The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of PHP

computer vulnerability announce 29367

PHP: privilege escalation via /proc/self/mem

Synthesis of the vulnerability

An attacker can change the interpreter configuration by writing to its memory via /proc/self/mem of PHP, in order to escalate his privileges.
Impacted products: PHP.
Severity: 1/4.
Consequences: privileged access/rights.
Provenance: user account.
Creation date: 21/05/2019.
Identifiers: VIGILANCE-VUL-29367.

Description of the vulnerability

An attacker can change the interpreter configuration by writing to its memory via /proc/self/mem of PHP, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2019-11036

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, Fedora, openSUSE Leap, PHP, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/05/2019.
Identifiers: CERTFR-2019-AVI-194, CVE-2019-11036, DLA-1803-1, FEDORA-2019-6350c4e21a, FEDORA-2019-6e325234a4, FEDORA-2019-bab3944fee, openSUSE-SU-2019:1501-1, openSUSE-SU-2019:1503-1, openSUSE-SU-2019:1572-1, openSUSE-SU-2019:1573-1, SUSE-SU-2019:1325-1, SUSE-SU-2019:1360-1, SUSE-SU-2019:1365-1, SUSE-SU-2019:1461-1, VIGILANCE-VUL-29205.

Description of the vulnerability

An attacker can use several vulnerabilities of PHP.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-11034 CVE-2019-11035

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, Fedora, IBM API Connect, openSUSE Leap, PHP, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/04/2019.
Identifiers: 77753, 77831, CERTFR-2019-AVI-146, CVE-2019-11034, CVE-2019-11035, DLA-1803-1, FEDORA-2019-253da50ddd, FEDORA-2019-da36d5d484, ibm10882572, openSUSE-SU-2019:1501-1, openSUSE-SU-2019:1503-1, openSUSE-SU-2019:1572-1, openSUSE-SU-2019:1573-1, SUSE-SU-2019:1325-1, SUSE-SU-2019:1360-1, SUSE-SU-2019:1365-1, SUSE-SU-2019:1461-1, USN-3953-1, USN-3953-2, VIGILANCE-VUL-28944.

Description of the vulnerability

An attacker can use several vulnerabilities of PHP.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-19935

PHP: NULL pointer dereference via imap_mail

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via imap_mail() of PHP, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, PHP, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 10/12/2018.
Identifiers: 77020, CVE-2018-19935, DLA-1608-1, DSA-4353-1, openSUSE-SU-2019:0207-1, openSUSE-SU-2019:1572-1, openSUSE-SU-2019:1573-1, SUSE-SU-2019:0333-1, SUSE-SU-2019:1461-1, VIGILANCE-VUL-27988.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via imap_mail() of PHP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-20783

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Fedora, openSUSE Leap, PHP, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, data creation/edition.
Provenance: document.
Creation date: 06/12/2018.
Identifiers: CERTFR-2018-AVI-588, CVE-2018-20783, FEDORA-2018-7ebfe1e6f2, FEDORA-2018-dfe1f0bac6, openSUSE-SU-2019:1256-1, openSUSE-SU-2019:1293-1, openSUSE-SU-2019:1572-1, openSUSE-SU-2019:1573-1, SSA:2018-341-01, SUSE-SU-2019:0985-1, SUSE-SU-2019:14013-1, SUSE-SU-2019:1461-1, VIGILANCE-VUL-27977.

Description of the vulnerability

An attacker can use several vulnerabilities of PHP.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-19518

PHP: code execution via imap_open Server Name

Synthesis of the vulnerability

An attacker can use a vulnerability via imap_open() Server Name of PHP, in order to run code.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, PHP, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights.
Provenance: user account.
Creation date: 23/11/2018.
Identifiers: 77153, bulletinjan2019, CVE-2018-19518, DLA-1608-1, DLA-1700-1, DSA-4353-1, FEDORA-2018-7ebfe1e6f2, FEDORA-2018-dfe1f0bac6, openSUSE-SU-2018:4030-1, openSUSE-SU-2018:4038-1, SSA:2018-341-01, SUSE-SU-2018:3986-1, SUSE-SU-2018:3988-1, SUSE-SU-2018:3995-1, VIGILANCE-VUL-27866.

Description of the vulnerability

An attacker can use a vulnerability via imap_open() Server Name of PHP, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-19395 CVE-2018-19396

PHP: NULL pointer dereference via Unserializing COM Objects

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via Unserializing COM Objects of PHP, in order to trigger a denial of service.
Impacted products: PHP.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 21/11/2018.
Identifiers: 77177, CVE-2018-19395, CVE-2018-19396, VIGILANCE-VUL-27855.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via Unserializing COM Objects of PHP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 27802

PHP: memory leak via Garbage Collector Cyclic Reference

Synthesis of the vulnerability

An attacker can create a memory leak via Garbage Collector Cyclic Reference of PHP, in order to trigger a denial of service.
Impacted products: Fedora, PHP.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 16/11/2018.
Identifiers: 76946, FEDORA-2018-08ceba4f8f, FEDORA-2018-6855bf9ff3, VIGILANCE-VUL-27802.

Description of the vulnerability

An attacker can create a memory leak via Garbage Collector Cyclic Reference of PHP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 27488

PHP: memory corruption via method_exists

Synthesis of the vulnerability

An attacker can generate a memory corruption via method_exists() of PHP, in order to trigger a denial of service, and possibly to run code.
Impacted products: PHP.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 11/10/2018.
Identifiers: 76901, VIGILANCE-VUL-27488.

Description of the vulnerability

An attacker can generate a memory corruption via method_exists() of PHP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-17082

PHP: Cross Site Scripting via Transfer-Encoding Chunked

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Transfer-Encoding Chunked of PHP, in order to run JavaScript code in the context of the web site.
Impacted products: Debian, openSUSE Leap, Solaris, PHP, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 13/09/2018.
Identifiers: 76582, bulletinoct2018, CERTFR-2018-AVI-439, CVE-2018-17082, DLA-1509-1, DSA-4353-1, openSUSE-SU-2018:2929-1, openSUSE-SU-2018:3056-1, openSUSE-SU-2018:3062-1, SSA:2018-257-01, SUSE-SU-2018:2887-1, SUSE-SU-2018:3016-1, SUSE-SU-2018:3017-1, SUSE-SU-2018:3018-1, VIGILANCE-VUL-27229.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via Transfer-Encoding Chunked of PHP, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about PHP: