Vulnerability & Exploit Database

Displaying entries 111 - 120 of 143473 in total

PHP Vulnerability: CVE-2019-9639 Vulnerability

  • Severity: 8
  • Published: March 08, 2019

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.

PHP Vulnerability: CVE-2019-9638 Vulnerability

  • Severity: 8
  • Published: March 08, 2019

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.

PHP Vulnerability: CVE-2019-9637 Vulnerability

  • Severity: 5
  • Published: March 08, 2019

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.

Debian: CVE-2019-9641: php5, php7.0 -- security update Vulnerability

  • Severity: 8
  • Published: March 08, 2019

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.

Debian: CVE-2019-9639: php5, php7.0 -- security update Vulnerability

  • Severity: 8
  • Published: March 08, 2019

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.

Debian: CVE-2019-9638: php5, php7.0 -- security update Vulnerability

  • Severity: 8
  • Published: March 08, 2019

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.

Debian: CVE-2019-9637: php5, php7.0 -- security update Vulnerability

  • Severity: 5
  • Published: March 08, 2019

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.

IBM WebSphere Application Server: CVE-2019-4030: IBM Cross-site scripting vulnerability in WebSphere Application Server Admin Console (CVE-2019-4030) Vulnerability

  • Severity: 4
  • Published: March 06, 2019

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155946.

OpenSSL ChaCha20-Poly1305 with long nonces (CVE-2019-1543) Vulnerability

  • Severity: 6
  • Published: March 06, 2019

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of...