The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of PHP

computer vulnerability bulletin CVE-2018-19935

PHP: NULL pointer dereference via imap_mail

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via imap_mail() of PHP, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, PHP, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 10/12/2018.
Identifiers: 77020, CVE-2018-19935, DLA-1608-1, DSA-4353-1, openSUSE-SU-2019:0207-1, SUSE-SU-2019:0333-1, VIGILANCE-VUL-27988.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via imap_mail() of PHP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-20783

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Fedora, openSUSE Leap, PHP, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, data creation/edition.
Provenance: document.
Creation date: 06/12/2018.
Identifiers: CERTFR-2018-AVI-588, CVE-2018-20783, FEDORA-2018-7ebfe1e6f2, FEDORA-2018-dfe1f0bac6, openSUSE-SU-2019:1256-1, openSUSE-SU-2019:1293-1, SSA:2018-341-01, SUSE-SU-2019:0985-1, SUSE-SU-2019:14013-1, VIGILANCE-VUL-27977.

Description of the vulnerability

An attacker can use several vulnerabilities of PHP.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-19518

PHP: code execution via imap_open Server Name

Synthesis of the vulnerability

An attacker can use a vulnerability via imap_open() Server Name of PHP, in order to run code.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, PHP, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 23/11/2018.
Identifiers: 77153, bulletinjan2019, CVE-2018-19518, DLA-1608-1, DLA-1700-1, DSA-4353-1, FEDORA-2018-7ebfe1e6f2, FEDORA-2018-dfe1f0bac6, openSUSE-SU-2018:4030-1, openSUSE-SU-2018:4038-1, SSA:2018-341-01, SUSE-SU-2018:3986-1, SUSE-SU-2018:3988-1, SUSE-SU-2018:3995-1, VIGILANCE-VUL-27866.

Description of the vulnerability

An attacker can use a vulnerability via imap_open() Server Name of PHP, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-19395 CVE-2018-19396

PHP: NULL pointer dereference via Unserializing COM Objects

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via Unserializing COM Objects of PHP, in order to trigger a denial of service.
Impacted products: PHP.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 21/11/2018.
Identifiers: 77177, CVE-2018-19395, CVE-2018-19396, VIGILANCE-VUL-27855.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via Unserializing COM Objects of PHP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 27802

PHP: memory leak via Garbage Collector Cyclic Reference

Synthesis of the vulnerability

An attacker can create a memory leak via Garbage Collector Cyclic Reference of PHP, in order to trigger a denial of service.
Impacted products: Fedora, PHP.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 16/11/2018.
Identifiers: 76946, FEDORA-2018-08ceba4f8f, FEDORA-2018-6855bf9ff3, VIGILANCE-VUL-27802.

Description of the vulnerability

An attacker can create a memory leak via Garbage Collector Cyclic Reference of PHP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 27488

PHP: memory corruption via method_exists

Synthesis of the vulnerability

An attacker can generate a memory corruption via method_exists() of PHP, in order to trigger a denial of service, and possibly to run code.
Impacted products: PHP.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 11/10/2018.
Identifiers: 76901, VIGILANCE-VUL-27488.

Description of the vulnerability

An attacker can generate a memory corruption via method_exists() of PHP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-17082

PHP: Cross Site Scripting via Transfer-Encoding Chunked

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Transfer-Encoding Chunked of PHP, in order to run JavaScript code in the context of the web site.
Impacted products: Debian, openSUSE Leap, Solaris, PHP, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 13/09/2018.
Identifiers: 76582, bulletinoct2018, CERTFR-2018-AVI-439, CVE-2018-17082, DLA-1509-1, DSA-4353-1, openSUSE-SU-2018:2929-1, openSUSE-SU-2018:3056-1, openSUSE-SU-2018:3062-1, SSA:2018-257-01, SUSE-SU-2018:2887-1, SUSE-SU-2018:3016-1, SUSE-SU-2018:3017-1, SUSE-SU-2018:3018-1, VIGILANCE-VUL-27229.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via Transfer-Encoding Chunked of PHP, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-9118

PHP: out-of-bounds memory reading via php_pcre_replace_impl

Synthesis of the vulnerability

An attacker can force a read at an invalid address via php_pcre_replace_impl of PHP, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: openSUSE Leap, PHP, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 07/09/2018.
Identifiers: 74604, CVE-2017-9118, openSUSE-SU-2018:2648-1, openSUSE-SU-2018:2694-1, SUSE-SU-2018:2640-1, SUSE-SU-2018:2681-1, SUSE-SU-2018:2682-1, VIGILANCE-VUL-27175.

Description of the vulnerability

An attacker can force a read at an invalid address via php_pcre_replace_impl of PHP, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 27043

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: PHP.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 20/08/2018.
Identifiers: CERTFR-2018-AVI-401, VIGILANCE-VUL-27043.

Description of the vulnerability

An attacker can use several vulnerabilities of PHP.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-9120

PHP: integer overflow via mysqli_real_escape_string

Synthesis of the vulnerability

An attacker can generate an integer overflow via mysqli_real_escape_string() of PHP, in order to trigger a denial of service, and possibly to run code.
Impacted products: openSUSE Leap, PHP, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 16/08/2018.
Identifiers: 74544, CVE-2017-9120, openSUSE-SU-2018:2405-1, SUSE-SU-2018:2333-1, SUSE-SU-2018:2337-1, VIGILANCE-VUL-27020.

Description of the vulnerability

An attacker can generate an integer overflow via mysqli_real_escape_string() of PHP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about PHP: