Search

Find a vulnerability

Search criteria

    20 vulnerabilities found for SecurityCenter by Tenable

    CVE-2023-2005 (GCVE-0-2023-2005)

    Vulnerability from nvd – Published: 2023-06-26 17:39 – Updated: 2024-12-03 18:44
    VLAI
    Title
    Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability
    Summary
    Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenable Tenable.io Affected: 0 , < Plugin Feed ID #202306261202 (Plugin Feed ID #202306261202 )
    Create a notification for this product.
    Tenable Nessus Affected: 0 , < Plugin Feed ID #202306261202 (Plugin Feed ID #202306261202 )
    Create a notification for this product.
    Tenable Security Center Affected: 0 , < Plugin Feed ID #202306261202 (Plugin Feed ID #202306261202 )
    Create a notification for this product.
    Date Public
    2023-06-26 20:00
    Credits
    Patrick Romero - CrowdStrike
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:05:27.147Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2023-21"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-03T18:42:42.640706Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-427",
                    "description": "CWE-427 Uncontrolled Search Path Element",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T18:44:10.535Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tenable.io",
              "vendor": "Tenable",
              "versions": [
                {
                  "lessThan": "Plugin Feed ID #202306261202 ",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Plugin Feed ID #202306261202 "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Nessus",
              "vendor": "Tenable",
              "versions": [
                {
                  "lessThan": "Plugin Feed ID #202306261202 ",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Plugin Feed ID #202306261202 "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Security Center",
              "vendor": "Tenable",
              "versions": [
                {
                  "lessThan": "Plugin Feed ID #202306261202 ",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Plugin Feed ID #202306261202 "
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Patrick Romero - CrowdStrike"
            }
          ],
          "datePublic": "2023-06-26T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.\u003cp\u003eThis issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 .\u003c/p\u003eThis vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 .\n\nThis vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T17:39:56.554Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "url": "https://www.tenable.com/security/tns-2023-21"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nThe updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202306261202.\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nThe updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202306261202.\n\n\n"
            }
          ],
          "source": {
            "advisory": "TNS-2023-21",
            "discovery": "EXTERNAL"
          },
          "title": "Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2023-2005",
        "datePublished": "2023-06-26T17:39:56.554Z",
        "dateReserved": "2023-04-12T15:39:04.752Z",
        "dateUpdated": "2024-12-03T18:44:10.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11050 (GCVE-0-2019-11050)

    Vulnerability from nvd – Published: 2019-12-23 02:40 – Updated: 2024-09-16 18:33
    VLAI
    Title
    Use-after-free in exif parsing under memory sanitizer
    Summary
    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
    CWE
    Assigner
    php
    References
    URL Tags
    https://bugs.php.net/bug.php?id=78793 x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://security.netapp.com/advisory/ntap-2020010… x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://usn.ubuntu.com/4239-1/ vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://seclists.org/bugtraq/2020/Feb/27 mailing-listx_refsource_BUGTRAQ
    https://www.debian.org/security/2020/dsa-4626 vendor-advisoryx_refsource_DEBIAN
    https://www.debian.org/security/2020/dsa-4628 vendor-advisoryx_refsource_DEBIAN
    https://seclists.org/bugtraq/2020/Feb/31 mailing-listx_refsource_BUGTRAQ
    https://seclists.org/bugtraq/2021/Jan/3 mailing-listx_refsource_BUGTRAQ
    https://www.tenable.com/security/tns-2021-14 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    PHP Group PHP Affected: 7.2.x , < 7.2.26 (custom)
    Affected: 7.3.x , < 7.3.13 (custom)
    Affected: 7.4.x , < 7.4.1 (custom)
    Create a notification for this product.
    Date Public
    2019-12-17 00:00
    Credits
    Submitted by Nikita Popov
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:40:16.115Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.php.net/bug.php?id=78793"
              },
              {
                "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
              },
              {
                "name": "FEDORA-2019-437d94e271",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
              },
              {
                "name": "FEDORA-2019-a54a622670",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
              },
              {
                "name": "USN-4239-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4239-1/"
              },
              {
                "name": "openSUSE-SU-2020:0080",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
              },
              {
                "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/27"
              },
              {
                "name": "DSA-4626",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4626"
              },
              {
                "name": "DSA-4628",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4628"
              },
              {
                "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/31"
              },
              {
                "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2021/Jan/3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PHP",
              "vendor": "PHP Group",
              "versions": [
                {
                  "lessThan": "7.2.26",
                  "status": "affected",
                  "version": "7.2.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.13",
                  "status": "affected",
                  "version": "7.3.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.4.1",
                  "status": "affected",
                  "version": "7.4.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Submitted by Nikita Popov"
            }
          ],
          "datePublic": "2019-12-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-22T17:06:48.000Z",
            "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
            "shortName": "php"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.php.net/bug.php?id=78793"
            },
            {
              "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
            },
            {
              "name": "FEDORA-2019-437d94e271",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
            },
            {
              "name": "FEDORA-2019-a54a622670",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
            },
            {
              "name": "USN-4239-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4239-1/"
            },
            {
              "name": "openSUSE-SU-2020:0080",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
            },
            {
              "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/27"
            },
            {
              "name": "DSA-4626",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4626"
            },
            {
              "name": "DSA-4628",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4628"
            },
            {
              "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/31"
            },
            {
              "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2021/Jan/3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ],
          "source": {
            "defect": [
              "https://bugs.php.net/bug.php?id=78793"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Use-after-free in exif parsing under memory sanitizer",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@php.net",
              "DATE_PUBLIC": "2019-12-17T03:02:00.000Z",
              "ID": "CVE-2019-11050",
              "STATE": "PUBLIC",
              "TITLE": "Use-after-free in exif parsing under memory sanitizer"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PHP",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.2.x",
                                "version_value": "7.2.26"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.3.x",
                                "version_value": "7.3.13"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.4.x",
                                "version_value": "7.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "PHP Group"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Submitted by Nikita Popov"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125 Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.php.net/bug.php?id=78793",
                  "refsource": "MISC",
                  "url": "https://bugs.php.net/bug.php?id=78793"
                },
                {
                  "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200103-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
                },
                {
                  "name": "FEDORA-2019-437d94e271",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
                },
                {
                  "name": "FEDORA-2019-a54a622670",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
                },
                {
                  "name": "USN-4239-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4239-1/"
                },
                {
                  "name": "openSUSE-SU-2020:0080",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
                },
                {
                  "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/27"
                },
                {
                  "name": "DSA-4626",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4626"
                },
                {
                  "name": "DSA-4628",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4628"
                },
                {
                  "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/31"
                },
                {
                  "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2021/Jan/3"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2021-14",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2021-14"
                }
              ]
            },
            "source": {
              "defect": [
                "https://bugs.php.net/bug.php?id=78793"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "assignerShortName": "php",
        "cveId": "CVE-2019-11050",
        "datePublished": "2019-12-23T02:40:18.861Z",
        "dateReserved": "2019-04-09T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:33:19.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11049 (GCVE-0-2019-11049)

    Vulnerability from nvd – Published: 2019-12-23 02:40 – Updated: 2024-09-16 20:47
    VLAI
    Title
    mail() may release string with refcount==1 twice
    Summary
    In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.
    CWE
    Assigner
    php
    References
    Impacted products
    Vendor Product Version
    PHP Group PHP Affected: 7.3.x , < 7.3.13 (custom)
    Affected: 7.4.x , < 7.4.1 (custom)
    Create a notification for this product.
    Date Public
    2019-12-17 00:00
    Credits
    Submitted by Christoph M. Becker
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:40:16.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.php.net/bug.php?id=78943"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
              },
              {
                "name": "FEDORA-2019-437d94e271",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
              },
              {
                "name": "FEDORA-2019-a54a622670",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
              },
              {
                "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/27"
              },
              {
                "name": "DSA-4626",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4626"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "PHP",
              "vendor": "PHP Group",
              "versions": [
                {
                  "lessThan": "7.3.13",
                  "status": "affected",
                  "version": "7.3.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.4.1",
                  "status": "affected",
                  "version": "7.4.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "value": "The issue affects Windows systems using mail() function where the headers could be externally controlled."
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Submitted by Christoph M. Becker"
            }
          ],
          "datePublic": "2019-12-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-415",
                  "description": "CWE-415 Double Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-22T17:06:56.000Z",
            "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
            "shortName": "php"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.php.net/bug.php?id=78943"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
            },
            {
              "name": "FEDORA-2019-437d94e271",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
            },
            {
              "name": "FEDORA-2019-a54a622670",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
            },
            {
              "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/27"
            },
            {
              "name": "DSA-4626",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4626"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ],
          "source": {
            "defect": [
              "https://bugs.php.net/bug.php?id=78793"
            ],
            "discovery": "INTERNAL"
          },
          "title": "mail() may release string with refcount==1 twice",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@php.net",
              "DATE_PUBLIC": "2019-12-17T03:02:00.000Z",
              "ID": "CVE-2019-11049",
              "STATE": "PUBLIC",
              "TITLE": "mail() may release string with refcount==1 twice"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PHP",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "7.3.x",
                                "version_value": "7.3.13"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "7.4.x",
                                "version_value": "7.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "PHP Group"
                  }
                ]
              }
            },
            "configuration": [
              {
                "lang": "en",
                "value": "The issue affects Windows systems using mail() function where the headers could be externally controlled."
              }
            ],
            "credit": [
              {
                "lang": "eng",
                "value": "Submitted by Christoph M. Becker"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-415 Double Free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.php.net/bug.php?id=78943",
                  "refsource": "MISC",
                  "url": "https://bugs.php.net/bug.php?id=78943"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200103-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
                },
                {
                  "name": "FEDORA-2019-437d94e271",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
                },
                {
                  "name": "FEDORA-2019-a54a622670",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
                },
                {
                  "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/27"
                },
                {
                  "name": "DSA-4626",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4626"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2021-14",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2021-14"
                }
              ]
            },
            "source": {
              "defect": [
                "https://bugs.php.net/bug.php?id=78793"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "assignerShortName": "php",
        "cveId": "CVE-2019-11049",
        "datePublished": "2019-12-23T02:40:18.474Z",
        "dateReserved": "2019-04-09T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:47:57.583Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11046 (GCVE-0-2019-11046)

    Vulnerability from nvd – Published: 2019-12-23 02:40 – Updated: 2024-09-16 17:52
    VLAI
    Title
    Buffer underflow in bc_shift_addsub
    Summary
    In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.
    CWE
    Assigner
    php
    References
    URL Tags
    https://bugs.php.net/bug.php?id=78878 x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://security.netapp.com/advisory/ntap-2020010… x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://support.f5.com/csp/article/K48866433?utm_… x_refsource_CONFIRM
    https://usn.ubuntu.com/4239-1/ vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://seclists.org/bugtraq/2020/Feb/27 mailing-listx_refsource_BUGTRAQ
    https://www.debian.org/security/2020/dsa-4626 vendor-advisoryx_refsource_DEBIAN
    https://www.debian.org/security/2020/dsa-4628 vendor-advisoryx_refsource_DEBIAN
    https://seclists.org/bugtraq/2020/Feb/31 mailing-listx_refsource_BUGTRAQ
    https://seclists.org/bugtraq/2021/Jan/3 mailing-listx_refsource_BUGTRAQ
    https://www.tenable.com/security/tns-2021-14 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    PHP Group PHP Affected: 7.2.x , < 7.2.26 (custom)
    Affected: 7.3.x , < 7.3.13 (custom)
    Affected: 7.4.x , < 7.4.1 (custom)
    Create a notification for this product.
    Date Public
    2019-12-17 00:00
    Credits
    Submitted by thomas-josef dot riedmaier at siemens dot com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:40:16.108Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.php.net/bug.php?id=78878"
              },
              {
                "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
              },
              {
                "name": "FEDORA-2019-437d94e271",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
              },
              {
                "name": "FEDORA-2019-a54a622670",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K48866433?utm_source=f5support\u0026amp%3Butm_medium=RSS"
              },
              {
                "name": "USN-4239-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4239-1/"
              },
              {
                "name": "openSUSE-SU-2020:0080",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
              },
              {
                "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/27"
              },
              {
                "name": "DSA-4626",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4626"
              },
              {
                "name": "DSA-4628",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4628"
              },
              {
                "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/31"
              },
              {
                "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2021/Jan/3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PHP",
              "vendor": "PHP Group",
              "versions": [
                {
                  "lessThan": "7.2.26",
                  "status": "affected",
                  "version": "7.2.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.13",
                  "status": "affected",
                  "version": "7.3.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.4.1",
                  "status": "affected",
                  "version": "7.4.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Submitted by thomas-josef dot riedmaier at siemens dot com"
            }
          ],
          "datePublic": "2019-12-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren\u0027t ASCII numbers. This can read to disclosure of the content of some memory locations."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-22T17:06:40.000Z",
            "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
            "shortName": "php"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.php.net/bug.php?id=78878"
            },
            {
              "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
            },
            {
              "name": "FEDORA-2019-437d94e271",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
            },
            {
              "name": "FEDORA-2019-a54a622670",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K48866433?utm_source=f5support\u0026amp%3Butm_medium=RSS"
            },
            {
              "name": "USN-4239-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4239-1/"
            },
            {
              "name": "openSUSE-SU-2020:0080",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
            },
            {
              "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/27"
            },
            {
              "name": "DSA-4626",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4626"
            },
            {
              "name": "DSA-4628",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4628"
            },
            {
              "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/31"
            },
            {
              "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2021/Jan/3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ],
          "source": {
            "defect": [
              "https://bugs.php.net/bug.php?id=78878"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Buffer underflow in bc_shift_addsub",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@php.net",
              "DATE_PUBLIC": "2019-12-17T03:02:00.000Z",
              "ID": "CVE-2019-11046",
              "STATE": "PUBLIC",
              "TITLE": "Buffer underflow in bc_shift_addsub"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PHP",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.2.x",
                                "version_value": "7.2.26"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.3.x",
                                "version_value": "7.3.13"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.4.x",
                                "version_value": "7.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "PHP Group"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Submitted by thomas-josef dot riedmaier at siemens dot com"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren\u0027t ASCII numbers. This can read to disclosure of the content of some memory locations."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125 Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.php.net/bug.php?id=78878",
                  "refsource": "MISC",
                  "url": "https://bugs.php.net/bug.php?id=78878"
                },
                {
                  "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200103-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
                },
                {
                  "name": "FEDORA-2019-437d94e271",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
                },
                {
                  "name": "FEDORA-2019-a54a622670",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
                },
                {
                  "name": "https://support.f5.com/csp/article/K48866433?utm_source=f5support\u0026amp;utm_medium=RSS",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K48866433?utm_source=f5support\u0026amp;utm_medium=RSS"
                },
                {
                  "name": "USN-4239-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4239-1/"
                },
                {
                  "name": "openSUSE-SU-2020:0080",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
                },
                {
                  "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/27"
                },
                {
                  "name": "DSA-4626",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4626"
                },
                {
                  "name": "DSA-4628",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4628"
                },
                {
                  "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/31"
                },
                {
                  "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2021/Jan/3"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2021-14",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2021-14"
                }
              ]
            },
            "source": {
              "defect": [
                "https://bugs.php.net/bug.php?id=78878"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "assignerShortName": "php",
        "cveId": "CVE-2019-11046",
        "datePublished": "2019-12-23T02:40:17.526Z",
        "dateReserved": "2019-04-09T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:52:45.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11045 (GCVE-0-2019-11045)

    Vulnerability from nvd – Published: 2019-12-23 02:40 – Updated: 2024-09-16 17:32
    VLAI
    Title
    DirectoryIterator class silently truncates after a null byte
    Summary
    In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
    CWE
    • CWE-170 - Improper Null Termination
    Assigner
    php
    References
    URL Tags
    https://bugs.php.net/bug.php?id=78863 x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://security.netapp.com/advisory/ntap-2020010… x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://usn.ubuntu.com/4239-1/ vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://seclists.org/bugtraq/2020/Feb/27 mailing-listx_refsource_BUGTRAQ
    https://www.debian.org/security/2020/dsa-4626 vendor-advisoryx_refsource_DEBIAN
    https://www.debian.org/security/2020/dsa-4628 vendor-advisoryx_refsource_DEBIAN
    https://seclists.org/bugtraq/2020/Feb/31 mailing-listx_refsource_BUGTRAQ
    https://seclists.org/bugtraq/2021/Jan/3 mailing-listx_refsource_BUGTRAQ
    https://www.tenable.com/security/tns-2021-14 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    PHP Group PHP Affected: 7.2.x , < 7.2.26 (custom)
    Affected: 7.3.x , < 7.3.13 (custom)
    Affected: 7.4.x , < 7.4.1 (custom)
    Create a notification for this product.
    Date Public
    2019-12-17 00:00
    Credits
    Submitted by ryat at php.net
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:40:16.106Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.php.net/bug.php?id=78863"
              },
              {
                "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
              },
              {
                "name": "FEDORA-2019-437d94e271",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
              },
              {
                "name": "FEDORA-2019-a54a622670",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
              },
              {
                "name": "USN-4239-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4239-1/"
              },
              {
                "name": "openSUSE-SU-2020:0080",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
              },
              {
                "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/27"
              },
              {
                "name": "DSA-4626",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4626"
              },
              {
                "name": "DSA-4628",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4628"
              },
              {
                "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/31"
              },
              {
                "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2021/Jan/3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PHP",
              "vendor": "PHP Group",
              "versions": [
                {
                  "lessThan": "7.2.26",
                  "status": "affected",
                  "version": "7.2.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.13",
                  "status": "affected",
                  "version": "7.3.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.4.1",
                  "status": "affected",
                  "version": "7.4.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Submitted by ryat at php.net"
            }
          ],
          "datePublic": "2019-12-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-170",
                  "description": "CWE-170 Improper Null Termination",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-22T17:06:43.000Z",
            "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
            "shortName": "php"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.php.net/bug.php?id=78863"
            },
            {
              "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
            },
            {
              "name": "FEDORA-2019-437d94e271",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
            },
            {
              "name": "FEDORA-2019-a54a622670",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
            },
            {
              "name": "USN-4239-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4239-1/"
            },
            {
              "name": "openSUSE-SU-2020:0080",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
            },
            {
              "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/27"
            },
            {
              "name": "DSA-4626",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4626"
            },
            {
              "name": "DSA-4628",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4628"
            },
            {
              "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/31"
            },
            {
              "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2021/Jan/3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ],
          "source": {
            "defect": [
              "https://bugs.php.net/bug.php?id=78863"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "DirectoryIterator class silently truncates after a null byte",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@php.net",
              "DATE_PUBLIC": "2019-12-17T03:02:00.000Z",
              "ID": "CVE-2019-11045",
              "STATE": "PUBLIC",
              "TITLE": "DirectoryIterator class silently truncates after a null byte"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PHP",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.2.x",
                                "version_value": "7.2.26"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.3.x",
                                "version_value": "7.3.13"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.4.x",
                                "version_value": "7.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "PHP Group"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Submitted by ryat at php.net"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-170 Improper Null Termination"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.php.net/bug.php?id=78863",
                  "refsource": "MISC",
                  "url": "https://bugs.php.net/bug.php?id=78863"
                },
                {
                  "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200103-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
                },
                {
                  "name": "FEDORA-2019-437d94e271",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
                },
                {
                  "name": "FEDORA-2019-a54a622670",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
                },
                {
                  "name": "USN-4239-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4239-1/"
                },
                {
                  "name": "openSUSE-SU-2020:0080",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
                },
                {
                  "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/27"
                },
                {
                  "name": "DSA-4626",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4626"
                },
                {
                  "name": "DSA-4628",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4628"
                },
                {
                  "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/31"
                },
                {
                  "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2021/Jan/3"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2021-14",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2021-14"
                }
              ]
            },
            "source": {
              "defect": [
                "https://bugs.php.net/bug.php?id=78863"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "assignerShortName": "php",
        "cveId": "CVE-2019-11045",
        "datePublished": "2019-12-23T02:40:17.130Z",
        "dateReserved": "2019-04-09T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:32:41.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11044 (GCVE-0-2019-11044)

    Vulnerability from nvd – Published: 2019-12-23 02:40 – Updated: 2024-09-17 01:47
    VLAI
    Title
    link() silently truncates after a null byte on Windows
    Summary
    In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
    CWE
    • CWE-170 - Improper Null Termination
    Assigner
    php
    References
    Impacted products
    Vendor Product Version
    PHP Group PHP Affected: 7.2.x , < 7.2.26 (custom)
    Affected: 7.3.x , < 7.3.13 (custom)
    Affected: 7.4.x , < 7.4.1 (custom)
    Create a notification for this product.
    Date Public
    2019-12-17 00:00
    Credits
    Submitted by ryat at php.net
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:40:16.115Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.php.net/bug.php?id=78862"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
              },
              {
                "name": "FEDORA-2019-437d94e271",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
              },
              {
                "name": "FEDORA-2019-a54a622670",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "PHP",
              "vendor": "PHP Group",
              "versions": [
                {
                  "lessThan": "7.2.26",
                  "status": "affected",
                  "version": "7.2.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.13",
                  "status": "affected",
                  "version": "7.3.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.4.1",
                  "status": "affected",
                  "version": "7.4.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Submitted by ryat at php.net"
            }
          ],
          "datePublic": "2019-12-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-170",
                  "description": "CWE-170 Improper Null Termination",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-22T17:06:21.000Z",
            "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
            "shortName": "php"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.php.net/bug.php?id=78862"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
            },
            {
              "name": "FEDORA-2019-437d94e271",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
            },
            {
              "name": "FEDORA-2019-a54a622670",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ],
          "source": {
            "defect": [
              "https://bugs.php.net/bug.php?id=78862"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "link() silently truncates after a null byte on Windows",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@php.net",
              "DATE_PUBLIC": "2019-12-17T03:02:00.000Z",
              "ID": "CVE-2019-11044",
              "STATE": "PUBLIC",
              "TITLE": "link() silently truncates after a null byte on Windows"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PHP",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "7.2.x",
                                "version_value": "7.2.26"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "7.3.x",
                                "version_value": "7.3.13"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "7.4.x",
                                "version_value": "7.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "PHP Group"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Submitted by ryat at php.net"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-170 Improper Null Termination"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.php.net/bug.php?id=78862",
                  "refsource": "MISC",
                  "url": "https://bugs.php.net/bug.php?id=78862"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200103-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
                },
                {
                  "name": "FEDORA-2019-437d94e271",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
                },
                {
                  "name": "FEDORA-2019-a54a622670",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2021-14",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2021-14"
                }
              ]
            },
            "source": {
              "defect": [
                "https://bugs.php.net/bug.php?id=78862"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "assignerShortName": "php",
        "cveId": "CVE-2019-11044",
        "datePublished": "2019-12-23T02:40:16.742Z",
        "dateReserved": "2019-04-09T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:47:06.457Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1155 (GCVE-0-2018-1155)

    Vulnerability from nvd – Published: 2018-08-02 19:00 – Updated: 2024-09-17 01:32
    VLAI
    Summary
    In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting (XSS)
    Assigner
    References
    URL Tags
    https://www.tenable.com/security/tns-2018-11 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1041431 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Tenable SecurityCenter Affected: All versions prior to 5.7.0
    Create a notification for this product.
    Date Public
    2018-07-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:51:48.853Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2018-11"
              },
              {
                "name": "1041431",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041431"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SecurityCenter",
              "vendor": "Tenable",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 5.7.0"
                }
              ]
            }
          ],
          "datePublic": "2018-07-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-12T09:57:01.000Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2018-11"
            },
            {
              "name": "1041431",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041431"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnreport@tenable.com",
              "DATE_PUBLIC": "2018-07-31T00:00:00",
              "ID": "CVE-2018-1155",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SecurityCenter",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 5.7.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Tenable"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tenable.com/security/tns-2018-11",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2018-11"
                },
                {
                  "name": "1041431",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041431"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2018-1155",
        "datePublished": "2018-08-02T19:00:00.000Z",
        "dateReserved": "2017-12-05T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:32:05.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1154 (GCVE-0-2018-1154)

    Vulnerability from nvd – Published: 2018-08-02 19:00 – Updated: 2024-09-16 17:42
    VLAI
    Summary
    In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue.
    Severity
    No CVSS data available.
    CWE
    • Username Enumeration
    Assigner
    References
    URL Tags
    https://www.tenable.com/security/tns-2018-11 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1041431 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Tenable SecurityCenter Affected: All versions prior to 5.7.0
    Create a notification for this product.
    Date Public
    2018-07-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:51:48.873Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2018-11"
              },
              {
                "name": "1041431",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041431"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SecurityCenter",
              "vendor": "Tenable",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 5.7.0"
                }
              ]
            }
          ],
          "datePublic": "2018-07-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Username Enumeration",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-12T09:57:01.000Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2018-11"
            },
            {
              "name": "1041431",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041431"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnreport@tenable.com",
              "DATE_PUBLIC": "2018-07-31T00:00:00",
              "ID": "CVE-2018-1154",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SecurityCenter",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 5.7.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Tenable"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Username Enumeration"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tenable.com/security/tns-2018-11",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2018-11"
                },
                {
                  "name": "1041431",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041431"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2018-1154",
        "datePublished": "2018-08-02T19:00:00.000Z",
        "dateReserved": "2017-12-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:42:52.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11508 (GCVE-0-2017-11508)

    Vulnerability from nvd – Published: 2017-11-02 17:00 – Updated: 2024-09-16 20:06
    VLAI
    Summary
    SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access.
    Severity
    No CVSS data available.
    CWE
    • SQL Injection
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1039804 vdb-entryx_refsource_SECTRACK
    https://www.tenable.com/security/tns-2017-13 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Tenable SecurityCenter Affected: 5.5.0, 5.5.1 and 5.5.2
    Create a notification for this product.
    Date Public
    2017-11-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:12:40.233Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1039804",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039804"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2017-13"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SecurityCenter",
              "vendor": "Tenable",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.5.0, 5.5.1 and 5.5.2"
                }
              ]
            }
          ],
          "datePublic": "2017-11-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-18T10:57:01.000Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "name": "1039804",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039804"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2017-13"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnreport@tenable.com",
              "DATE_PUBLIC": "2017-11-01T00:00:00",
              "ID": "CVE-2017-11508",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SecurityCenter",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.5.0, 5.5.1 and 5.5.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Tenable"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1039804",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039804"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2017-13",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2017-13"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2017-11508",
        "datePublished": "2017-11-02T17:00:00.000Z",
        "dateReserved": "2017-07-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:06:45.238Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5911 (GCVE-0-2013-5911)

    Vulnerability from nvd – Published: 2013-09-24 10:00 – Updated: 2024-09-17 02:06
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://discussions.nessus.org/message/22174#22174 x_refsource_CONFIRM
    http://www.osvdb.org/97584 vdb-entryx_refsource_OSVDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:29:42.766Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://discussions.nessus.org/message/22174#22174"
              },
              {
                "name": "97584",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/97584"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-09-24T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://discussions.nessus.org/message/22174#22174"
            },
            {
              "name": "97584",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/97584"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-5911",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://discussions.nessus.org/message/22174#22174",
                  "refsource": "CONFIRM",
                  "url": "https://discussions.nessus.org/message/22174#22174"
                },
                {
                  "name": "97584",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/97584"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-5911",
        "datePublished": "2013-09-24T10:00:00.000Z",
        "dateReserved": "2013-09-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:06:46.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-2005 (GCVE-0-2023-2005)

    Vulnerability from cvelistv5 – Published: 2023-06-26 17:39 – Updated: 2024-12-03 18:44
    VLAI
    Title
    Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability
    Summary
    Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    References
    Impacted products
    Vendor Product Version
    Tenable Tenable.io Affected: 0 , < Plugin Feed ID #202306261202 (Plugin Feed ID #202306261202 )
    Create a notification for this product.
    Tenable Nessus Affected: 0 , < Plugin Feed ID #202306261202 (Plugin Feed ID #202306261202 )
    Create a notification for this product.
    Tenable Security Center Affected: 0 , < Plugin Feed ID #202306261202 (Plugin Feed ID #202306261202 )
    Create a notification for this product.
    Date Public
    2023-06-26 20:00
    Credits
    Patrick Romero - CrowdStrike
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T06:05:27.147Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2023-21"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-2005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-03T18:42:42.640706Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-427",
                    "description": "CWE-427 Uncontrolled Search Path Element",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-03T18:44:10.535Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Tenable.io",
              "vendor": "Tenable",
              "versions": [
                {
                  "lessThan": "Plugin Feed ID #202306261202 ",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Plugin Feed ID #202306261202 "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Nessus",
              "vendor": "Tenable",
              "versions": [
                {
                  "lessThan": "Plugin Feed ID #202306261202 ",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Plugin Feed ID #202306261202 "
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Security Center",
              "vendor": "Tenable",
              "versions": [
                {
                  "lessThan": "Plugin Feed ID #202306261202 ",
                  "status": "affected",
                  "version": "0",
                  "versionType": "Plugin Feed ID #202306261202 "
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Patrick Romero - CrowdStrike"
            }
          ],
          "datePublic": "2023-06-26T20:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.\u003cp\u003eThis issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 .\u003c/p\u003eThis vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 .\n\nThis vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-26T17:39:56.554Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "url": "https://www.tenable.com/security/tns-2023-21"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nThe updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202306261202.\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nThe updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202306261202.\n\n\n"
            }
          ],
          "source": {
            "advisory": "TNS-2023-21",
            "discovery": "EXTERNAL"
          },
          "title": "Tenable Plugin Feed ID #202306261202 Fixes Privilege Escalation Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2023-2005",
        "datePublished": "2023-06-26T17:39:56.554Z",
        "dateReserved": "2023-04-12T15:39:04.752Z",
        "dateUpdated": "2024-12-03T18:44:10.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11050 (GCVE-0-2019-11050)

    Vulnerability from cvelistv5 – Published: 2019-12-23 02:40 – Updated: 2024-09-16 18:33
    VLAI
    Title
    Use-after-free in exif parsing under memory sanitizer
    Summary
    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
    CWE
    Assigner
    php
    References
    URL Tags
    https://bugs.php.net/bug.php?id=78793 x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://security.netapp.com/advisory/ntap-2020010… x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://usn.ubuntu.com/4239-1/ vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://seclists.org/bugtraq/2020/Feb/27 mailing-listx_refsource_BUGTRAQ
    https://www.debian.org/security/2020/dsa-4626 vendor-advisoryx_refsource_DEBIAN
    https://www.debian.org/security/2020/dsa-4628 vendor-advisoryx_refsource_DEBIAN
    https://seclists.org/bugtraq/2020/Feb/31 mailing-listx_refsource_BUGTRAQ
    https://seclists.org/bugtraq/2021/Jan/3 mailing-listx_refsource_BUGTRAQ
    https://www.tenable.com/security/tns-2021-14 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    PHP Group PHP Affected: 7.2.x , < 7.2.26 (custom)
    Affected: 7.3.x , < 7.3.13 (custom)
    Affected: 7.4.x , < 7.4.1 (custom)
    Create a notification for this product.
    Date Public
    2019-12-17 00:00
    Credits
    Submitted by Nikita Popov
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:40:16.115Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.php.net/bug.php?id=78793"
              },
              {
                "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
              },
              {
                "name": "FEDORA-2019-437d94e271",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
              },
              {
                "name": "FEDORA-2019-a54a622670",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
              },
              {
                "name": "USN-4239-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4239-1/"
              },
              {
                "name": "openSUSE-SU-2020:0080",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
              },
              {
                "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/27"
              },
              {
                "name": "DSA-4626",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4626"
              },
              {
                "name": "DSA-4628",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4628"
              },
              {
                "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/31"
              },
              {
                "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2021/Jan/3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PHP",
              "vendor": "PHP Group",
              "versions": [
                {
                  "lessThan": "7.2.26",
                  "status": "affected",
                  "version": "7.2.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.13",
                  "status": "affected",
                  "version": "7.3.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.4.1",
                  "status": "affected",
                  "version": "7.4.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Submitted by Nikita Popov"
            }
          ],
          "datePublic": "2019-12-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-22T17:06:48.000Z",
            "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
            "shortName": "php"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.php.net/bug.php?id=78793"
            },
            {
              "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
            },
            {
              "name": "FEDORA-2019-437d94e271",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
            },
            {
              "name": "FEDORA-2019-a54a622670",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
            },
            {
              "name": "USN-4239-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4239-1/"
            },
            {
              "name": "openSUSE-SU-2020:0080",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
            },
            {
              "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/27"
            },
            {
              "name": "DSA-4626",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4626"
            },
            {
              "name": "DSA-4628",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4628"
            },
            {
              "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/31"
            },
            {
              "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2021/Jan/3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ],
          "source": {
            "defect": [
              "https://bugs.php.net/bug.php?id=78793"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Use-after-free in exif parsing under memory sanitizer",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@php.net",
              "DATE_PUBLIC": "2019-12-17T03:02:00.000Z",
              "ID": "CVE-2019-11050",
              "STATE": "PUBLIC",
              "TITLE": "Use-after-free in exif parsing under memory sanitizer"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PHP",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.2.x",
                                "version_value": "7.2.26"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.3.x",
                                "version_value": "7.3.13"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.4.x",
                                "version_value": "7.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "PHP Group"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Submitted by Nikita Popov"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125 Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.php.net/bug.php?id=78793",
                  "refsource": "MISC",
                  "url": "https://bugs.php.net/bug.php?id=78793"
                },
                {
                  "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200103-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
                },
                {
                  "name": "FEDORA-2019-437d94e271",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
                },
                {
                  "name": "FEDORA-2019-a54a622670",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
                },
                {
                  "name": "USN-4239-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4239-1/"
                },
                {
                  "name": "openSUSE-SU-2020:0080",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
                },
                {
                  "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/27"
                },
                {
                  "name": "DSA-4626",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4626"
                },
                {
                  "name": "DSA-4628",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4628"
                },
                {
                  "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/31"
                },
                {
                  "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2021/Jan/3"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2021-14",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2021-14"
                }
              ]
            },
            "source": {
              "defect": [
                "https://bugs.php.net/bug.php?id=78793"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "assignerShortName": "php",
        "cveId": "CVE-2019-11050",
        "datePublished": "2019-12-23T02:40:18.861Z",
        "dateReserved": "2019-04-09T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:33:19.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11049 (GCVE-0-2019-11049)

    Vulnerability from cvelistv5 – Published: 2019-12-23 02:40 – Updated: 2024-09-16 20:47
    VLAI
    Title
    mail() may release string with refcount==1 twice
    Summary
    In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.
    CWE
    Assigner
    php
    References
    Impacted products
    Vendor Product Version
    PHP Group PHP Affected: 7.3.x , < 7.3.13 (custom)
    Affected: 7.4.x , < 7.4.1 (custom)
    Create a notification for this product.
    Date Public
    2019-12-17 00:00
    Credits
    Submitted by Christoph M. Becker
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:40:16.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.php.net/bug.php?id=78943"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
              },
              {
                "name": "FEDORA-2019-437d94e271",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
              },
              {
                "name": "FEDORA-2019-a54a622670",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
              },
              {
                "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/27"
              },
              {
                "name": "DSA-4626",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4626"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "PHP",
              "vendor": "PHP Group",
              "versions": [
                {
                  "lessThan": "7.3.13",
                  "status": "affected",
                  "version": "7.3.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.4.1",
                  "status": "affected",
                  "version": "7.4.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "value": "The issue affects Windows systems using mail() function where the headers could be externally controlled."
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Submitted by Christoph M. Becker"
            }
          ],
          "datePublic": "2019-12-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-415",
                  "description": "CWE-415 Double Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-22T17:06:56.000Z",
            "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
            "shortName": "php"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.php.net/bug.php?id=78943"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
            },
            {
              "name": "FEDORA-2019-437d94e271",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
            },
            {
              "name": "FEDORA-2019-a54a622670",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
            },
            {
              "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/27"
            },
            {
              "name": "DSA-4626",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4626"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ],
          "source": {
            "defect": [
              "https://bugs.php.net/bug.php?id=78793"
            ],
            "discovery": "INTERNAL"
          },
          "title": "mail() may release string with refcount==1 twice",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@php.net",
              "DATE_PUBLIC": "2019-12-17T03:02:00.000Z",
              "ID": "CVE-2019-11049",
              "STATE": "PUBLIC",
              "TITLE": "mail() may release string with refcount==1 twice"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PHP",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "7.3.x",
                                "version_value": "7.3.13"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "7.4.x",
                                "version_value": "7.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "PHP Group"
                  }
                ]
              }
            },
            "configuration": [
              {
                "lang": "en",
                "value": "The issue affects Windows systems using mail() function where the headers could be externally controlled."
              }
            ],
            "credit": [
              {
                "lang": "eng",
                "value": "Submitted by Christoph M. Becker"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-415 Double Free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.php.net/bug.php?id=78943",
                  "refsource": "MISC",
                  "url": "https://bugs.php.net/bug.php?id=78943"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200103-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
                },
                {
                  "name": "FEDORA-2019-437d94e271",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
                },
                {
                  "name": "FEDORA-2019-a54a622670",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
                },
                {
                  "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/27"
                },
                {
                  "name": "DSA-4626",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4626"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2021-14",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2021-14"
                }
              ]
            },
            "source": {
              "defect": [
                "https://bugs.php.net/bug.php?id=78793"
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "assignerShortName": "php",
        "cveId": "CVE-2019-11049",
        "datePublished": "2019-12-23T02:40:18.474Z",
        "dateReserved": "2019-04-09T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:47:57.583Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11046 (GCVE-0-2019-11046)

    Vulnerability from cvelistv5 – Published: 2019-12-23 02:40 – Updated: 2024-09-16 17:52
    VLAI
    Title
    Buffer underflow in bc_shift_addsub
    Summary
    In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.
    CWE
    Assigner
    php
    References
    URL Tags
    https://bugs.php.net/bug.php?id=78878 x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://security.netapp.com/advisory/ntap-2020010… x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://support.f5.com/csp/article/K48866433?utm_… x_refsource_CONFIRM
    https://usn.ubuntu.com/4239-1/ vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://seclists.org/bugtraq/2020/Feb/27 mailing-listx_refsource_BUGTRAQ
    https://www.debian.org/security/2020/dsa-4626 vendor-advisoryx_refsource_DEBIAN
    https://www.debian.org/security/2020/dsa-4628 vendor-advisoryx_refsource_DEBIAN
    https://seclists.org/bugtraq/2020/Feb/31 mailing-listx_refsource_BUGTRAQ
    https://seclists.org/bugtraq/2021/Jan/3 mailing-listx_refsource_BUGTRAQ
    https://www.tenable.com/security/tns-2021-14 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    PHP Group PHP Affected: 7.2.x , < 7.2.26 (custom)
    Affected: 7.3.x , < 7.3.13 (custom)
    Affected: 7.4.x , < 7.4.1 (custom)
    Create a notification for this product.
    Date Public
    2019-12-17 00:00
    Credits
    Submitted by thomas-josef dot riedmaier at siemens dot com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:40:16.108Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.php.net/bug.php?id=78878"
              },
              {
                "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
              },
              {
                "name": "FEDORA-2019-437d94e271",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
              },
              {
                "name": "FEDORA-2019-a54a622670",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K48866433?utm_source=f5support\u0026amp%3Butm_medium=RSS"
              },
              {
                "name": "USN-4239-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4239-1/"
              },
              {
                "name": "openSUSE-SU-2020:0080",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
              },
              {
                "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/27"
              },
              {
                "name": "DSA-4626",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4626"
              },
              {
                "name": "DSA-4628",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4628"
              },
              {
                "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/31"
              },
              {
                "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2021/Jan/3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PHP",
              "vendor": "PHP Group",
              "versions": [
                {
                  "lessThan": "7.2.26",
                  "status": "affected",
                  "version": "7.2.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.13",
                  "status": "affected",
                  "version": "7.3.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.4.1",
                  "status": "affected",
                  "version": "7.4.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Submitted by thomas-josef dot riedmaier at siemens dot com"
            }
          ],
          "datePublic": "2019-12-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren\u0027t ASCII numbers. This can read to disclosure of the content of some memory locations."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-22T17:06:40.000Z",
            "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
            "shortName": "php"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.php.net/bug.php?id=78878"
            },
            {
              "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
            },
            {
              "name": "FEDORA-2019-437d94e271",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
            },
            {
              "name": "FEDORA-2019-a54a622670",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.f5.com/csp/article/K48866433?utm_source=f5support\u0026amp%3Butm_medium=RSS"
            },
            {
              "name": "USN-4239-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4239-1/"
            },
            {
              "name": "openSUSE-SU-2020:0080",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
            },
            {
              "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/27"
            },
            {
              "name": "DSA-4626",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4626"
            },
            {
              "name": "DSA-4628",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4628"
            },
            {
              "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/31"
            },
            {
              "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2021/Jan/3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ],
          "source": {
            "defect": [
              "https://bugs.php.net/bug.php?id=78878"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Buffer underflow in bc_shift_addsub",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@php.net",
              "DATE_PUBLIC": "2019-12-17T03:02:00.000Z",
              "ID": "CVE-2019-11046",
              "STATE": "PUBLIC",
              "TITLE": "Buffer underflow in bc_shift_addsub"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PHP",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.2.x",
                                "version_value": "7.2.26"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.3.x",
                                "version_value": "7.3.13"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.4.x",
                                "version_value": "7.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "PHP Group"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Submitted by thomas-josef dot riedmaier at siemens dot com"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren\u0027t ASCII numbers. This can read to disclosure of the content of some memory locations."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-125 Out-of-bounds Read"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.php.net/bug.php?id=78878",
                  "refsource": "MISC",
                  "url": "https://bugs.php.net/bug.php?id=78878"
                },
                {
                  "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200103-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
                },
                {
                  "name": "FEDORA-2019-437d94e271",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
                },
                {
                  "name": "FEDORA-2019-a54a622670",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
                },
                {
                  "name": "https://support.f5.com/csp/article/K48866433?utm_source=f5support\u0026amp;utm_medium=RSS",
                  "refsource": "CONFIRM",
                  "url": "https://support.f5.com/csp/article/K48866433?utm_source=f5support\u0026amp;utm_medium=RSS"
                },
                {
                  "name": "USN-4239-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4239-1/"
                },
                {
                  "name": "openSUSE-SU-2020:0080",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
                },
                {
                  "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/27"
                },
                {
                  "name": "DSA-4626",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4626"
                },
                {
                  "name": "DSA-4628",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4628"
                },
                {
                  "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/31"
                },
                {
                  "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2021/Jan/3"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2021-14",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2021-14"
                }
              ]
            },
            "source": {
              "defect": [
                "https://bugs.php.net/bug.php?id=78878"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "assignerShortName": "php",
        "cveId": "CVE-2019-11046",
        "datePublished": "2019-12-23T02:40:17.526Z",
        "dateReserved": "2019-04-09T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:52:45.661Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11045 (GCVE-0-2019-11045)

    Vulnerability from cvelistv5 – Published: 2019-12-23 02:40 – Updated: 2024-09-16 17:32
    VLAI
    Title
    DirectoryIterator class silently truncates after a null byte
    Summary
    In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
    CWE
    • CWE-170 - Improper Null Termination
    Assigner
    php
    References
    URL Tags
    https://bugs.php.net/bug.php?id=78863 x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://security.netapp.com/advisory/ntap-2020010… x_refsource_CONFIRM
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORA
    https://usn.ubuntu.com/4239-1/ vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://seclists.org/bugtraq/2020/Feb/27 mailing-listx_refsource_BUGTRAQ
    https://www.debian.org/security/2020/dsa-4626 vendor-advisoryx_refsource_DEBIAN
    https://www.debian.org/security/2020/dsa-4628 vendor-advisoryx_refsource_DEBIAN
    https://seclists.org/bugtraq/2020/Feb/31 mailing-listx_refsource_BUGTRAQ
    https://seclists.org/bugtraq/2021/Jan/3 mailing-listx_refsource_BUGTRAQ
    https://www.tenable.com/security/tns-2021-14 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    PHP Group PHP Affected: 7.2.x , < 7.2.26 (custom)
    Affected: 7.3.x , < 7.3.13 (custom)
    Affected: 7.4.x , < 7.4.1 (custom)
    Create a notification for this product.
    Date Public
    2019-12-17 00:00
    Credits
    Submitted by ryat at php.net
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:40:16.106Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.php.net/bug.php?id=78863"
              },
              {
                "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
              },
              {
                "name": "FEDORA-2019-437d94e271",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
              },
              {
                "name": "FEDORA-2019-a54a622670",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
              },
              {
                "name": "USN-4239-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4239-1/"
              },
              {
                "name": "openSUSE-SU-2020:0080",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
              },
              {
                "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/27"
              },
              {
                "name": "DSA-4626",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4626"
              },
              {
                "name": "DSA-4628",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4628"
              },
              {
                "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2020/Feb/31"
              },
              {
                "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2021/Jan/3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PHP",
              "vendor": "PHP Group",
              "versions": [
                {
                  "lessThan": "7.2.26",
                  "status": "affected",
                  "version": "7.2.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.13",
                  "status": "affected",
                  "version": "7.3.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.4.1",
                  "status": "affected",
                  "version": "7.4.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Submitted by ryat at php.net"
            }
          ],
          "datePublic": "2019-12-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-170",
                  "description": "CWE-170 Improper Null Termination",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-22T17:06:43.000Z",
            "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
            "shortName": "php"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.php.net/bug.php?id=78863"
            },
            {
              "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
            },
            {
              "name": "FEDORA-2019-437d94e271",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
            },
            {
              "name": "FEDORA-2019-a54a622670",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
            },
            {
              "name": "USN-4239-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4239-1/"
            },
            {
              "name": "openSUSE-SU-2020:0080",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
            },
            {
              "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/27"
            },
            {
              "name": "DSA-4626",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4626"
            },
            {
              "name": "DSA-4628",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4628"
            },
            {
              "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2020/Feb/31"
            },
            {
              "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2021/Jan/3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ],
          "source": {
            "defect": [
              "https://bugs.php.net/bug.php?id=78863"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "DirectoryIterator class silently truncates after a null byte",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@php.net",
              "DATE_PUBLIC": "2019-12-17T03:02:00.000Z",
              "ID": "CVE-2019-11045",
              "STATE": "PUBLIC",
              "TITLE": "DirectoryIterator class silently truncates after a null byte"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PHP",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.2.x",
                                "version_value": "7.2.26"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.3.x",
                                "version_value": "7.3.13"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.4.x",
                                "version_value": "7.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "PHP Group"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Submitted by ryat at php.net"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-170 Improper Null Termination"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.php.net/bug.php?id=78863",
                  "refsource": "MISC",
                  "url": "https://bugs.php.net/bug.php?id=78863"
                },
                {
                  "name": "[debian-lts-announce] 20191229 [SECURITY] [DLA 2050-1] php5 security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200103-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
                },
                {
                  "name": "FEDORA-2019-437d94e271",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
                },
                {
                  "name": "FEDORA-2019-a54a622670",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
                },
                {
                  "name": "USN-4239-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4239-1/"
                },
                {
                  "name": "openSUSE-SU-2020:0080",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html"
                },
                {
                  "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/27"
                },
                {
                  "name": "DSA-4626",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4626"
                },
                {
                  "name": "DSA-4628",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2020/dsa-4628"
                },
                {
                  "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2020/Feb/31"
                },
                {
                  "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2021/Jan/3"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2021-14",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2021-14"
                }
              ]
            },
            "source": {
              "defect": [
                "https://bugs.php.net/bug.php?id=78863"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "assignerShortName": "php",
        "cveId": "CVE-2019-11045",
        "datePublished": "2019-12-23T02:40:17.130Z",
        "dateReserved": "2019-04-09T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:32:41.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11044 (GCVE-0-2019-11044)

    Vulnerability from cvelistv5 – Published: 2019-12-23 02:40 – Updated: 2024-09-17 01:47
    VLAI
    Title
    link() silently truncates after a null byte on Windows
    Summary
    In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
    CWE
    • CWE-170 - Improper Null Termination
    Assigner
    php
    References
    Impacted products
    Vendor Product Version
    PHP Group PHP Affected: 7.2.x , < 7.2.26 (custom)
    Affected: 7.3.x , < 7.3.13 (custom)
    Affected: 7.4.x , < 7.4.1 (custom)
    Create a notification for this product.
    Date Public
    2019-12-17 00:00
    Credits
    Submitted by ryat at php.net
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:40:16.115Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.php.net/bug.php?id=78862"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
              },
              {
                "name": "FEDORA-2019-437d94e271",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
              },
              {
                "name": "FEDORA-2019-a54a622670",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-14"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Windows"
              ],
              "product": "PHP",
              "vendor": "PHP Group",
              "versions": [
                {
                  "lessThan": "7.2.26",
                  "status": "affected",
                  "version": "7.2.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.13",
                  "status": "affected",
                  "version": "7.3.x",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.4.1",
                  "status": "affected",
                  "version": "7.4.x",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Submitted by ryat at php.net"
            }
          ],
          "datePublic": "2019-12-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-170",
                  "description": "CWE-170 Improper Null Termination",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-22T17:06:21.000Z",
            "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
            "shortName": "php"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.php.net/bug.php?id=78862"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
            },
            {
              "name": "FEDORA-2019-437d94e271",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
            },
            {
              "name": "FEDORA-2019-a54a622670",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ],
          "source": {
            "defect": [
              "https://bugs.php.net/bug.php?id=78862"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "link() silently truncates after a null byte on Windows",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@php.net",
              "DATE_PUBLIC": "2019-12-17T03:02:00.000Z",
              "ID": "CVE-2019-11044",
              "STATE": "PUBLIC",
              "TITLE": "link() silently truncates after a null byte on Windows"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PHP",
                          "version": {
                            "version_data": [
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "7.2.x",
                                "version_value": "7.2.26"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "7.3.x",
                                "version_value": "7.3.13"
                              },
                              {
                                "platform": "Windows",
                                "version_affected": "\u003c",
                                "version_name": "7.4.x",
                                "version_value": "7.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "PHP Group"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Submitted by ryat at php.net"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \\0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-170 Improper Null Termination"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.php.net/bug.php?id=78862",
                  "refsource": "MISC",
                  "url": "https://bugs.php.net/bug.php?id=78862"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200103-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200103-0002/"
                },
                {
                  "name": "FEDORA-2019-437d94e271",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/"
                },
                {
                  "name": "FEDORA-2019-a54a622670",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2021-14",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2021-14"
                }
              ]
            },
            "source": {
              "defect": [
                "https://bugs.php.net/bug.php?id=78862"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "assignerShortName": "php",
        "cveId": "CVE-2019-11044",
        "datePublished": "2019-12-23T02:40:16.742Z",
        "dateReserved": "2019-04-09T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:47:06.457Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1155 (GCVE-0-2018-1155)

    Vulnerability from cvelistv5 – Published: 2018-08-02 19:00 – Updated: 2024-09-17 01:32
    VLAI
    Summary
    In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Scripting (XSS)
    Assigner
    References
    URL Tags
    https://www.tenable.com/security/tns-2018-11 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1041431 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Tenable SecurityCenter Affected: All versions prior to 5.7.0
    Create a notification for this product.
    Date Public
    2018-07-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:51:48.853Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2018-11"
              },
              {
                "name": "1041431",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041431"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SecurityCenter",
              "vendor": "Tenable",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 5.7.0"
                }
              ]
            }
          ],
          "datePublic": "2018-07-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-12T09:57:01.000Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2018-11"
            },
            {
              "name": "1041431",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041431"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnreport@tenable.com",
              "DATE_PUBLIC": "2018-07-31T00:00:00",
              "ID": "CVE-2018-1155",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SecurityCenter",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 5.7.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Tenable"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In SecurityCenter versions prior to 5.7.0, a cross-site scripting (XSS) issue could allow an authenticated attacker to inject JavaScript code into an image filename parameter within the Reports feature area. Properly updated input validation techniques have been implemented to correct this issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tenable.com/security/tns-2018-11",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2018-11"
                },
                {
                  "name": "1041431",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041431"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2018-1155",
        "datePublished": "2018-08-02T19:00:00.000Z",
        "dateReserved": "2017-12-05T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:32:05.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1154 (GCVE-0-2018-1154)

    Vulnerability from cvelistv5 – Published: 2018-08-02 19:00 – Updated: 2024-09-16 17:42
    VLAI
    Summary
    In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue.
    Severity
    No CVSS data available.
    CWE
    • Username Enumeration
    Assigner
    References
    URL Tags
    https://www.tenable.com/security/tns-2018-11 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1041431 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Tenable SecurityCenter Affected: All versions prior to 5.7.0
    Create a notification for this product.
    Date Public
    2018-07-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:51:48.873Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2018-11"
              },
              {
                "name": "1041431",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1041431"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SecurityCenter",
              "vendor": "Tenable",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 5.7.0"
                }
              ]
            }
          ],
          "datePublic": "2018-07-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Username Enumeration",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-12T09:57:01.000Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2018-11"
            },
            {
              "name": "1041431",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1041431"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnreport@tenable.com",
              "DATE_PUBLIC": "2018-07-31T00:00:00",
              "ID": "CVE-2018-1154",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SecurityCenter",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 5.7.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Tenable"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Username Enumeration"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tenable.com/security/tns-2018-11",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2018-11"
                },
                {
                  "name": "1041431",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1041431"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2018-1154",
        "datePublished": "2018-08-02T19:00:00.000Z",
        "dateReserved": "2017-12-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:42:52.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11508 (GCVE-0-2017-11508)

    Vulnerability from cvelistv5 – Published: 2017-11-02 17:00 – Updated: 2024-09-16 20:06
    VLAI
    Summary
    SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access.
    Severity
    No CVSS data available.
    CWE
    • SQL Injection
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1039804 vdb-entryx_refsource_SECTRACK
    https://www.tenable.com/security/tns-2017-13 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Tenable SecurityCenter Affected: 5.5.0, 5.5.1 and 5.5.2
    Create a notification for this product.
    Date Public
    2017-11-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:12:40.233Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1039804",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039804"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2017-13"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SecurityCenter",
              "vendor": "Tenable",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.5.0, 5.5.1 and 5.5.2"
                }
              ]
            }
          ],
          "datePublic": "2017-11-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-11-18T10:57:01.000Z",
            "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
            "shortName": "tenable"
          },
          "references": [
            {
              "name": "1039804",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039804"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2017-13"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vulnreport@tenable.com",
              "DATE_PUBLIC": "2017-11-01T00:00:00",
              "ID": "CVE-2017-11508",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SecurityCenter",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.5.0, 5.5.1 and 5.5.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Tenable"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1039804",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039804"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2017-13",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2017-13"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "assignerShortName": "tenable",
        "cveId": "CVE-2017-11508",
        "datePublished": "2017-11-02T17:00:00.000Z",
        "dateReserved": "2017-07-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:06:45.238Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5911 (GCVE-0-2013-5911)

    Vulnerability from cvelistv5 – Published: 2013-09-24 10:00 – Updated: 2024-09-17 02:06
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://discussions.nessus.org/message/22174#22174 x_refsource_CONFIRM
    http://www.osvdb.org/97584 vdb-entryx_refsource_OSVDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:29:42.766Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://discussions.nessus.org/message/22174#22174"
              },
              {
                "name": "97584",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/97584"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-09-24T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://discussions.nessus.org/message/22174#22174"
            },
            {
              "name": "97584",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/97584"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-5911",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://discussions.nessus.org/message/22174#22174",
                  "refsource": "CONFIRM",
                  "url": "https://discussions.nessus.org/message/22174#22174"
                },
                {
                  "name": "97584",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/97584"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-5911",
        "datePublished": "2013-09-24T10:00:00.000Z",
        "dateReserved": "2013-09-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:06:46.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }