The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of PHP

cybersecurity vulnerability 30207

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Severity: 2/4.
Creation date: 30/08/2019.
Identifiers: CERTFR-2019-AVI-416, VIGILANCE-VUL-30207.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of PHP.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2019-13224

Oniguruma: use after free via onig_new_deluxe

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via onig_new_deluxe() of Oniguruma, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 17/07/2019.
Identifiers: bulletinoct2019, CVE-2019-13224, DLA-1854-1, FEDORA-2019-3f3d0953db, FEDORA-2019-5409bb5e68, USN-4088-1, VIGILANCE-VUL-29806.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via onig_new_deluxe() of Oniguruma, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

weakness 29367

PHP: privilege escalation via /proc/self/mem

Synthesis of the vulnerability

An attacker can change the interpreter configuration by writing to its memory via /proc/self/mem of PHP, in order to escalate his privileges.
Severity: 1/4.
Creation date: 21/05/2019.
Identifiers: VIGILANCE-VUL-29367.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can change the interpreter configuration by writing to its memory via /proc/self/mem of PHP, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

security threat CVE-2019-11036

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Severity: 2/4.
Creation date: 02/05/2019.
Identifiers: CERTFR-2019-AVI-194, CVE-2019-11036, DLA-1803-1, DSA-4527-1, DSA-4529-1, FEDORA-2019-6350c4e21a, FEDORA-2019-6e325234a4, FEDORA-2019-bab3944fee, openSUSE-SU-2019:1501-1, openSUSE-SU-2019:1503-1, openSUSE-SU-2019:1572-1, openSUSE-SU-2019:1573-1, RHSA-2019:2519-01, RHSA-2019:3299-01, SUSE-SU-2019:1325-1, SUSE-SU-2019:1360-1, SUSE-SU-2019:1365-1, SUSE-SU-2019:1461-1, VIGILANCE-VUL-29205.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of PHP.
Full Vigil@nce bulletin... (Free trial)

computer weakness note CVE-2019-11034 CVE-2019-11035

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/04/2019.
Identifiers: 77753, 77831, CERTFR-2019-AVI-146, CVE-2019-11034, CVE-2019-11035, DLA-1803-1, DSA-4529-1, FEDORA-2019-253da50ddd, FEDORA-2019-da36d5d484, ibm10882572, openSUSE-SU-2019:1501-1, openSUSE-SU-2019:1503-1, openSUSE-SU-2019:1572-1, openSUSE-SU-2019:1573-1, RHSA-2019:2519-01, RHSA-2019:3299-01, SUSE-SU-2019:1325-1, SUSE-SU-2019:1360-1, SUSE-SU-2019:1365-1, SUSE-SU-2019:1461-1, USN-3953-1, USN-3953-2, VIGILANCE-VUL-28944.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of PHP.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2019-9020 CVE-2019-9021 CVE-2019-9022

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 6.
Creation date: 10/01/2019.
Identifiers: CERTFR-2019-AVI-016, CVE-2019-9020, CVE-2019-9021, CVE-2019-9022, CVE-2019-9023, CVE-2019-9024, CVE-2019-9025, DLA-1679-1, DSA-4398-1, FEDORA-2019-a6511b0eed, FEDORA-2019-aa6036fcb3, openSUSE-SU-2019:0207-1, openSUSE-SU-2019:0276-1, openSUSE-SU-2019:1256-1, openSUSE-SU-2019:1293-1, openSUSE-SU-2019:1572-1, openSUSE-SU-2019:1573-1, RHSA-2019:2519-01, RHSA-2019:3299-01, SSA:2019-038-01, SUSE-SU-2019:0333-1, SUSE-SU-2019:0449-1, SUSE-SU-2019:0985-1, SUSE-SU-2019:13961-1, SUSE-SU-2019:14013-1, SUSE-SU-2019:1461-1, USN-3902-1, USN-3902-2, VIGILANCE-VUL-28216.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of PHP.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-19935

PHP: NULL pointer dereference via imap_mail

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via imap_mail() of PHP, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 10/12/2018.
Identifiers: 77020, CVE-2018-19935, DLA-1608-1, DSA-4353-1, openSUSE-SU-2019:0207-1, openSUSE-SU-2019:1572-1, openSUSE-SU-2019:1573-1, SUSE-SU-2019:0333-1, SUSE-SU-2019:1461-1, VIGILANCE-VUL-27988.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via imap_mail() of PHP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-20783

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Severity: 2/4.
Creation date: 06/12/2018.
Identifiers: CERTFR-2018-AVI-588, CVE-2018-20783, FEDORA-2018-7ebfe1e6f2, FEDORA-2018-dfe1f0bac6, openSUSE-SU-2019:1256-1, openSUSE-SU-2019:1293-1, openSUSE-SU-2019:1572-1, openSUSE-SU-2019:1573-1, RHSA-2019:2519-01, RHSA-2019:3299-01, SSA:2018-341-01, SUSE-SU-2019:0985-1, SUSE-SU-2019:14013-1, SUSE-SU-2019:1461-1, VIGILANCE-VUL-27977.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of PHP.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2018-19518

PHP: code execution via imap_open Server Name

Synthesis of the vulnerability

An attacker can use a vulnerability via imap_open() Server Name of PHP, in order to run code.
Severity: 2/4.
Creation date: 23/11/2018.
Identifiers: 77153, bulletinjan2019, CVE-2018-19518, DLA-1608-1, DLA-1700-1, DSA-4353-1, FEDORA-2018-7ebfe1e6f2, FEDORA-2018-dfe1f0bac6, openSUSE-SU-2018:4030-1, openSUSE-SU-2018:4038-1, SSA:2018-341-01, SUSE-SU-2018:3986-1, SUSE-SU-2018:3988-1, SUSE-SU-2018:3995-1, USN-4160-1, VIGILANCE-VUL-27866.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via imap_open() Server Name of PHP, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-19395 CVE-2018-19396

PHP: NULL pointer dereference via Unserializing COM Objects

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via Unserializing COM Objects of PHP, in order to trigger a denial of service.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 21/11/2018.
Identifiers: 77177, CVE-2018-19395, CVE-2018-19396, VIGILANCE-VUL-27855.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via Unserializing COM Objects of PHP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about PHP: