Published: 22/02/2019 Updated: 18/06/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An issue exists in PHP prior to 5.6.40, 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an malicious user to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.

Several security issues were fixed in PHP ...

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: Multiple out-of-bounds memory accesses were found in the xmlrpc, mbstring and phar extensions and the dns_get_record() function For the stable distribution (stretch), these problems have been fixed in version 7033-0+deb9u2 We recommend that ...

Synopsis Moderate: php:72 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the php:72 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...

Synopsis Critical: rh-php72-php security update Type/Severity Security Advisory: Critical Topic An update for rh-php72-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) ba ...

Synopsis Moderate: rh-php71-php security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-php71-php is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4398-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff February 28, 2019 wwwdebianorg/security/faq ...

pigat ( Passive Intelligence Gathering Aggregation Tool ) 被动信息收集聚合工具

Pigat：一款被动信息收集聚合工具前言 Pigat（Passive Intelligence Gathering Aggregation Tool）被动信息收集聚合工具，该工具通过爬取目标URL在第三方网站比如备案查询网站、子域名查询网站的结果来对目标进行被动信息收集。开发此工具的初衷就是平时在使用一些第三方的网站进行目标信息收�

CWE-125 http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html http://www.securityfocus.com/bid/106747 http://www.securityfocus.com/bid/107156 https://access.redhat.com/errata/RHSA-2019:2519 https://access.redhat.com/errata/RHSA-2019:3299 https://bugs.php.net/bug.php?id=77247 https://security.netapp.com/advisory/ntap-20190321-0001/https://usn.ubuntu.com/3902-1/https://usn.ubuntu.com/3902-2/https://www.debian.org/security/2019/dsa-4398 https://www.rapid7.com/db/vulnerabilities/debian-cve-2019-9021 https://nvd.nist.gov https://usn.ubuntu.com/3902-2/https://www.rapid7.com/db/vulnerabilities/php-cve-2019-9020

CVE-2019-9021

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

References