP-7.1.20/NEWS#L20-L22 https://github.com/php/php-src/commit/69dee5c732fe982c82edb17d0dbc3e79a47748d8 https://usn.ubuntu.com/3766-1 https://usn.ubuntu.com/4279-1 https://www.futureweb.at/security/CVE-2015-9253 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1

CVE-2016-10712

https://notcve.org/view.php?id=CVE-2016-10712

In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker. En PHP, en versiones anteriores a la 5.5.32, versiones 5.6.x anteriores a la 5.6.18 y versiones 7.x anteriores a la 7.0.3, todos los valores de retorno de stream_get_meta_data pueden controlarse si se puede controlar la entrada (por ejemplo, durante la subida de archivos). Por ejemplo, una llamada "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" gestiona de manera incorrecta el caso en el que $file es data:text/plain;uri=eviluri, -- en otras palabras, un atacante puede establecer metadatos. • https://bugs.php.net/bug.php?id=71323 https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=6297a117d77fa3a0df2e21ca926a92c231819cd5 https://usn.ubuntu.com/3566-2 https://usn.ubuntu.com/3600-1 • CWE-20: Improper Input Validation •