Published: 23/12/2019 Updated: 07/11/2023

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

It exists that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. (CVE-2019-11045)

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 7.4.0
php php
debian debian linux 8.0
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 19.04
fedoraproject fedora 30
canonical ubuntu linux 14.04
fedoraproject fedora 31
canonical ubuntu linux 12.04
debian debian linux 9.0
debian debian linux 10.0
opensuse leap 15.1
tenable securitycenter

Several security issues were fixed in PHP ...

Synopsis Moderate: rh-php73-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php73-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Synopsis Moderate: php:73 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the php:73 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names For the stable distribution (buster), these problems have been fixed in version 7314-1~deb10u1 We recommend that you upgrade your php73 pa ...

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names For the oldstable distribution (stretch), these problems have been fixed in version 7033-0+deb9u7 We recommend that you upgrade your php70 ...

In PHP versions 72x below 7226, 73x below 7313 and 740, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte This could lead to security vulnerabilities, eg in applications checking paths that the code is allowed to access (CVE-2019-11045) In PHP versions 73x below 7313 an ...

Tenablesc leverages third-party software to help provide underlying functionality Multiple third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential impact of the ...

CWE-125 https://bugs.php.net/bug.php?id=78793 https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html https://security.netapp.com/advisory/ntap-20200103-0002/https://usn.ubuntu.com/4239-1/http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html https://seclists.org/bugtraq/2020/Feb/27 https://www.debian.org/security/2020/dsa-4626 https://seclists.org/bugtraq/2020/Feb/31 https://www.debian.org/security/2020/dsa-4628 https://seclists.org/bugtraq/2021/Jan/3 https://www.tenable.com/security/tns-2021-14 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N7GCOAE6KVHYJ3UQ4KLPLTGSLX6IRVRN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/https://usn.ubuntu.com/4239-1/https://nvd.nist.gov

CVE-2019-11050

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect