Page 9 of 81 results (0.006 seconds)

CVSS: 4.7EPSS: 0%CPEs: 13EXPL: 0

CVE-2018-10545 – php: Dumpable FPM child processes allow bypassing opcache access controls

https://notcve.org/view.php?id=CVE-2018-10545

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process. Se ha descubierto un problema en PHP en versiones anteriores a la 05/06/1935, versiones 7.0.x anteriores a la 7.0.29, versiones 7.1.x anteriores a la 07/01/2016 y versiones 7.2.x anteriores a la 7.2.4. Los procesos hijo FPM volcables permiten la omisión de los controles de acceso de opcache debido a que fpm_unix.c realiza una llamada prctl PR_SET_DUMPABLE, que permite que un usuario (en un entorno multiusuario) obtenga información sensible de la memoria del proceso de las aplicaciones PHP de un segundo usuario ejecutando gcore en el PID del proceso trabajador PHP-FPM. • http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/104022 https://access.redhat.com/errata/RHSA-2019:2519 https://bugs.php.net/bug.php?id=75605 https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html https://security.gentoo.org/glsa/201812-01 https://security.netapp.com/advisory/ntap-20180607-0003 https://usn.ubuntu.com/3646-1 https:// • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 2%CPEs: 11EXPL: 1

CVE-2018-10546 – php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service

https://notcve.org/view.php?id=CVE-2018-10546

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.36, versiones 7.0.x anteriores a la 7.0.30, versiones 7.1.x anteriores a la 7.1.17 y versiones 7.2.x anteriores a la 7.2.5. Existe un bucle infinito en ext/iconv/iconv.c debido a que el filtro de transmisiones iconv no rechaza las secuencias multibyte no válidas. An infinite loop vulnerability was found in ext/iconv/iconv.c in PHP due to the iconv stream not rejecting invalid multibyte sequences. • https://github.com/dsfau/CVE-2018-10546 http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/104019 http://www.securitytracker.com/id/1040807 https://access.redhat.com/errata/RHSA-2019:2519 https://bugs.php.net/bug.php?id=76249 https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html https://security.gentoo.org/glsa/201812-01 https://security.netapp.com/advisory/ntap-20180607-0003 https://usn.ubuntu.com/364 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.1EPSS: 3%CPEs: 13EXPL: 0

CVE-2018-10547 – php: Reflected XSS vulnerability on PHAR 403 and 404 error pages

https://notcve.org/view.php?id=CVE-2018-10547

An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. Se ha descubierto un problema en ext/phar/phar_object.c en PHP en versiones anteriores a la 5.6.36, versiones 7.0.x anteriores a la 7.0.30, versiones 7.1.x anteriores a la 7.1.17 y versiones 7.2.x anteriores a la 7.2.5. Hay XSS reflejado en las página de error 403 y 404 de PHAR mediante los datos de petición de una petición de un archivo .phar. • http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securitytracker.com/id/1040807 https://access.redhat.com/errata/RHSA-2019:2519 https://bugs.php.net/bug.php?id=76129 https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html https://security.netapp.com/advisory/ntap-20180607-0003 https://usn.ubuntu.com/3646-1 https://usn.ubuntu.com/3646-2 https://www.debian& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 90%CPEs: 13EXPL: 0

CVE-2018-10548 – php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply

https://notcve.org/view.php?id=CVE-2018-10548

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.36, versiones 7.0.x anteriores a la 7.0.30, versiones 7.1.x anteriores a la 07.1.17 y versiones 7.2.x anteriores a la 7.2.5. ext/ldap/ldap.c permite que servidores LDAP remotos provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado de la aplicación) debido a la gestión incorrecta del valor de retorno ldap_get_dn. • http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/104019 http://www.securitytracker.com/id/1040807 https://access.redhat.com/errata/RHSA-2019:2519 https://bugs.php.net/bug.php?id=76248 https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html https://security.gentoo.org/glsa/201812-01 https://security.netapp.com/advisory/ntap-20180607-0003 https • CWE-476: NULL Pointer Dereference •

CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2018-10549 – php: Out-of-bounds read in ext/exif/exif.c:exif_read_data() when reading crafted JPEG data

https://notcve.org/view.php?id=CVE-2018-10549

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character. Se ha descubierto un problema en PHP en versiones anteriores a la 5.6.36, versiones 7.0.x anteriores a la 7.0.30, versiones 7.1.x anteriores a la 7.1.17 y versiones 7.2.x anteriores a la 7.2.5. exif_read_data en ext/exif/exif.c tiene una lectura fuera de límites para los datos JPEG manipulados debido a que exif_iif_add_value gestiona de manera incorrecta el caso de un MakerNote que carece de un carácter "\0" final. An out-of-bounds read has been found in PHP when function exif_iif_add_value handles the case of a MakerNote that lacks a final terminator character. A remote attacker could use this vulnerability to cause a crash. • http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/104019 http://www.securitytracker.com/id/1040807 https://access.redhat.com/errata/RHSA-2019:2519 https://bugs.php.net/bug.php?id=76130 https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html https://security.gentoo.org/glsa/201812-01 https://security.netapp.com/advisory/ntap-20180607-0003 https://usn.ubuntu.com/3646-1 https://www.debian.org/security/2018 • CWE-125: Out-of-bounds Read •