Php

Php

714 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2019-11041

Exploit
  • EPSS 3.33%
  • Veröffentlicht 09.08.2019 20:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:25

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past ...

7.1

CVE-2019-11042

Exploit
  • EPSS 3.88%
  • Veröffentlicht 09.08.2019 20:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:25

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past ...

7.5

CVE-2017-7189

  • EPSS 1.59%
  • Veröffentlicht 10.07.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 03:31:20

main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a securi...

9.8

CVE-2019-13224

  • EPSS 0.55%
  • Veröffentlicht 10.07.2019 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:24:29

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair o...

5.3

CVE-2019-11038

Exploit
  • EPSS 10.72%
  • Veröffentlicht 19.06.2019 00:15:12
  • Zuletzt bearbeitet 21.11.2024 04:20:25

When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause t...

9.1

CVE-2019-11039

Exploit
  • EPSS 1.44%
  • Veröffentlicht 19.06.2019 00:15:12
  • Zuletzt bearbeitet 21.11.2024 04:20:25

Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.

9.1

CVE-2019-11040

Exploit
  • EPSS 1.24%
  • Veröffentlicht 19.06.2019 00:15:12
  • Zuletzt bearbeitet 21.11.2024 04:20:25

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past ...

9.1

CVE-2019-11036

  • EPSS 1.72%
  • Veröffentlicht 03.05.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:24

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

9.1

CVE-2019-11034

  • EPSS 2.74%
  • Veröffentlicht 18.04.2019 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:24

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

9.1

CVE-2019-11035

Exploit
  • EPSS 2.97%
  • Veröffentlicht 18.04.2019 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:20:24

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.