Projet - Typo3 10.4

prod

Typo3 10.4

122 vulnérabilités sur 7 paquets ont été trouvés

1 paquets abandonnés ont été trouvés

Dernière analyse : il y a 15 heures

Pas de résultat.

122 vulnérabilités sur 7 paquets ont été trouvés

11 typo3/cms-core —— v10.4.37 +

high TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler

Versions affectées : =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Versions patchées : 8.7.57 9.5.46 10.4.43 11.5.35 12.4.11 13.0.1 https://github.com/advisories/GHSA-rj3x-wvc6-5j66

Signalée 13/02/2024

CVE-2024-25121

high TYPO3 Install Tool vulnerable to Code Execution

Signalée 13/02/2024

CVE-2024-22188

medium TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController

Versions affectées : >=13.0.0,<=13.1.0|>=12.0.0,<=12.4.14|>=11.0.0,<=11.5.36|>=10.0.0,<=10.4.44|>=9.0.0,<=9.5.47
Versions patchées : 9.5.48 10.4.45 11.5.37 12.4.15 13.1.1 https://github.com/advisories/GHSA-hw6c-6gwq-3m3m

Signalée 14/05/2024

CVE-2024-34357

medium TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module

Signalée 14/05/2024

CVE-2024-34356

medium TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key

Signalée 13/02/2024

CVE-2024-25119

medium TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme

Signalée 13/02/2024

CVE-2024-25120

medium TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords

Signalée 13/02/2024

CVE-2024-25118

medium TYPO3-CORE-SA-2023-006: Weak Authentication in Session Handling

Versions affectées : >=8.0.0,<8.7.55|>=9.0.0,<9.5.44|>=10.0.0,<10.4.41|>=11.0.0,<11.5.33|>=12.0.0,<12.4.8
Versions patchées : 8.7.55 9.5.44 10.4.41 11.5.33 12.4.8 https://typo3.org/security/advisory/typo3-core-sa-2023-006

Signalée 14/11/2023

CVE-2023-47127

medium TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController

Signalée 14/05/2024

CVE-2024-34358

medium Path Traversal in TYPO3 File Abstraction Layer Storages

Versions affectées : =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Versions patchées : https://github.com/advisories/GHSA-w6x2-jg8h-p6mp

Signalée 13/02/2024

CVE-2023-30451

low Information Disclosure due to Out-of-scope Site Resolution

Versions affectées : >=12.0.0,<12.4.4|>=11.0.0,<11.5.30|>=10.0.0,<10.4.39|>=9.4.0,<9.5.42
Versions patchées : 9.5.42 10.4.39 11.5.30 12.4.4 https://github.com/advisories/GHSA-jq6g-4v5m-wm9r

Signalée 25/07/2023

CVE-2023-38499

1 typo3/cms-rte-ckeditor —— v10.4.37 +

medium Cross-Site Scripting in CKEditor4 WordCount Plugin

Versions affectées : >=11.0.0,<11.5.30|>=10.0.0,<10.4.39|>=9.5.0,<9.5.42
Versions patchées : 9.5.42 10.4.39 11.5.30 https://github.com/advisories/GHSA-m8fw-p3cr-6jqc

Signalée 25/07/2023

2 typo3/cms-backend —— v10.4.37 +

low Information Disclosure in TYPO3 Page Tree

Versions affectées : <11.5.40|>=12.0.0,<12.4.21|>=13.0.0,<13.3.1
Versions patchées : 13.3.1 12.4.21 11.5.40 https://github.com/advisories/GHSA-rf5m-h8q9-9w6q

Signalée 08/10/2024

CVE-2024-47780

low Denial of Service in TYPO3 Bookmark Toolbar

Versions affectées : >=10.0.0,<=10.4.45|>=11.0.0,<=11.5.39|>=12.0.0,<12.4.20|=13.0.0
Versions patchées : 13.3.1 12.4.21 11.5.40 10.4.46 https://github.com/advisories/GHSA-ffcv-v6pw-qhrp

Signalée 08/10/2024

CVE-2024-34537

1 symfony/http-foundation —— v4.4.49 +

low CVE-2024-50345: Open redirect via browser-sanitized URLs

Versions affectées : >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2.0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.46|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,<6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.14|>=7.0.0,<7.1.0|>=7.1.0,<7.1.7
Versions patchées : 5.4.46 6.4.14 7.1.7 5.4.46 6.4.14 7.1.7 https://symfony.com/cve-2024-50345

Signalée 05/11/2024

CVE-2024-50345

1 symfony/process —— v4.4.44 +

high CVE-2024-51736: Command execution hijack on Windows with Process class

Signalée 05/11/2024

CVE-2024-51736

60 PHP —— 7.2 +

critical ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.

* [http://www.openwall.com/lists/oss-security/2016/04/24/1](http://www.openwall.com/lists/oss-security/2016/04/24/1)
* [http://www.php.net/ChangeLog-5.php](http://www.php.net/ChangeLog-5.php)
* [https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817](https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817)
* [https://bugs.php.net/bug.php?id=64938](https://bugs.php.net/bug.php?id=64938)
* [http://www.securityfocus.com/bid/87470](http://www.securityfocus.com/bid/87470)
* [http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html](http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html)
* [http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html](http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html)
* [http://www.ubuntu.com/usn/USN-2952-1](http://www.ubuntu.com/usn/USN-2952-1)
* [http://www.ubuntu.com/usn/USN-2952-2](http://www.ubuntu.com/usn/USN-2952-2)
* [http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html](http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html)
* [http://rhn.redhat.com/errata/RHSA-2016-2750.html](http://rhn.redhat.com/errata/RHSA-2016-2750.html)
* [http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=de31324c221c1791b26350ba106cc26bad23ace9](http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=de31324c221c1791b26350ba106cc26bad23ace9)

Signalée 22/05/2016

CVE-2015-8866

critical The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.

* [https://bugs.php.net/bug.php?id=74577](https://bugs.php.net/bug.php?id=74577)
* [http://www.securityfocus.com/bid/98518](http://www.securityfocus.com/bid/98518)

Signalée 12/05/2017

CVE-2017-8923

critical exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.

* [https://bugs.php.net/bug.php?id=76409](https://bugs.php.net/bug.php?id=76409)
* [http://www.securityfocus.com/bid/104551](http://www.securityfocus.com/bid/104551)
* [https://usn.ubuntu.com/3702-1/](https://usn.ubuntu.com/3702-1/)
* [https://usn.ubuntu.com/3702-2/](https://usn.ubuntu.com/3702-2/)
* [https://security.netapp.com/advisory/ntap-20181109-0001/](https://security.netapp.com/advisory/ntap-20181109-0001/)

Signalée 26/06/2018

CVE-2018-12882

critical In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large string.

* [https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba](https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba)
* [https://bugs.php.net/bug.php?id=75981](https://bugs.php.net/bug.php?id=75981)
* [http://php.net/ChangeLog-7.php](http://php.net/ChangeLog-7.php)
* [http://www.securityfocus.com/bid/103204](http://www.securityfocus.com/bid/103204)
* [https://usn.ubuntu.com/3600-1/](https://usn.ubuntu.com/3600-1/)
* [https://lists.debian.org/debian-lts-announce/2018/03/msg00030.html](https://lists.debian.org/debian-lts-announce/2018/03/msg00030.html)
* [https://www.tenable.com/security/tns-2018-03](https://www.tenable.com/security/tns-2018-03)
* [https://usn.ubuntu.com/3600-2/](https://usn.ubuntu.com/3600-2/)
* [https://www.exploit-db.com/exploits/44846/](https://www.exploit-db.com/exploits/44846/)
* [https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html](https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html)
* [https://www.debian.org/security/2018/dsa-4240](https://www.debian.org/security/2018/dsa-4240)
* [http://www.securitytracker.com/id/1041607](http://www.securitytracker.com/id/1041607)
* [https://www.tenable.com/security/tns-2018-12](https://www.tenable.com/security/tns-2018-12)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)

Signalée 01/03/2018

CVE-2018-7584

critical When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

* [https://bugs.php.net/bug.php?id=77950](https://bugs.php.net/bug.php?id=77950)
* [http://www.securityfocus.com/bid/108177](http://www.securityfocus.com/bid/108177)
* [https://security.netapp.com/advisory/ntap-20190517-0003/](https://security.netapp.com/advisory/ntap-20190517-0003/)
* [https://usn.ubuntu.com/3566-2/](https://usn.ubuntu.com/3566-2/)
* [https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html](https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00010.html)
* [https://usn.ubuntu.com/4009-1/](https://usn.ubuntu.com/4009-1/)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)
* [https://seclists.org/bugtraq/2019/Sep/35](https://seclists.org/bugtraq/2019/Sep/35)
* [https://www.debian.org/security/2019/dsa-4527](https://www.debian.org/security/2019/dsa-4527)
* [https://seclists.org/bugtraq/2019/Sep/38](https://seclists.org/bugtraq/2019/Sep/38)
* [https://www.debian.org/security/2019/dsa-4529](https://www.debian.org/security/2019/dsa-4529)
* [https://access.redhat.com/errata/RHSA-2019:3299](https://access.redhat.com/errata/RHSA-2019:3299)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BY2XUUAN277LS7HKAOGL4DVGAELOJV3/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BY2XUUAN277LS7HKAOGL4DVGAELOJV3/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NFXYNCXZCPYT7ZN4ZLI5EPQQW44FRRO/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NFXYNCXZCPYT7ZN4ZLI5EPQQW44FRRO/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WN2HLPGEZEF4MFM5YC5FILZB5QEQFP3A/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WN2HLPGEZEF4MFM5YC5FILZB5QEQFP3A/)

Signalée 03/05/2019

CVE-2019-11036

critical Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.

* [https://bugs.php.net/bug.php?id=78069](https://bugs.php.net/bug.php?id=78069)
* [http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html](http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)
* [https://seclists.org/bugtraq/2019/Sep/35](https://seclists.org/bugtraq/2019/Sep/35)
* [https://www.debian.org/security/2019/dsa-4527](https://www.debian.org/security/2019/dsa-4527)
* [https://seclists.org/bugtraq/2019/Sep/38](https://seclists.org/bugtraq/2019/Sep/38)
* [https://www.debian.org/security/2019/dsa-4529](https://www.debian.org/security/2019/dsa-4529)
* [https://access.redhat.com/errata/RHSA-2019:3299](https://access.redhat.com/errata/RHSA-2019:3299)

Signalée 19/06/2019

CVE-2019-11039

critical When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

* [https://bugs.php.net/bug.php?id=77988](https://bugs.php.net/bug.php?id=77988)
* [http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html](http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00029.html)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)
* [https://seclists.org/bugtraq/2019/Sep/35](https://seclists.org/bugtraq/2019/Sep/35)
* [https://www.debian.org/security/2019/dsa-4527](https://www.debian.org/security/2019/dsa-4527)
* [https://seclists.org/bugtraq/2019/Sep/38](https://seclists.org/bugtraq/2019/Sep/38)
* [https://www.debian.org/security/2019/dsa-4529](https://www.debian.org/security/2019/dsa-4529)
* [https://access.redhat.com/errata/RHSA-2019:3299](https://access.redhat.com/errata/RHSA-2019:3299)

Signalée 19/06/2019

CVE-2019-11040

critical In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

* [https://github.com/neex/phuip-fpizdam](https://github.com/neex/phuip-fpizdam)
* [https://bugs.php.net/bug.php?id=78599](https://bugs.php.net/bug.php?id=78599)
* [https://usn.ubuntu.com/4166-1/](https://usn.ubuntu.com/4166-1/)
* [https://usn.ubuntu.com/4166-2/](https://usn.ubuntu.com/4166-2/)
* [https://www.debian.org/security/2019/dsa-4553](https://www.debian.org/security/2019/dsa-4553)
* [https://www.debian.org/security/2019/dsa-4552](https://www.debian.org/security/2019/dsa-4552)
* [https://security.netapp.com/advisory/ntap-20191031-0003/](https://security.netapp.com/advisory/ntap-20191031-0003/)
* [https://access.redhat.com/errata/RHSA-2019:3287](https://access.redhat.com/errata/RHSA-2019:3287)
* [https://access.redhat.com/errata/RHSA-2019:3286](https://access.redhat.com/errata/RHSA-2019:3286)
* [https://access.redhat.com/errata/RHSA-2019:3299](https://access.redhat.com/errata/RHSA-2019:3299)
* [https://access.redhat.com/errata/RHSA-2019:3300](https://access.redhat.com/errata/RHSA-2019:3300)
* [http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html](http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html)
* [https://access.redhat.com/errata/RHSA-2019:3724](https://access.redhat.com/errata/RHSA-2019:3724)
* [https://access.redhat.com/errata/RHSA-2019:3735](https://access.redhat.com/errata/RHSA-2019:3735)
* [https://access.redhat.com/errata/RHSA-2019:3736](https://access.redhat.com/errata/RHSA-2019:3736)
* [https://www.synology.com/security/advisory/Synology_SA_19_36](https://www.synology.com/security/advisory/Synology_SA_19_36)
* [http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html](http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html)
* [https://support.apple.com/kb/HT210919](https://support.apple.com/kb/HT210919)
* [https://seclists.org/bugtraq/2020/Jan/44](https://seclists.org/bugtraq/2020/Jan/44)
* [http://seclists.org/fulldisclosure/2020/Jan/40](http://seclists.org/fulldisclosure/2020/Jan/40)
* [https://access.redhat.com/errata/RHSA-2020:0322](https://access.redhat.com/errata/RHSA-2020:0322)
* [http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html](http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)
* [https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS](https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/)

Signalée 28/10/2019

CVE-2019-11043

critical A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.

* [https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55](https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55)
* [https://lists.debian.org/debian-lts-announce/2019/07/msg00013.html](https://lists.debian.org/debian-lts-announce/2019/07/msg00013.html)
* [https://usn.ubuntu.com/4088-1/](https://usn.ubuntu.com/4088-1/)
* [https://support.f5.com/csp/article/K00103182](https://support.f5.com/csp/article/K00103182)
* [https://security.gentoo.org/glsa/201911-03](https://security.gentoo.org/glsa/201911-03)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNL26OZSQRVLEO6JRNUVIMZTICXBNEQW/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNL26OZSQRVLEO6JRNUVIMZTICXBNEQW/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWCPDTZOIUKGMFAD5NAKUB7FPJFAIQN5/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWCPDTZOIUKGMFAD5NAKUB7FPJFAIQN5/)
* [https://support.f5.com/csp/article/K00103182?utm_source=f5support&amp%3Butm_medium=RSS](https://support.f5.com/csp/article/K00103182?utm_source=f5support&amp%3Butm_medium=RSS)

Signalée 10/07/2019

CVE-2019-13224

critical An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.

* [https://bugs.php.net/bug.php?id=77249](https://bugs.php.net/bug.php?id=77249)
* [https://bugs.php.net/bug.php?id=77242](https://bugs.php.net/bug.php?id=77242)
* [http://www.securityfocus.com/bid/107156](http://www.securityfocus.com/bid/107156)
* [https://www.debian.org/security/2019/dsa-4398](https://www.debian.org/security/2019/dsa-4398)
* [https://usn.ubuntu.com/3902-1/](https://usn.ubuntu.com/3902-1/)
* [https://usn.ubuntu.com/3902-2/](https://usn.ubuntu.com/3902-2/)
* [https://security.netapp.com/advisory/ntap-20190321-0001/](https://security.netapp.com/advisory/ntap-20190321-0001/)
* [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)
* [https://access.redhat.com/errata/RHSA-2019:3299](https://access.redhat.com/errata/RHSA-2019:3299)

Signalée 22/02/2019

CVE-2019-9020

critical An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.

* [https://bugs.php.net/bug.php?id=77247](https://bugs.php.net/bug.php?id=77247)
* [http://www.securityfocus.com/bid/107156](http://www.securityfocus.com/bid/107156)
* [http://www.securityfocus.com/bid/106747](http://www.securityfocus.com/bid/106747)
* [https://www.debian.org/security/2019/dsa-4398](https://www.debian.org/security/2019/dsa-4398)
* [https://usn.ubuntu.com/3902-1/](https://usn.ubuntu.com/3902-1/)
* [https://usn.ubuntu.com/3902-2/](https://usn.ubuntu.com/3902-2/)
* [https://security.netapp.com/advisory/ntap-20190321-0001/](https://security.netapp.com/advisory/ntap-20190321-0001/)
* [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)
* [https://access.redhat.com/errata/RHSA-2019:3299](https://access.redhat.com/errata/RHSA-2019:3299)

Signalée 22/02/2019

CVE-2019-9021

critical An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.

* [https://bugs.php.net/bug.php?id=77418](https://bugs.php.net/bug.php?id=77418)
* [https://bugs.php.net/bug.php?id=77394](https://bugs.php.net/bug.php?id=77394)
* [https://bugs.php.net/bug.php?id=77385](https://bugs.php.net/bug.php?id=77385)
* [https://bugs.php.net/bug.php?id=77382](https://bugs.php.net/bug.php?id=77382)
* [https://bugs.php.net/bug.php?id=77381](https://bugs.php.net/bug.php?id=77381)
* [https://bugs.php.net/bug.php?id=77371](https://bugs.php.net/bug.php?id=77371)
* [https://bugs.php.net/bug.php?id=77370](https://bugs.php.net/bug.php?id=77370)
* [http://www.securityfocus.com/bid/107156](http://www.securityfocus.com/bid/107156)
* [https://www.debian.org/security/2019/dsa-4398](https://www.debian.org/security/2019/dsa-4398)
* [https://usn.ubuntu.com/3902-1/](https://usn.ubuntu.com/3902-1/)
* [https://usn.ubuntu.com/3902-2/](https://usn.ubuntu.com/3902-2/)
* [https://security.netapp.com/advisory/ntap-20190321-0001/](https://security.netapp.com/advisory/ntap-20190321-0001/)
* [https://support.f5.com/csp/article/K06372014](https://support.f5.com/csp/article/K06372014)
* [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)
* [https://access.redhat.com/errata/RHSA-2019:3299](https://access.redhat.com/errata/RHSA-2019:3299)

Signalée 22/02/2019

CVE-2019-9023

critical An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.

* [https://bugs.php.net/bug.php?id=77509](https://bugs.php.net/bug.php?id=77509)
* [https://www.debian.org/security/2019/dsa-4403](https://www.debian.org/security/2019/dsa-4403)
* [https://usn.ubuntu.com/3922-1/](https://usn.ubuntu.com/3922-1/)
* [https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html](https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html)
* [https://usn.ubuntu.com/3922-2/](https://usn.ubuntu.com/3922-2/)
* [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html)
* [https://usn.ubuntu.com/3922-3/](https://usn.ubuntu.com/3922-3/)
* [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html)
* [https://security.netapp.com/advisory/ntap-20190502-0007/](https://security.netapp.com/advisory/ntap-20190502-0007/)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html)

Signalée 09/03/2019

CVE-2019-9641

critical When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.

* [https://bugs.php.net/bug.php?id=79099](https://bugs.php.net/bug.php?id=79099)
* [https://seclists.org/bugtraq/2020/Feb/27](https://seclists.org/bugtraq/2020/Feb/27)
* [https://www.debian.org/security/2020/dsa-4626](https://www.debian.org/security/2020/dsa-4626)
* [https://usn.ubuntu.com/4279-1/](https://usn.ubuntu.com/4279-1/)
* [https://seclists.org/bugtraq/2020/Feb/31](https://seclists.org/bugtraq/2020/Feb/31)
* [https://www.debian.org/security/2020/dsa-4628](https://www.debian.org/security/2020/dsa-4628)
* [https://security.netapp.com/advisory/ntap-20200221-0002/](https://security.netapp.com/advisory/ntap-20200221-0002/)
* [https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html](https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html)
* [http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html](http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html)
* [https://security.gentoo.org/glsa/202003-57](https://security.gentoo.org/glsa/202003-57)
* [https://www.oracle.com/security-alerts/cpujul2020.html](https://www.oracle.com/security-alerts/cpujul2020.html)
* [https://seclists.org/bugtraq/2021/Jan/3](https://seclists.org/bugtraq/2021/Jan/3)
* [https://www.oracle.com/security-alerts/cpuApr2021.html](https://www.oracle.com/security-alerts/cpuApr2021.html)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)

Signalée 10/02/2020

CVE-2020-7059

critical When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.

* [https://bugs.php.net/bug.php?id=79037](https://bugs.php.net/bug.php?id=79037)
* [https://seclists.org/bugtraq/2020/Feb/27](https://seclists.org/bugtraq/2020/Feb/27)
* [https://www.debian.org/security/2020/dsa-4626](https://www.debian.org/security/2020/dsa-4626)
* [https://usn.ubuntu.com/4279-1/](https://usn.ubuntu.com/4279-1/)
* [https://seclists.org/bugtraq/2020/Feb/31](https://seclists.org/bugtraq/2020/Feb/31)
* [https://www.debian.org/security/2020/dsa-4628](https://www.debian.org/security/2020/dsa-4628)
* [https://security.netapp.com/advisory/ntap-20200221-0002/](https://security.netapp.com/advisory/ntap-20200221-0002/)
* [https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html](https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html)
* [http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html](http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html)
* [https://security.gentoo.org/glsa/202003-57](https://security.gentoo.org/glsa/202003-57)
* [https://www.oracle.com/security-alerts/cpujul2020.html](https://www.oracle.com/security-alerts/cpujul2020.html)
* [https://seclists.org/bugtraq/2021/Jan/3](https://seclists.org/bugtraq/2021/Jan/3)
* [https://www.oracle.com/security-alerts/cpuApr2021.html](https://www.oracle.com/security-alerts/cpuApr2021.html)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)

Signalée 10/02/2020

CVE-2020-7060

critical In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.

* [https://bugs.php.net/bug.php?id=79171](https://bugs.php.net/bug.php?id=79171)
* [https://security.gentoo.org/glsa/202003-57](https://security.gentoo.org/glsa/202003-57)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)

Signalée 27/02/2020

CVE-2020-7061

critical The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

* [https://news.ycombinator.com/item?id=33281106](https://news.ycombinator.com/item?id=33281106)
* [https://csrc.nist.gov/projects/hash-functions/sha-3-project](https://csrc.nist.gov/projects/hash-functions/sha-3-project)
* [https://mouha.be/sha-3-buffer-overflow/](https://mouha.be/sha-3-buffer-overflow/)
* [https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658](https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658)
* [https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html](https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html)
* [https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html](https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html)
* [https://www.debian.org/security/2022/dsa-5267](https://www.debian.org/security/2022/dsa-5267)
* [https://www.debian.org/security/2022/dsa-5269](https://www.debian.org/security/2022/dsa-5269)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/)
* [https://eprint.iacr.org/2023/331](https://eprint.iacr.org/2023/331)
* [https://news.ycombinator.com/item?id=35050307](https://news.ycombinator.com/item?id=35050307)
* [https://security.gentoo.org/glsa/202305-02](https://security.gentoo.org/glsa/202305-02)

Signalée 21/10/2022

CVE-2022-37454

critical In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

* [https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv](https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv)
* [https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html](https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html)
* [https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/](https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/)
* [https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/](https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/)
* [https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/](https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/)
* [https://github.com/11whoami99/CVE-2024-4577](https://github.com/11whoami99/CVE-2024-4577)
* [https://github.com/xcanwin/CVE-2024-4577-PHP-RCE](https://github.com/xcanwin/CVE-2024-4577-PHP-RCE)
* [https://github.com/rapid7/metasploit-framework/pull/19247](https://github.com/rapid7/metasploit-framework/pull/19247)
* [https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/](https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/)
* [https://github.com/watchtowrlabs/CVE-2024-4577](https://github.com/watchtowrlabs/CVE-2024-4577)
* [https://www.php.net/ChangeLog-8.php#8.1.29](https://www.php.net/ChangeLog-8.php#8.1.29)
* [https://www.php.net/ChangeLog-8.php#8.2.20](https://www.php.net/ChangeLog-8.php#8.2.20)
* [https://www.php.net/ChangeLog-8.php#8.3.8](https://www.php.net/ChangeLog-8.php#8.3.8)
* [https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately](https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately)
* [https://isc.sans.edu/diary/30994](https://isc.sans.edu/diary/30994)
* [http://www.openwall.com/lists/oss-security/2024/06/07/1](http://www.openwall.com/lists/oss-security/2024/06/07/1)
* [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/)
* [https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/)
* [https://security.netapp.com/advisory/ntap-20240621-0008/](https://security.netapp.com/advisory/ntap-20240621-0008/)

Signalée 09/06/2024

CVE-2024-4577

high An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.

* [https://bugs.php.net/bug.php?id=76249](https://bugs.php.net/bug.php?id=76249)
* [http://php.net/ChangeLog-7.php](http://php.net/ChangeLog-7.php)
* [http://php.net/ChangeLog-5.php](http://php.net/ChangeLog-5.php)
* [http://www.securityfocus.com/bid/104019](http://www.securityfocus.com/bid/104019)
* [http://www.securitytracker.com/id/1040807](http://www.securitytracker.com/id/1040807)
* [https://usn.ubuntu.com/3646-1/](https://usn.ubuntu.com/3646-1/)
* [https://security.netapp.com/advisory/ntap-20180607-0003/](https://security.netapp.com/advisory/ntap-20180607-0003/)
* [https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html](https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html)
* [https://www.debian.org/security/2018/dsa-4240](https://www.debian.org/security/2018/dsa-4240)
* [https://www.tenable.com/security/tns-2018-12](https://www.tenable.com/security/tns-2018-12)
* [https://security.gentoo.org/glsa/201812-01](https://security.gentoo.org/glsa/201812-01)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)

Signalée 29/04/2018

CVE-2018-10546

high An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.

* [https://bugs.php.net/bug.php?id=76248](https://bugs.php.net/bug.php?id=76248)
* [http://php.net/ChangeLog-7.php](http://php.net/ChangeLog-7.php)
* [http://php.net/ChangeLog-5.php](http://php.net/ChangeLog-5.php)
* [http://www.securityfocus.com/bid/104019](http://www.securityfocus.com/bid/104019)
* [http://www.securitytracker.com/id/1040807](http://www.securitytracker.com/id/1040807)
* [https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html](https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html)
* [https://usn.ubuntu.com/3646-1/](https://usn.ubuntu.com/3646-1/)
* [https://usn.ubuntu.com/3646-2/](https://usn.ubuntu.com/3646-2/)
* [https://security.netapp.com/advisory/ntap-20180607-0003/](https://security.netapp.com/advisory/ntap-20180607-0003/)
* [https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html](https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html)
* [https://www.debian.org/security/2018/dsa-4240](https://www.debian.org/security/2018/dsa-4240)
* [https://www.tenable.com/security/tns-2018-12](https://www.tenable.com/security/tns-2018-12)
* [https://security.gentoo.org/glsa/201812-01](https://security.gentoo.org/glsa/201812-01)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)
* [https://www.tenable.com/security/tns-2019-07](https://www.tenable.com/security/tns-2019-07)

Signalée 29/04/2018

CVE-2018-10548

high An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.

* [https://bugs.php.net/bug.php?id=76130](https://bugs.php.net/bug.php?id=76130)
* [http://php.net/ChangeLog-7.php](http://php.net/ChangeLog-7.php)
* [http://php.net/ChangeLog-5.php](http://php.net/ChangeLog-5.php)
* [http://www.securityfocus.com/bid/104019](http://www.securityfocus.com/bid/104019)
* [https://www.synology.com/support/security/Synology_SA_18_20](https://www.synology.com/support/security/Synology_SA_18_20)
* [http://www.securitytracker.com/id/1040807](http://www.securitytracker.com/id/1040807)
* [https://usn.ubuntu.com/3646-1/](https://usn.ubuntu.com/3646-1/)
* [https://security.netapp.com/advisory/ntap-20180607-0003/](https://security.netapp.com/advisory/ntap-20180607-0003/)
* [https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html](https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html)
* [https://www.debian.org/security/2018/dsa-4240](https://www.debian.org/security/2018/dsa-4240)
* [https://www.tenable.com/security/tns-2018-12](https://www.tenable.com/security/tns-2018-12)
* [https://security.gentoo.org/glsa/201812-01](https://security.gentoo.org/glsa/201812-01)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)

Signalée 29/04/2018

CVE-2018-10549

high An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.

* [https://bugs.php.net/bug.php?id=76423](https://bugs.php.net/bug.php?id=76423)
* [http://php.net/ChangeLog-7.php](http://php.net/ChangeLog-7.php)
* [http://php.net/ChangeLog-5.php](http://php.net/ChangeLog-5.php)
* [https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html](https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html)
* [https://usn.ubuntu.com/3766-1/](https://usn.ubuntu.com/3766-1/)
* [https://www.tenable.com/security/tns-2018-12](https://www.tenable.com/security/tns-2018-12)
* [https://usn.ubuntu.com/3766-2/](https://usn.ubuntu.com/3766-2/)
* [http://www.securityfocus.com/bid/104871](http://www.securityfocus.com/bid/104871)
* [https://security.netapp.com/advisory/ntap-20181107-0003/](https://security.netapp.com/advisory/ntap-20181107-0003/)
* [https://www.debian.org/security/2018/dsa-4353](https://www.debian.org/security/2018/dsa-4353)

Signalée 03/08/2018

CVE-2018-14883

high An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call.

* [https://bugs.php.net/bug.php?id=75535](https://bugs.php.net/bug.php?id=75535)
* [http://php.net/ChangeLog-7.php](http://php.net/ChangeLog-7.php)
* [https://security.netapp.com/advisory/ntap-20181107-0003/](https://security.netapp.com/advisory/ntap-20181107-0003/)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)

Signalée 03/08/2018

CVE-2018-14884

high An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories.

* [https://github.com/php/php-src/commit/f151e048ed27f6f4eef729f3310d053ab5da71d4](https://github.com/php/php-src/commit/f151e048ed27f6f4eef729f3310d053ab5da71d4)
* [https://bugs.php.net/bug.php?id=76459](https://bugs.php.net/bug.php?id=76459)
* [http://php.net/ChangeLog-7.php](http://php.net/ChangeLog-7.php)
* [http://php.net/ChangeLog-5.php](http://php.net/ChangeLog-5.php)
* [https://www.tenable.com/security/tns-2018-12](https://www.tenable.com/security/tns-2018-12)
* [https://security.netapp.com/advisory/ntap-20181107-0003/](https://security.netapp.com/advisory/ntap-20181107-0003/)

Signalée 07/08/2018

CVE-2018-15132

high University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.

* [https://www.openwall.com/lists/oss-security/2018/11/22/3](https://www.openwall.com/lists/oss-security/2018/11/22/3)
* [https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php](https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php)
* [https://bugs.php.net/bug.php?id=77160](https://bugs.php.net/bug.php?id=77160)
* [https://bugs.php.net/bug.php?id=77153](https://bugs.php.net/bug.php?id=77153)
* [https://bugs.php.net/bug.php?id=76428](https://bugs.php.net/bug.php?id=76428)
* [https://bugs.debian.org/913836](https://bugs.debian.org/913836)
* [https://bugs.debian.org/913835](https://bugs.debian.org/913835)
* [https://bugs.debian.org/913775](https://bugs.debian.org/913775)
* [https://antichat.com/threads/463395/#post-4254681](https://antichat.com/threads/463395/#post-4254681)
* [http://www.securitytracker.com/id/1042157](http://www.securitytracker.com/id/1042157)
* [http://www.securityfocus.com/bid/106018](http://www.securityfocus.com/bid/106018)
* [https://www.exploit-db.com/exploits/45914/](https://www.exploit-db.com/exploits/45914/)
* [https://www.debian.org/security/2018/dsa-4353](https://www.debian.org/security/2018/dsa-4353)
* [https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html](https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html)
* [https://security.netapp.com/advisory/ntap-20181221-0004/](https://security.netapp.com/advisory/ntap-20181221-0004/)
* [https://lists.debian.org/debian-lts-announce/2019/03/msg00001.html](https://lists.debian.org/debian-lts-announce/2019/03/msg00001.html)
* [https://usn.ubuntu.com/4160-1/](https://usn.ubuntu.com/4160-1/)
* [https://security.gentoo.org/glsa/202003-57](https://security.gentoo.org/glsa/202003-57)
* [https://lists.debian.org/debian-lts-announce/2021/12/msg00031.html](https://lists.debian.org/debian-lts-announce/2021/12/msg00031.html)
* [https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e5bfea64c81ae34816479bb05d17cdffe45adddb](https://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e5bfea64c81ae34816479bb05d17cdffe45adddb)

Signalée 25/11/2018

CVE-2018-19518

high ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.

* [https://bugs.php.net/bug.php?id=77020](https://bugs.php.net/bug.php?id=77020)
* [http://www.securityfocus.com/bid/106143](http://www.securityfocus.com/bid/106143)
* [https://www.debian.org/security/2018/dsa-4353](https://www.debian.org/security/2018/dsa-4353)
* [https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html](https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html)
* [https://security.netapp.com/advisory/ntap-20181221-0003/](https://security.netapp.com/advisory/ntap-20181221-0003/)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html)

Signalée 07/12/2018

CVE-2018-19935

high In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.

* [https://bugs.php.net/bug.php?id=77143](https://bugs.php.net/bug.php?id=77143)
* [http://php.net/ChangeLog-7.php](http://php.net/ChangeLog-7.php)
* [http://php.net/ChangeLog-5.php](http://php.net/ChangeLog-5.php)
* [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html)
* [https://usn.ubuntu.com/3566-2/](https://usn.ubuntu.com/3566-2/)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)
* [https://access.redhat.com/errata/RHSA-2019:3299](https://access.redhat.com/errata/RHSA-2019:3299)

Signalée 21/02/2019

CVE-2018-20783

high When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

* [https://bugs.php.net/bug.php?id=78222](https://bugs.php.net/bug.php?id=78222)
* [https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html](https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html)
* [https://usn.ubuntu.com/4097-2/](https://usn.ubuntu.com/4097-2/)
* [https://usn.ubuntu.com/4097-1/](https://usn.ubuntu.com/4097-1/)
* [https://security.netapp.com/advisory/ntap-20190822-0003/](https://security.netapp.com/advisory/ntap-20190822-0003/)
* [https://seclists.org/bugtraq/2019/Sep/35](https://seclists.org/bugtraq/2019/Sep/35)
* [https://www.debian.org/security/2019/dsa-4527](https://www.debian.org/security/2019/dsa-4527)
* [https://seclists.org/bugtraq/2019/Sep/38](https://seclists.org/bugtraq/2019/Sep/38)
* [https://www.debian.org/security/2019/dsa-4529](https://www.debian.org/security/2019/dsa-4529)
* [http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html](http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html)
* [https://support.apple.com/kb/HT210634](https://support.apple.com/kb/HT210634)
* [https://seclists.org/bugtraq/2019/Oct/9](https://seclists.org/bugtraq/2019/Oct/9)
* [http://seclists.org/fulldisclosure/2019/Oct/15](http://seclists.org/fulldisclosure/2019/Oct/15)
* [http://seclists.org/fulldisclosure/2019/Oct/55](http://seclists.org/fulldisclosure/2019/Oct/55)
* [https://access.redhat.com/errata/RHSA-2019:3299](https://access.redhat.com/errata/RHSA-2019:3299)
* [https://support.apple.com/kb/HT210722](https://support.apple.com/kb/HT210722)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)

Signalée 09/08/2019

CVE-2019-11041

high When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

* [https://bugs.php.net/bug.php?id=78256](https://bugs.php.net/bug.php?id=78256)
* [https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html](https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html)
* [https://usn.ubuntu.com/4097-2/](https://usn.ubuntu.com/4097-2/)
* [https://usn.ubuntu.com/4097-1/](https://usn.ubuntu.com/4097-1/)
* [https://security.netapp.com/advisory/ntap-20190822-0003/](https://security.netapp.com/advisory/ntap-20190822-0003/)
* [https://seclists.org/bugtraq/2019/Sep/35](https://seclists.org/bugtraq/2019/Sep/35)
* [https://www.debian.org/security/2019/dsa-4527](https://www.debian.org/security/2019/dsa-4527)
* [https://seclists.org/bugtraq/2019/Sep/38](https://seclists.org/bugtraq/2019/Sep/38)
* [https://www.debian.org/security/2019/dsa-4529](https://www.debian.org/security/2019/dsa-4529)
* [http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html](http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00019.html)
* [https://support.apple.com/kb/HT210634](https://support.apple.com/kb/HT210634)
* [https://seclists.org/bugtraq/2019/Oct/9](https://seclists.org/bugtraq/2019/Oct/9)
* [http://seclists.org/fulldisclosure/2019/Oct/15](http://seclists.org/fulldisclosure/2019/Oct/15)
* [http://seclists.org/fulldisclosure/2019/Oct/55](http://seclists.org/fulldisclosure/2019/Oct/55)
* [https://access.redhat.com/errata/RHSA-2019:3299](https://access.redhat.com/errata/RHSA-2019:3299)
* [https://support.apple.com/kb/HT210722](https://support.apple.com/kb/HT210722)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)

Signalée 09/08/2019

CVE-2019-11042

high In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

* [https://bugs.php.net/bug.php?id=78862](https://bugs.php.net/bug.php?id=78862)
* [https://security.netapp.com/advisory/ntap-20200103-0002/](https://security.netapp.com/advisory/ntap-20200103-0002/)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/)

Signalée 23/12/2019

CVE-2019-11044

high gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.

* [https://bugs.php.net/bug.php?id=77270](https://bugs.php.net/bug.php?id=77270)
* [http://php.net/ChangeLog-7.php](http://php.net/ChangeLog-7.php)
* [http://php.net/ChangeLog-5.php](http://php.net/ChangeLog-5.php)
* [http://www.securityfocus.com/bid/106731](http://www.securityfocus.com/bid/106731)
* [https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html](https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html)
* [https://www.debian.org/security/2019/dsa-4384](https://www.debian.org/security/2019/dsa-4384)
* [https://usn.ubuntu.com/3900-1/](https://usn.ubuntu.com/3900-1/)
* [https://security.netapp.com/advisory/ntap-20190315-0003/](https://security.netapp.com/advisory/ntap-20190315-0003/)
* [https://security.gentoo.org/glsa/201903-18](https://security.gentoo.org/glsa/201903-18)
* [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00031.html)
* [http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html](http://packetstormsecurity.com/files/152459/PHP-7.2-imagecolormatch-Out-Of-Band-Heap-Write.html)
* [https://www.exploit-db.com/exploits/46677/](https://www.exploit-db.com/exploits/46677/)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)
* [https://access.redhat.com/errata/RHSA-2019:3299](https://access.redhat.com/errata/RHSA-2019:3299)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEYUUOW75YD3DENIPYMO263E6NL2NFHI/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3WRUPZVT2MWFUEMVGTRAGDOBHLNMGK5R/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TTXSLRZI5BCQT3H5KALG3DHUWUMNPDX2/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/)

Signalée 27/01/2019

CVE-2019-6977

high An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.

* [https://bugs.php.net/bug.php?id=77369](https://bugs.php.net/bug.php?id=77369)
* [https://www.debian.org/security/2019/dsa-4398](https://www.debian.org/security/2019/dsa-4398)
* [https://usn.ubuntu.com/3902-1/](https://usn.ubuntu.com/3902-1/)
* [https://security.netapp.com/advisory/ntap-20190321-0001/](https://security.netapp.com/advisory/ntap-20190321-0001/)
* [https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html](https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html)
* [https://usn.ubuntu.com/3922-2/](https://usn.ubuntu.com/3922-2/)
* [https://usn.ubuntu.com/3922-3/](https://usn.ubuntu.com/3922-3/)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)
* [https://access.redhat.com/errata/RHSA-2019:3299](https://access.redhat.com/errata/RHSA-2019:3299)
* [https://www.tenable.com/security/tns-2019-07](https://www.tenable.com/security/tns-2019-07)

Signalée 22/02/2019

CVE-2019-9022

high An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.

* [https://bugs.php.net/bug.php?id=77380](https://bugs.php.net/bug.php?id=77380)
* [http://www.securityfocus.com/bid/107156](http://www.securityfocus.com/bid/107156)
* [https://www.debian.org/security/2019/dsa-4398](https://www.debian.org/security/2019/dsa-4398)
* [https://usn.ubuntu.com/3902-1/](https://usn.ubuntu.com/3902-1/)
* [https://usn.ubuntu.com/3902-2/](https://usn.ubuntu.com/3902-2/)
* [https://security.netapp.com/advisory/ntap-20190321-0001/](https://security.netapp.com/advisory/ntap-20190321-0001/)
* [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)
* [https://access.redhat.com/errata/RHSA-2019:3299](https://access.redhat.com/errata/RHSA-2019:3299)

Signalée 22/02/2019

CVE-2019-9024

high An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.

* [https://bugs.php.net/bug.php?id=77630](https://bugs.php.net/bug.php?id=77630)
* [https://www.debian.org/security/2019/dsa-4403](https://www.debian.org/security/2019/dsa-4403)
* [https://usn.ubuntu.com/3922-1/](https://usn.ubuntu.com/3922-1/)
* [https://support.f5.com/csp/article/K53825211](https://support.f5.com/csp/article/K53825211)
* [https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html](https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html)
* [https://usn.ubuntu.com/3922-2/](https://usn.ubuntu.com/3922-2/)
* [https://usn.ubuntu.com/3922-3/](https://usn.ubuntu.com/3922-3/)
* [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html)
* [https://security.netapp.com/advisory/ntap-20190502-0007/](https://security.netapp.com/advisory/ntap-20190502-0007/)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)
* [https://access.redhat.com/errata/RHSA-2019:3299](https://access.redhat.com/errata/RHSA-2019:3299)
* [https://www.tenable.com/security/tns-2019-07](https://www.tenable.com/security/tns-2019-07)

Signalée 09/03/2019

CVE-2019-9637

high An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.

* [https://bugs.php.net/bug.php?id=77563](https://bugs.php.net/bug.php?id=77563)
* [https://www.debian.org/security/2019/dsa-4403](https://www.debian.org/security/2019/dsa-4403)
* [https://usn.ubuntu.com/3922-1/](https://usn.ubuntu.com/3922-1/)
* [https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html](https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html)
* [https://usn.ubuntu.com/3922-2/](https://usn.ubuntu.com/3922-2/)
* [https://usn.ubuntu.com/3922-3/](https://usn.ubuntu.com/3922-3/)
* [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html)
* [https://security.netapp.com/advisory/ntap-20190502-0007/](https://security.netapp.com/advisory/ntap-20190502-0007/)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)
* [https://access.redhat.com/errata/RHSA-2019:3299](https://access.redhat.com/errata/RHSA-2019:3299)

Signalée 09/03/2019

CVE-2019-9638

high An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.

* [https://bugs.php.net/bug.php?id=77659](https://bugs.php.net/bug.php?id=77659)
* [https://www.debian.org/security/2019/dsa-4403](https://www.debian.org/security/2019/dsa-4403)
* [https://usn.ubuntu.com/3922-1/](https://usn.ubuntu.com/3922-1/)
* [https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html](https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html)
* [https://usn.ubuntu.com/3922-2/](https://usn.ubuntu.com/3922-2/)
* [https://usn.ubuntu.com/3922-3/](https://usn.ubuntu.com/3922-3/)
* [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html)
* [https://security.netapp.com/advisory/ntap-20190502-0007/](https://security.netapp.com/advisory/ntap-20190502-0007/)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)
* [https://access.redhat.com/errata/RHSA-2019:3299](https://access.redhat.com/errata/RHSA-2019:3299)

Signalée 09/03/2019

CVE-2019-9639

high An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.

* [https://bugs.php.net/bug.php?id=77540](https://bugs.php.net/bug.php?id=77540)
* [https://www.debian.org/security/2019/dsa-4403](https://www.debian.org/security/2019/dsa-4403)
* [https://usn.ubuntu.com/3922-1/](https://usn.ubuntu.com/3922-1/)
* [https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html](https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html)
* [https://usn.ubuntu.com/3922-2/](https://usn.ubuntu.com/3922-2/)
* [https://usn.ubuntu.com/3922-3/](https://usn.ubuntu.com/3922-3/)
* [http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html](http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html)
* [https://security.netapp.com/advisory/ntap-20190502-0007/](https://security.netapp.com/advisory/ntap-20190502-0007/)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html)
* [http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)
* [https://access.redhat.com/errata/RHSA-2019:3299](https://access.redhat.com/errata/RHSA-2019:3299)

Signalée 09/03/2019

CVE-2019-9640

high In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.

* [https://bugs.php.net/bug.php?id=79221](https://bugs.php.net/bug.php?id=79221)
* [http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html](http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html)
* [https://security.gentoo.org/glsa/202003-57](https://security.gentoo.org/glsa/202003-57)
* [https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html](https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html)
* [https://usn.ubuntu.com/4330-1/](https://usn.ubuntu.com/4330-1/)
* [https://www.debian.org/security/2020/dsa-4717](https://www.debian.org/security/2020/dsa-4717)
* [https://www.debian.org/security/2020/dsa-4719](https://www.debian.org/security/2020/dsa-4719)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)

Signalée 27/02/2020

CVE-2020-7062

high In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.

* [https://bugs.php.net/bug.php?id=79465](https://bugs.php.net/bug.php?id=79465)
* [https://security.netapp.com/advisory/ntap-20200504-0001/](https://security.netapp.com/advisory/ntap-20200504-0001/)
* [https://www.debian.org/security/2020/dsa-4717](https://www.debian.org/security/2020/dsa-4717)
* [https://www.debian.org/security/2020/dsa-4719](https://www.debian.org/security/2020/dsa-4719)
* [https://www.oracle.com/security-alerts/cpuoct2020.html](https://www.oracle.com/security-alerts/cpuoct2020.html)
* [https://www.oracle.com/security-alerts/cpuApr2021.html](https://www.oracle.com/security-alerts/cpuApr2021.html)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)

Signalée 27/04/2020

CVE-2020-7067

medium The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.

* [http://www.acid-root.new.fr/advisories/14070612.txt](http://www.acid-root.new.fr/advisories/14070612.txt)
* [http://securityreason.com/securityalert/2800](http://securityreason.com/securityalert/2800)
* [http://osvdb.org/39834](http://osvdb.org/39834)
* [https://exchange.xforce.ibmcloud.com/vulnerabilities/34836](https://exchange.xforce.ibmcloud.com/vulnerabilities/34836)
* [http://www.securityfocus.com/archive/1/471275/100/0/threaded](http://www.securityfocus.com/archive/1/471275/100/0/threaded)
* [http://www.securityfocus.com/archive/1/471204/100/0/threaded](http://www.securityfocus.com/archive/1/471204/100/0/threaded)
* [http://www.securityfocus.com/archive/1/471178/100/0/threaded](http://www.securityfocus.com/archive/1/471178/100/0/threaded)

Signalée 13/06/2007

CVE-2007-3205

medium An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.

* [https://bugs.php.net/bug.php?id=75968](https://bugs.php.net/bug.php?id=75968)
* [https://bugs.php.net/bug.php?id=70185](https://bugs.php.net/bug.php?id=70185)
* [https://www.futureweb.at/security/CVE-2015-9253/](https://www.futureweb.at/security/CVE-2015-9253/)
* [https://github.com/php/php-src/commit/69dee5c732fe982c82edb17d0dbc3e79a47748d8](https://github.com/php/php-src/commit/69dee5c732fe982c82edb17d0dbc3e79a47748d8)
* [https://bugs.php.net/bug.php?id=73342https://github.com/php/php-src/pull/3287](https://bugs.php.net/bug.php?id=73342https://github.com/php/php-src/pull/3287)
* [https://github.com/php/php-src/blob/PHP-7.1.20/NEWS#L20-L22](https://github.com/php/php-src/blob/PHP-7.1.20/NEWS#L20-L22)
* [https://usn.ubuntu.com/3766-1/](https://usn.ubuntu.com/3766-1/)
* [https://usn.ubuntu.com/4279-1/](https://usn.ubuntu.com/4279-1/)

Signalée 19/02/2018

CVE-2015-9253

medium An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.

* [https://bugs.php.net/bug.php?id=75605](https://bugs.php.net/bug.php?id=75605)
* [http://php.net/ChangeLog-7.php](http://php.net/ChangeLog-7.php)
* [http://php.net/ChangeLog-5.php](http://php.net/ChangeLog-5.php)
* [http://www.securityfocus.com/bid/104022](http://www.securityfocus.com/bid/104022)
* [https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html](https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html)
* [https://usn.ubuntu.com/3646-1/](https://usn.ubuntu.com/3646-1/)
* [https://usn.ubuntu.com/3646-2/](https://usn.ubuntu.com/3646-2/)
* [https://security.netapp.com/advisory/ntap-20180607-0003/](https://security.netapp.com/advisory/ntap-20180607-0003/)
* [https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html](https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html)
* [https://www.debian.org/security/2018/dsa-4240](https://www.debian.org/security/2018/dsa-4240)
* [https://www.tenable.com/security/tns-2018-12](https://www.tenable.com/security/tns-2018-12)
* [https://security.gentoo.org/glsa/201812-01](https://security.gentoo.org/glsa/201812-01)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)

Signalée 29/04/2018

CVE-2018-10545

medium An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.

* [https://bugs.php.net/bug.php?id=76129](https://bugs.php.net/bug.php?id=76129)
* [http://php.net/ChangeLog-7.php](http://php.net/ChangeLog-7.php)
* [http://php.net/ChangeLog-5.php](http://php.net/ChangeLog-5.php)
* [http://www.securitytracker.com/id/1040807](http://www.securitytracker.com/id/1040807)
* [https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html](https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html)
* [https://usn.ubuntu.com/3646-1/](https://usn.ubuntu.com/3646-1/)
* [https://usn.ubuntu.com/3646-2/](https://usn.ubuntu.com/3646-2/)
* [https://security.netapp.com/advisory/ntap-20180607-0003/](https://security.netapp.com/advisory/ntap-20180607-0003/)
* [https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html](https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html)
* [https://www.debian.org/security/2018/dsa-4240](https://www.debian.org/security/2018/dsa-4240)
* [https://www.tenable.com/security/tns-2018-12](https://www.tenable.com/security/tns-2018-12)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)

Signalée 29/04/2018

CVE-2018-10547

medium exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.

* [https://bugs.php.net/bug.php?id=76557](https://bugs.php.net/bug.php?id=76557)
* [http://php.net/ChangeLog-7.php](http://php.net/ChangeLog-7.php)
* [http://php.net/ChangeLog-5.php](http://php.net/ChangeLog-5.php)
* [https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html](https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html)
* [https://usn.ubuntu.com/3766-1/](https://usn.ubuntu.com/3766-1/)
* [https://www.tenable.com/security/tns-2018-12](https://www.tenable.com/security/tns-2018-12)
* [https://usn.ubuntu.com/3766-2/](https://usn.ubuntu.com/3766-2/)
* [http://www.securityfocus.com/bid/104871](http://www.securityfocus.com/bid/104871)
* [https://security.netapp.com/advisory/ntap-20181107-0003/](https://security.netapp.com/advisory/ntap-20181107-0003/)
* [https://www.debian.org/security/2018/dsa-4353](https://www.debian.org/security/2018/dsa-4353)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)

Signalée 02/08/2018

CVE-2018-14851

medium The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.

* [https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e](https://github.com/php/php-src/commit/23b057742e3cf199612fa8050ae86cae675e214e)
* [https://bugs.php.net/bug.php?id=76582](https://bugs.php.net/bug.php?id=76582)
* [http://php.net/ChangeLog-7.php](http://php.net/ChangeLog-7.php)
* [http://php.net/ChangeLog-5.php](http://php.net/ChangeLog-5.php)
* [https://lists.debian.org/debian-lts-announce/2018/09/msg00020.html](https://lists.debian.org/debian-lts-announce/2018/09/msg00020.html)
* [https://security.netapp.com/advisory/ntap-20180924-0001/](https://security.netapp.com/advisory/ntap-20180924-0001/)
* [https://security.gentoo.org/glsa/201812-01](https://security.gentoo.org/glsa/201812-01)
* [https://www.debian.org/security/2018/dsa-4353](https://www.debian.org/security/2018/dsa-4353)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)
* [https://www.tenable.com/security/tns-2019-07](https://www.tenable.com/security/tns-2019-07)

Signalée 16/09/2018

CVE-2018-17082

medium When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code.

* [https://bugs.php.net/bug.php?id=77973](https://bugs.php.net/bug.php?id=77973)
* [https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html](https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html)
* [https://bugzilla.redhat.com/show_bug.cgi?id=1724149](https://bugzilla.redhat.com/show_bug.cgi?id=1724149)
* [https://bugzilla.suse.com/show_bug.cgi?id=1140120](https://bugzilla.suse.com/show_bug.cgi?id=1140120)
* [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929821)
* [https://github.com/libgd/libgd/issues/501](https://github.com/libgd/libgd/issues/501)
* [https://bugzilla.redhat.com/show_bug.cgi?id=1724432](https://bugzilla.redhat.com/show_bug.cgi?id=1724432)
* [https://bugzilla.suse.com/show_bug.cgi?id=1140118](https://bugzilla.suse.com/show_bug.cgi?id=1140118)
* [https://access.redhat.com/errata/RHSA-2019:2519](https://access.redhat.com/errata/RHSA-2019:2519)
* [https://seclists.org/bugtraq/2019/Sep/38](https://seclists.org/bugtraq/2019/Sep/38)
* [https://www.debian.org/security/2019/dsa-4529](https://www.debian.org/security/2019/dsa-4529)
* [https://access.redhat.com/errata/RHSA-2019:3299](https://access.redhat.com/errata/RHSA-2019:3299)
* [http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html](http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00020.html)
* [https://usn.ubuntu.com/4316-2/](https://usn.ubuntu.com/4316-2/)
* [https://usn.ubuntu.com/4316-1/](https://usn.ubuntu.com/4316-1/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKSSWFR2WPMUOIB5EN5ZM252NNEPYUTG/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAZBVK6XNYEIN7RDQXESSD63QHXPLKWL/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CZ2QADQTKRHTGB2AHD7J4QQNDLBEMM6/)

Signalée 19/06/2019

CVE-2019-11038

medium In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

* [https://bugs.php.net/bug.php?id=78863](https://bugs.php.net/bug.php?id=78863)
* [https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html](https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html)
* [https://security.netapp.com/advisory/ntap-20200103-0002/](https://security.netapp.com/advisory/ntap-20200103-0002/)
* [https://usn.ubuntu.com/4239-1/](https://usn.ubuntu.com/4239-1/)
* [http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html](http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html)
* [https://seclists.org/bugtraq/2020/Feb/27](https://seclists.org/bugtraq/2020/Feb/27)
* [https://www.debian.org/security/2020/dsa-4626](https://www.debian.org/security/2020/dsa-4626)
* [https://seclists.org/bugtraq/2020/Feb/31](https://seclists.org/bugtraq/2020/Feb/31)
* [https://www.debian.org/security/2020/dsa-4628](https://www.debian.org/security/2020/dsa-4628)
* [https://seclists.org/bugtraq/2021/Jan/3](https://seclists.org/bugtraq/2021/Jan/3)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/)

Signalée 23/12/2019

CVE-2019-11045

medium In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.

* [https://bugs.php.net/bug.php?id=78878](https://bugs.php.net/bug.php?id=78878)
* [https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html](https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html)
* [https://security.netapp.com/advisory/ntap-20200103-0002/](https://security.netapp.com/advisory/ntap-20200103-0002/)
* [https://usn.ubuntu.com/4239-1/](https://usn.ubuntu.com/4239-1/)
* [http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html](http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html)
* [https://seclists.org/bugtraq/2020/Feb/27](https://seclists.org/bugtraq/2020/Feb/27)
* [https://www.debian.org/security/2020/dsa-4626](https://www.debian.org/security/2020/dsa-4626)
* [https://seclists.org/bugtraq/2020/Feb/31](https://seclists.org/bugtraq/2020/Feb/31)
* [https://www.debian.org/security/2020/dsa-4628](https://www.debian.org/security/2020/dsa-4628)
* [https://seclists.org/bugtraq/2021/Jan/3](https://seclists.org/bugtraq/2021/Jan/3)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/)
* [https://support.f5.com/csp/article/K48866433?utm_source=f5support&amp%3Butm_medium=RSS](https://support.f5.com/csp/article/K48866433?utm_source=f5support&amp%3Butm_medium=RSS)

Signalée 23/12/2019

CVE-2019-11046

medium When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

* [https://bugs.php.net/bug.php?id=78910](https://bugs.php.net/bug.php?id=78910)
* [https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html](https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html)
* [https://security.netapp.com/advisory/ntap-20200103-0002/](https://security.netapp.com/advisory/ntap-20200103-0002/)
* [https://usn.ubuntu.com/4239-1/](https://usn.ubuntu.com/4239-1/)
* [http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html](http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html)
* [https://seclists.org/bugtraq/2020/Feb/27](https://seclists.org/bugtraq/2020/Feb/27)
* [https://www.debian.org/security/2020/dsa-4626](https://www.debian.org/security/2020/dsa-4626)
* [https://seclists.org/bugtraq/2020/Feb/31](https://seclists.org/bugtraq/2020/Feb/31)
* [https://www.debian.org/security/2020/dsa-4628](https://www.debian.org/security/2020/dsa-4628)
* [https://seclists.org/bugtraq/2021/Jan/3](https://seclists.org/bugtraq/2021/Jan/3)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/)

Signalée 23/12/2019

CVE-2019-11047

medium In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.

* [https://bugs.php.net/bug.php?id=78876](https://bugs.php.net/bug.php?id=78876)
* [https://bugs.php.net/bug.php?id=78875](https://bugs.php.net/bug.php?id=78875)
* [https://security.netapp.com/advisory/ntap-20200528-0006/](https://security.netapp.com/advisory/ntap-20200528-0006/)
* [https://usn.ubuntu.com/4375-1/](https://usn.ubuntu.com/4375-1/)
* [http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00045.html](http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00045.html)
* [https://lists.debian.org/debian-lts-announce/2020/06/msg00033.html](https://lists.debian.org/debian-lts-announce/2020/06/msg00033.html)
* [https://www.debian.org/security/2020/dsa-4717](https://www.debian.org/security/2020/dsa-4717)
* [https://www.debian.org/security/2020/dsa-4719](https://www.debian.org/security/2020/dsa-4719)
* [https://www.oracle.com/security-alerts/cpuoct2020.html](https://www.oracle.com/security-alerts/cpuoct2020.html)
* [https://www.oracle.com/security-alerts/cpuApr2021.html](https://www.oracle.com/security-alerts/cpuApr2021.html)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBA3TFZSP3TB5N4G24SO6BI64RJZXE3D/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OBA3TFZSP3TB5N4G24SO6BI64RJZXE3D/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMDUQ7XFONY3BWTAQQUD3QUGZT6NFZUF/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMDUQ7XFONY3BWTAQQUD3QUGZT6NFZUF/)

Signalée 20/05/2020

CVE-2019-11048

medium When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.

* [https://bugs.php.net/bug.php?id=78793](https://bugs.php.net/bug.php?id=78793)
* [https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html](https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html)
* [https://security.netapp.com/advisory/ntap-20200103-0002/](https://security.netapp.com/advisory/ntap-20200103-0002/)
* [https://usn.ubuntu.com/4239-1/](https://usn.ubuntu.com/4239-1/)
* [http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html](http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html)
* [https://seclists.org/bugtraq/2020/Feb/27](https://seclists.org/bugtraq/2020/Feb/27)
* [https://www.debian.org/security/2020/dsa-4626](https://www.debian.org/security/2020/dsa-4626)
* [https://seclists.org/bugtraq/2020/Feb/31](https://seclists.org/bugtraq/2020/Feb/31)
* [https://www.debian.org/security/2020/dsa-4628](https://www.debian.org/security/2020/dsa-4628)
* [https://seclists.org/bugtraq/2021/Jan/3](https://seclists.org/bugtraq/2021/Jan/3)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/)

Signalée 23/12/2019

CVE-2019-11050

medium In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.

* [https://bugs.php.net/bug.php?id=79082](https://bugs.php.net/bug.php?id=79082)
* [http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html](http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html)
* [https://security.gentoo.org/glsa/202003-57](https://security.gentoo.org/glsa/202003-57)
* [https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html](https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html)
* [https://usn.ubuntu.com/4330-1/](https://usn.ubuntu.com/4330-1/)
* [https://www.debian.org/security/2020/dsa-4717](https://www.debian.org/security/2020/dsa-4717)
* [https://www.debian.org/security/2020/dsa-4719](https://www.debian.org/security/2020/dsa-4719)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)

Signalée 27/02/2020

CVE-2020-7063

medium In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.

* [https://bugs.php.net/bug.php?id=79282](https://bugs.php.net/bug.php?id=79282)
* [https://security.netapp.com/advisory/ntap-20200403-0001/](https://security.netapp.com/advisory/ntap-20200403-0001/)
* [https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html](https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html)
* [https://usn.ubuntu.com/4330-1/](https://usn.ubuntu.com/4330-1/)
* [https://usn.ubuntu.com/4330-2/](https://usn.ubuntu.com/4330-2/)
* [http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html](http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html)
* [https://www.debian.org/security/2020/dsa-4717](https://www.debian.org/security/2020/dsa-4717)
* [https://www.debian.org/security/2020/dsa-4719](https://www.debian.org/security/2020/dsa-4719)
* [https://www.oracle.com/security-alerts/cpujan2021.html](https://www.oracle.com/security-alerts/cpujan2021.html)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)

Signalée 01/04/2020

CVE-2020-7064

medium In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.

* [https://bugs.php.net/bug.php?id=79329](https://bugs.php.net/bug.php?id=79329)
* [https://security.netapp.com/advisory/ntap-20200403-0001/](https://security.netapp.com/advisory/ntap-20200403-0001/)
* [https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html](https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html)
* [https://usn.ubuntu.com/4330-2/](https://usn.ubuntu.com/4330-2/)
* [http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html](http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html)
* [https://www.debian.org/security/2020/dsa-4717](https://www.debian.org/security/2020/dsa-4717)
* [https://www.debian.org/security/2020/dsa-4719](https://www.debian.org/security/2020/dsa-4719)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)

Signalée 01/04/2020

CVE-2020-7066

medium In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.

* [https://bugs.php.net/bug.php?id=79601](https://bugs.php.net/bug.php?id=79601)
* [https://security.netapp.com/advisory/ntap-20201016-0001/](https://security.netapp.com/advisory/ntap-20201016-0001/)
* [http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html](http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html)
* [https://usn.ubuntu.com/4583-1/](https://usn.ubuntu.com/4583-1/)
* [http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html](http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html)
* [https://security.gentoo.org/glsa/202012-16](https://security.gentoo.org/glsa/202012-16)
* [https://www.debian.org/security/2021/dsa-4856](https://www.debian.org/security/2021/dsa-4856)
* [https://www.oracle.com/security-alerts/cpuApr2021.html](https://www.oracle.com/security-alerts/cpuApr2021.html)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)
* [https://www.oracle.com/security-alerts/cpuoct2021.html](https://www.oracle.com/security-alerts/cpuoct2021.html)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/)

Signalée 02/10/2020

CVE-2020-7069

medium In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.

* [https://bugs.php.net/bug.php?id=79699](https://bugs.php.net/bug.php?id=79699)
* [http://cve.circl.lu/cve/CVE-2020-8184](http://cve.circl.lu/cve/CVE-2020-8184)
* [https://hackerone.com/reports/895727](https://hackerone.com/reports/895727)
* [https://lists.debian.org/debian-lts-announce/2020/10/msg00008.html](https://lists.debian.org/debian-lts-announce/2020/10/msg00008.html)
* [https://security.netapp.com/advisory/ntap-20201016-0001/](https://security.netapp.com/advisory/ntap-20201016-0001/)
* [http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html](http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html)
* [https://usn.ubuntu.com/4583-1/](https://usn.ubuntu.com/4583-1/)
* [http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html](http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html)
* [https://security.gentoo.org/glsa/202012-16](https://security.gentoo.org/glsa/202012-16)
* [https://www.debian.org/security/2021/dsa-4856](https://www.debian.org/security/2021/dsa-4856)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)
* [https://www.oracle.com/security-alerts/cpuoct2021.html](https://www.oracle.com/security-alerts/cpuoct2021.html)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/)

Signalée 02/10/2020

CVE-2020-7070

medium In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

* [https://bugs.php.net/bug.php?id=81726](https://bugs.php.net/bug.php?id=81726)
* [https://www.debian.org/security/2022/dsa-5277](https://www.debian.org/security/2022/dsa-5277)
* [https://security.gentoo.org/glsa/202211-03](https://security.gentoo.org/glsa/202211-03)
* [https://security.netapp.com/advisory/ntap-20221209-0001/](https://security.netapp.com/advisory/ntap-20221209-0001/)
* [https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html](https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV/)

Signalée 28/09/2022

CVE-2022-31628

medium In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `Host-` or `Secure-` cookie by PHP applications.

* [https://bugs.php.net/bug.php?id=81727](https://bugs.php.net/bug.php?id=81727)
* [https://www.debian.org/security/2022/dsa-5277](https://www.debian.org/security/2022/dsa-5277)
* [https://security.gentoo.org/glsa/202211-03](https://security.gentoo.org/glsa/202211-03)
* [https://security.netapp.com/advisory/ntap-20221209-0001/](https://security.netapp.com/advisory/ntap-20221209-0001/)
* [https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html](https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGWIK3HMBACERGB4TSBB2JUOMPYY2VKY/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGWIK3HMBACERGB4TSBB2JUOMPYY2VKY/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSJVPJTX7T3J5V7XHR4MFNHZGP44R5XE/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSJVPJTX7T3J5V7XHR4MFNHZGP44R5XE/)
* [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZK3X6B7FBE32FETDSMRLJXTFTHKWSY/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZK3X6B7FBE32FETDSMRLJXTFTHKWSY/)
* [http://www.openwall.com/lists/oss-security/2024/04/12/11](http://www.openwall.com/lists/oss-security/2024/04/12/11)

Signalée 28/09/2022

CVE-2022-31629

medium A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.

* [https://bugzilla.redhat.com/show_bug.cgi?id=2179880](https://bugzilla.redhat.com/show_bug.cgi?id=2179880)
* [https://access.redhat.com/security/cve/CVE-2022-4900](https://access.redhat.com/security/cve/CVE-2022-4900)
* [https://security.netapp.com/advisory/ntap-20231130-0008/](https://security.netapp.com/advisory/ntap-20231130-0008/)

Signalée 02/11/2023

CVE-2022-4900

low In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

* [https://bugs.php.net/bug.php?id=79797](https://bugs.php.net/bug.php?id=79797)
* [https://security.gentoo.org/glsa/202009-10](https://security.gentoo.org/glsa/202009-10)
* [https://security.netapp.com/advisory/ntap-20200918-0005/](https://security.netapp.com/advisory/ntap-20200918-0005/)
* [https://www.debian.org/security/2021/dsa-4856](https://www.debian.org/security/2021/dsa-4856)
* [https://www.tenable.com/security/tns-2021-14](https://www.tenable.com/security/tns-2021-14)

Signalée 09/09/2020

CVE-2020-7068

46 typo3/typo3 —— 10.4 +

critical In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. This has been fixed in 9.5.17 and 10.4.2.

* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2rxh-h6h9-qrqc](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2rxh-h6h9-qrqc)

Signalée 14/05/2020

CVE-2020-11066

high In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2.

* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2wj9-434x-9hvp](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2wj9-434x-9hvp)

Signalée 14/05/2020

CVE-2020-11067

high In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server. Scripts are then executed with the privileges of the victims' user session. In a worst-case scenario, new admin users can be created which can directly be used by an attacker. The vulnerability is basically a cross-site request forgery (CSRF) triggered by a cross-site scripting vulnerability (XSS) - but happens on the same target host - thus, it's actually a same-site request forgery. Malicious payload such as HTML containing JavaScript might be provided by either an authenticated backend user or by a non-authenticated user using a third party extension, e.g. file upload in a contact form with knowing the target location. To be successful, the attacked victim requires an active and valid backend or install tool user session at the time of the attack. This has been fixed in 9.5.17 and 10.4.2. The deployment of additional mitigation techniques is suggested as described below. - Sudo Mode Extension This TYPO3 extension intercepts modifications to security relevant database tables, e.g. those storing user accounts or storages of the file abstraction layer. Modifications need to confirmed again by the acting user providing their password again. This technique is known as sudo mode. This way, unintended actions happening in the background can be mitigated. - https://github.com/FriendsOfTYPO3/sudo-mode - https://extensions.typo3.org/extension/sudo_mode - Content Security Policy Content Security Policies tell (modern) browsers how resources served a particular site are handled. It is also possible to disallow script executions for specific locations. In a TYPO3 context, it is suggested to disallow direct script execution at least for locations /fileadmin/ and /uploads/.

* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-pqg8-crx9-g8m4](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-pqg8-crx9-g8m4)

Signalée 14/05/2020

CVE-2020-11069

high In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization & remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6.

* [https://typo3.org/security/advisory/typo3-core-sa-2020-008](https://typo3.org/security/advisory/typo3-core-sa-2020-008)
* [https://typo3.org/security/advisory/typo3-core-sa-2016-013](https://typo3.org/security/advisory/typo3-core-sa-2016-013)
* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp)
* [https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1](https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1)

Signalée 29/07/2020

CVE-2020-15098

high In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch typo3conf/LocalConfiguration.php, which again contains the encryptionKey as well as credentials of the database management system being used. In case a database server is directly accessible either via internet or in a shared hosting network, this allows the ability to completely retrieve, manipulate or delete database contents. This includes creating an administration user account - which can be used to trigger remote code execution by injecting custom extensions. This has been patched in versions 9.5.20 and 10.4.6.

* [https://typo3.org/security/advisory/typo3-core-sa-2020-007](https://typo3.org/security/advisory/typo3-core-sa-2020-007)
* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3x94-fv5h-5q2c](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3x94-fv5h-5q2c)

Signalée 29/07/2020

CVE-2020-15099

high TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.

* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-954j-f27r-cj52](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-954j-f27r-cj52)
* [https://typo3.org/security/advisory/typo3-core-sa-2020-011](https://typo3.org/security/advisory/typo3-core-sa-2020-011)

Signalée 23/11/2020

CVE-2020-26228

high TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.

* [https://packagist.org/packages/typo3/cms-core](https://packagist.org/packages/typo3/cms-core)
* [https://typo3.org/security/advisory/typo3-core-sa-2021-006](https://typo3.org/security/advisory/typo3-core-sa-2021-006)
* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch)

Signalée 23/03/2021

CVE-2021-21339

high TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, _UploadedFileReferenceConverter_ transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, _UploadedFileReferenceConverter_ accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location _/fileadmin/user_upload/_, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.

* [https://typo3.org/security/advisory/typo3-core-sa-2021-002](https://typo3.org/security/advisory/typo3-core-sa-2021-002)
* [https://packagist.org/packages/typo3/cms-form](https://packagist.org/packages/typo3/cms-form)
* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2)

Signalée 23/03/2021

CVE-2021-21355

high TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1.

* [https://typo3.org/security/advisory/typo3-core-sa-2021-003](https://typo3.org/security/advisory/typo3-core-sa-2021-003)
* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f)
* [https://packagist.org/packages/typo3/cms-form](https://packagist.org/packages/typo3/cms-form)

Signalée 23/03/2021

CVE-2021-21357

high TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1.

* [https://typo3.org/security/advisory/typo3-core-sa-2021-005](https://typo3.org/security/advisory/typo3-core-sa-2021-005)
* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4p9g-qgx9-397p](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4p9g-qgx9-397p)
* [https://packagist.org/packages/typo3/cms-core](https://packagist.org/packages/typo3/cms-core)

Signalée 23/03/2021

CVE-2021-21359

high TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This vulnerability is very similar, but not identical, to the one described in CVE-2021-21359. This issue is patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20 or 12.1.1.

* [https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h](https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h)

Signalée 14/12/2022

CVE-2022-23500

high TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the form module are needed to exploit this vulnerability. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.

* [https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm](https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm)

Signalée 14/12/2022

CVE-2022-23503

high TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.

* [https://typo3.org/security/advisory/typo3-core-sa-2022-005](https://typo3.org/security/advisory/typo3-core-sa-2022-005)
* [https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq](https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq)
* [https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d](https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d)

Signalée 14/06/2022

CVE-2022-31050

high TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage ("zero-storage") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`.

* [https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66](https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66)
* [https://typo3.org/security/advisory/typo3-core-sa-2024-006](https://typo3.org/security/advisory/typo3-core-sa-2024-006)

Signalée 13/02/2024

CVE-2024-25121

medium SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

* [http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/](http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/)
* [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446)
* [http://www.debian.org/security/2007/dsa-1439](http://www.debian.org/security/2007/dsa-1439)
* [http://www.securityfocus.com/bid/26871](http://www.securityfocus.com/bid/26871)
* [http://securitytracker.com/id?1019146](http://securitytracker.com/id?1019146)
* [http://secunia.com/advisories/27969](http://secunia.com/advisories/27969)
* [http://secunia.com/advisories/28243](http://secunia.com/advisories/28243)
* [http://osvdb.org/39506](http://osvdb.org/39506)
* [http://www.vupen.com/english/advisories/2007/4205](http://www.vupen.com/english/advisories/2007/4205)
* [https://exchange.xforce.ibmcloud.com/vulnerabilities/39017](https://exchange.xforce.ibmcloud.com/vulnerabilities/39017)

Signalée 15/12/2007

CVE-2007-6381

medium Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

* [http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/](http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/)
* [http://osvdb.org/46393](http://osvdb.org/46393)
* [http://www.securityfocus.com/bid/29832](http://www.securityfocus.com/bid/29832)
* [https://exchange.xforce.ibmcloud.com/vulnerabilities/43211](https://exchange.xforce.ibmcloud.com/vulnerabilities/43211)

Signalée 10/04/2009

CVE-2008-6699

medium In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2.

* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-43gj-mj2w-wh46](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-43gj-mj2w-wh46)

Signalée 13/05/2020

CVE-2020-11064

medium In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. This has been fixed in 9.5.17 and 10.4.2.

* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4j77-gg36-9864](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4j77-gg36-9864)

Signalée 13/05/2020

CVE-2020-11065

medium TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.

* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf)
* [https://typo3.org/security/advisory/typo3-core-sa-2020-010](https://typo3.org/security/advisory/typo3-core-sa-2020-010)

Signalée 23/11/2020

CVE-2020-26227

medium TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.

* [https://packagist.org/packages/typo3/cms-core](https://packagist.org/packages/typo3/cms-core)
* [https://typo3.org/security/advisory/typo3-core-sa-2021-001](https://typo3.org/security/advisory/typo3-core-sa-2021-001)
* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp)

Signalée 23/03/2021

CVE-2021-21338

medium TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 .

* [https://typo3.org/security/advisory/typo3-core-sa-2021-007](https://typo3.org/security/advisory/typo3-core-sa-2021-007)
* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-fjh3-g8gq-9q92](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-fjh3-g8gq-9q92)
* [https://packagist.org/packages/typo3/cms-backend](https://packagist.org/packages/typo3/cms-backend)

Signalée 23/03/2021

CVE-2021-21340

medium TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1.

* [https://typo3.org/security/advisory/typo3-core-sa-2021-004](https://typo3.org/security/advisory/typo3-core-sa-2021-004)
* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2)
* [https://packagist.org/packages/typo3/cms-form](https://packagist.org/packages/typo3/cms-form)

Signalée 23/03/2021

CVE-2021-21358

medium TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.

* [https://typo3.org/security/advisory/typo3-core-sa-2021-008](https://typo3.org/security/advisory/typo3-core-sa-2021-008)
* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh)
* [https://packagist.org/packages/typo3/cms-backend](https://packagist.org/packages/typo3/cms-backend)

Signalée 23/03/2021

CVE-2021-21370

medium TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded, corresponding page preview module (_Web>View_) is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue.

* [https://typo3.org/security/advisory/typo3-core-sa-2021-009](https://typo3.org/security/advisory/typo3-core-sa-2021-009)
* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-8mq9-fqv8-59wf](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-8mq9-fqv8-59wf)

Signalée 20/07/2021

CVE-2021-32667

medium TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the components _QueryGenerator_ and _QueryView_ are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue.

* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-6mh3-j5r5-2379](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-6mh3-j5r5-2379)
* [https://typo3.org/security/advisory/typo3-core-sa-2021-010](https://typo3.org/security/advisory/typo3-core-sa-2021-010)

Signalée 20/07/2021

CVE-2021-32668

medium TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this vulnerability.

* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-rgcg-28xm-8mmw](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-rgcg-28xm-8mmw)
* [https://typo3.org/security/advisory/typo3-core-sa-2021-011](https://typo3.org/security/advisory/typo3-core-sa-2021-011)

Signalée 20/07/2021

CVE-2021-32669

medium TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability.

* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235)
* [https://typo3.org/security/advisory/typo3-core-sa-2021-012](https://typo3.org/security/advisory/typo3-core-sa-2021-012)

Signalée 20/07/2021

CVE-2021-32767

medium TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. Update to TYPO3 versions 7.6.53 ELTS, 8.7.42 ELTS, 9.5.29, 10.4.19, 11.3.2 that fix the problem described.

* [https://typo3.org/security/advisory/typo3-core-sa-2021-013](https://typo3.org/security/advisory/typo3-core-sa-2021-013)
* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v)

Signalée 10/08/2021

CVE-2021-32768

medium TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.

* [https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf](https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf)

Signalée 14/12/2022

CVE-2022-23501

medium TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1.

* [https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr](https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr)

Signalée 14/12/2022

CVE-2022-23502

medium TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.

* [https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr](https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr)

Signalée 14/12/2022

CVE-2022-23504

medium TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users.

* [https://typo3.org/security/advisory/typo3-core-sa-2022-001](https://typo3.org/security/advisory/typo3-core-sa-2022-001)
* [https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g](https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g)
* [https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9](https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9)

Signalée 14/06/2022

CVE-2022-31046

medium TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem.

* [https://typo3.org/security/advisory/typo3-core-sa-2022-002](https://typo3.org/security/advisory/typo3-core-sa-2022-002)
* [https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99](https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99)
* [https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a](https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a)

Signalée 14/06/2022

CVE-2022-31047

medium TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.

* [https://typo3.org/security/advisory/typo3-core-sa-2022-003](https://typo3.org/security/advisory/typo3-core-sa-2022-003)
* [https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg](https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg)
* [https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0](https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0)

Signalée 14/06/2022

CVE-2022-31048

medium TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.

* [https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d](https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d)
* [https://typo3.org/security/advisory/typo3-core-sa-2022-004](https://typo3.org/security/advisory/typo3-core-sa-2022-004)
* [https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm](https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm)

Signalée 14/06/2022

CVE-2022-31049

medium TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue.

* [https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r](https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r)
* [https://typo3.org/security/advisory/typo3-core-sa-2022-007](https://typo3.org/security/advisory/typo3-core-sa-2022-007)
* [https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6](https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6)

Signalée 13/09/2022

CVE-2022-36105

medium TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.

* [https://typo3.org/security/advisory/typo3-core-sa-2022-008](https://typo3.org/security/advisory/typo3-core-sa-2022-008)
* [https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2](https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2)
* [https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a](https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a)

Signalée 13/09/2022

CVE-2022-36106

medium TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.

* [https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25](https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25)
* [https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39](https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39)
* [https://typo3.org/security/advisory/typo3-core-sa-2022-009](https://typo3.org/security/advisory/typo3-core-sa-2022-009)

Signalée 13/09/2022

CVE-2022-36107

medium TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.

* [https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85](https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85)
* [https://github.com/TYPO3/typo3/commit/6863f73818c36b0b88c677ba533765c8074907b4](https://github.com/TYPO3/typo3/commit/6863f73818c36b0b88c677ba533765c8074907b4)
* [https://typo3.org/security/advisory/typo3-core-sa-2022-010](https://typo3.org/security/advisory/typo3-core-sa-2022-010)

Signalée 13/09/2022

CVE-2022-36108

medium TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of `GeneralUtility::getIndpEnv('SCRIPT_NAME')` and corresponding usages (as shown below) are vulnerable as well. Additional investigations confirmed that at least Apache web server deployments using CGI (FPM, FCGI/FastCGI, and similar) are affected. However, there still might be the risk that other scenarios like nginx, IIS, or Apache/mod_php are vulnerable. The usage of server environment variable `PATH_INFO` has been removed from corresponding processings in `GeneralUtility::getIndpEnv()`. Besides that, the public property `TypoScriptFrontendController::$absRefPrefix` is encoded for both being used as a URI component and for being used as a prefix in an HTML context. This mitigates the cross-site scripting vulnerability. Users are advised to update to TYPO3 versions 8.7.51 ELTS, 9.5.40 ELTS, 10.4.35 LTS, 11.5.23 LTS and 12.2.0 which fix this problem. For users who are unable to patch in a timely manner the TypoScript setting `config.absRefPrefix` should at least be set to a static path value, instead of using auto - e.g. `config.absRefPrefix=/`. This workaround does not fix all aspects of the vulnerability, and is just considered to be an intermediate mitigation to the most prominent manifestation.

* [https://typo3.org/security/advisory/typo3-psa-2023-001](https://typo3.org/security/advisory/typo3-psa-2023-001)
* [https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php#L2481-L2484](https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php#L2481-L2484)
* [https://github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a](https://github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a)
* [https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2547-L2549](https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2547-L2549)
* [https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3](https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3)
* [https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix](https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix)
* [https://typo3.org/security/advisory/typo3-core-sa-2023-001](https://typo3.org/security/advisory/typo3-core-sa-2023-001)

Signalée 07/02/2023

CVE-2023-24814

medium TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.

* [https://typo3.org/security/advisory/typo3-core-sa-2023-003](https://typo3.org/security/advisory/typo3-core-sa-2023-003)
* [https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a](https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a)
* [https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r](https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r)

Signalée 25/07/2023

CVE-2023-38499

medium TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

* [https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm](https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm)
* [https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019](https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019)
* [https://typo3.org/security/advisory/typo3-core-sa-2023-006](https://typo3.org/security/advisory/typo3-core-sa-2023-006)

Signalée 14/11/2023

CVE-2023-47127

medium TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.

* [https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w](https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w)
* [https://typo3.org/security/advisory/typo3-core-sa-2024-003](https://typo3.org/security/advisory/typo3-core-sa-2024-003)

Signalée 13/02/2024

CVE-2024-25118

medium TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this vulnerability.

* [https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g](https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g)
* [https://typo3.org/security/advisory/typo3-core-sa-2024-004](https://typo3.org/security/advisory/typo3-core-sa-2024-004)

Signalée 13/02/2024

CVE-2024-25119

medium TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.

* [https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c](https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c)
* [https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references](https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references)
* [https://typo3.org/security/advisory/typo3-core-sa-2024-005](https://typo3.org/security/advisory/typo3-core-sa-2024-005)

Signalée 13/02/2024

CVE-2024-25120

low TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At least with libxml2 version 2.9, the processing of XML external entities is disabled per default - and cannot be exploited. Besides that, a valid backend user account is needed. Update to TYPO3 version 10.4.10 to fix the problem described.

* [https://typo3.org/security/advisory/typo3-core-sa-2020-012](https://typo3.org/security/advisory/typo3-core-sa-2020-012)
* [https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-q9cp-mc96-m4w2](https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-q9cp-mc96-m4w2)

Signalée 23/11/2020

CVE-2020-26229

1 paquets abandonnés ont été trouvés

Paquet abandonné	Remplacement suggéré
symfony/inflector	EnglishInflector from the String component

Résumé Mise à jour possible

Votre version est Php 7.2

Votre version est Typo3 10

Typo3 10.4

high TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler

high TYPO3 Install Tool vulnerable to Code Execution

medium TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController

medium TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module

medium TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key

medium TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme

medium TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords

medium TYPO3-CORE-SA-2023-006: Weak Authentication in Session Handling

medium TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController

medium Path Traversal in TYPO3 File Abstraction Layer Storages

low Information Disclosure due to Out-of-scope Site Resolution

medium Cross-Site Scripting in CKEditor4 WordCount Plugin

low Information Disclosure in TYPO3 Page Tree

low Denial of Service in TYPO3 Bookmark Toolbar

low CVE-2024-50345: Open redirect via browser-sanitized URLs

high CVE-2024-51736: Command execution hijack on Windows with Process class

critical exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.

critical When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

critical Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.

critical In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

critical An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.

critical When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.

critical In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.

critical The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

high An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.

high An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.

high An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.

high An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.

high An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call.

high ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.

high An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.

high An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.

high An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.

high An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.

high In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.

medium exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.

medium The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.

medium In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.

medium In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.

medium In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

medium In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.

medium A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.

low In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

medium SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

medium Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

medium In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `Host-` or `Secure-` cookie by PHP applications.