Nikita

#14079of 53,634
19.1Total CVSS
Vulnerabilities · 3
Medium
3
PT-2019-4729
6.5
2019-12-21
Php · Php · CVE-2019-11047
**Name of the Vulnerable Software and Affected Versions** PHP versions 7.2.x through 7.2.25 PHP versions 7.3.x through 7.3.12 PHP version 7.4.0 **Description** The issue is caused by a buffer overflow in the exif read data function of the PHP interpreter. This can allow a remote attacker to disclose protected information or cause a denial of service. The vulnerability is triggered when the PHP EXIF extension parses EXIF information from an image, such as through the `exif read data()` function. **Recommendations** For PHP version 7.2.x, update to version 7.2.26 or later. For PHP version 7.3.x, update to version 7.3.13 or later. For PHP version 7.4.0, update to a later version that includes the fix for this issue. As a temporary workaround, consider disabling the `exif read data()` function until a patch is available.
PT-2019-4739
6.5
2019-12-21
Php · Php · CVE-2019-11050
**Name of the Vulnerable Software and Affected Versions** PHP versions 7.2.x through 7.2.25 PHP versions 7.3.x through 7.3.12 PHP version 7.4.0 **Description** The issue is related to the PHP EXIF extension when parsing EXIF information from an image, for example, via the `exif read data()` function. It is possible to supply it with data that will cause it to read past the allocated buffer, potentially leading to information disclosure or a crash. The vulnerability is also described as a use-after-free issue in the `exif read data` function, which may allow a remote attacker to disclose protected information or cause a denial of service. **Recommendations** For PHP versions 7.2.x through 7.2.25, update to version 7.2.26 or later. For PHP versions 7.3.x through 7.3.12, update to version 7.3.13 or later. For PHP version 7.4.0, update to a later version, as 7.4.0 is affected.
PT-2017-14105
6.1
2017-10-18
Redmine · Redmine · CVE-2017-15573
**Name of the Vulnerable Software and Affected Versions** Redmine versions prior to 3.2.6 Redmine versions 3.3.x prior to 3.3.3 **Description** The issue exists due to mishandled markup in wiki content, leading to XSS. **Recommendations** For versions prior to 3.2.6, update to version 3.2.6 or later. For versions 3.3.x prior to 3.3.3, update to version 3.3.3 or later.