From d4a95f6b5e55a31646d14c99054b211cd83dccbd Mon Sep 17 00:00:00 2001 From: Daniel Date: Thu, 29 Aug 2019 12:36:30 -0400 Subject: [PATCH] Update checks using the newer version of the 'missing' command - many new CVEs found --- src/Psecio/Versionscan/checks.json | 300 ++++++++++++++++++++--------- 1 file changed, 204 insertions(+), 96 deletions(-) diff --git a/src/Psecio/Versionscan/checks.json b/src/Psecio/Versionscan/checks.json index 80ff7a6..48c38af 100644 --- a/src/Psecio/Versionscan/checks.json +++ b/src/Psecio/Versionscan/checks.json @@ -4446,7 +4446,6 @@ ] } }, - { "threat": "5.0", "cveid": "CVE-2013-7345", @@ -4458,6 +4457,16 @@ ] } }, + { + "threat": "6.8", + "cveid": "CVE-2013-7456", + "summary": "gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function.", + "fixVersions": { + "base": [ + "7.0.7" + ] + } + }, { "threat": "7.2", "cveid": "CVE-2014-0185", @@ -5043,6 +5052,18 @@ ] } }, + { + "threat": "4.3", + "cveid": "CVE-2015-3152", + "summary": "Oracle MySQL before 5.7.3, Oracle MySQL Connector\/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.", + "fixVersions": { + "base": [ + "5.6.11", + "5.5.27", + "5.4.43" + ] + } + }, { "threat": "7.5", "cveid": "CVE-2015-3307", @@ -5079,6 +5100,16 @@ ] } }, + { + "threat": "6.4", + "cveid": "CVE-2015-3411", + "summary": "PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.", + "fixVersions": { + "base": [ + "5.6.8" + ] + } + }, { "threat": "7.5", "cveid": "CVE-2015-3414", @@ -5492,6 +5523,16 @@ ] } }, + { + "threat": "7.5", + "cveid": "CVE-2015-8383", + "summary": "PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", + "fixVersions": { + "base": [ + "7.0.3" + ] + } + }, { "threat": "7.5", "cveid": "CVE-2015-8616", @@ -6053,6 +6094,16 @@ ] } }, + { + "threat": "6.8", + "cveid": "CVE-2016-5766", + "summary": "Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.", + "fixVersions": { + "base": [ + "7.0.8" + ] + } + }, { "threat": "7.5", "cveid": "CVE-2016-5768", @@ -6495,6 +6546,16 @@ ] } }, + { + "threat": "5.0", + "cveid": "CVE-2016-9933", + "summary": "Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.", + "fixVersions": { + "base": [ + "7.0.13" + ] + } + }, { "threat": "5.0", "cveid": "CVE-2016-9934", @@ -6584,6 +6645,18 @@ ] } }, + { + "threat": "9.8", + "cveid": "CVE-2016-10166", + "summary": "Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.", + "fixVersions": { + "base": [ + "7.3.1", + "7.2.14", + "7.1.26" + ] + } + }, { "threat": "5.0", "cveid": "CVE-2016-10397", @@ -6945,7 +7018,7 @@ { "threat": "4.3", "cveid": "CVE-2018-10547", - "summary": "An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.", + "summary": "An issue was discovered in ext\/phar\/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.", "fixVersions": { "base": [ "5.6.36", @@ -7124,6 +7197,19 @@ ] } }, + { + "threat": "7.5", + "cveid": "CVE-2018-19518", + "summary": "University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client\/imap4r1.c and the tcp_aopen function in osdep\/unix\/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a \"-oProxyCommand\" argument.", + "fixVersions": { + "base": [ + "7.0.33", + "7.3.0", + "7.2.13", + "7.1.25" + ] + } + }, { "threat": "5.0", "cveid": "CVE-2018-19935", @@ -7144,81 +7230,104 @@ } }, { - "threat": "9.1", - "cveid": "CVE-2019-11034", - "summary": "When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.", + "threat": "7.5", + "cveid": "CVE-2018-20783", + "summary": "In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext\/phar\/phar.c.", "fixVersions": { "base": [ - "7.1.28", - "7.3.4", - "7.2.17" + "7.0.33", + "7.3.0", + "7.2.13", + "7.1.25" ] } }, { - "threat": "9.1", - "cveid": "CVE-2019-11035", - "summary": "When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.", + "threat": "8.8", + "cveid": "CVE-2019-6977", + "summary": "gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.", "fixVersions": { "base": [ - "7.1.28", - "7.3.4", - "7.2.17" + "7.3.1", + "7.2.14", + "7.1.26" ] } }, { - "threat": "7.5", - "cveid": "CVE-2019-9637", - "summary": "An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.", + "threat": "9.8", + "cveid": "CVE-2019-9020", + "summary": "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext\/xmlrpc\/libxmlrpc\/xml_element.c.", "fixVersions": { "base": [ - "7.1.27", - "7.2.16", - "7.3.3" + "7.3.1", + "7.2.14", + "7.1.26" ] } }, { "threat": "9.8", - "cveid": "CVE-2019-9641", - "summary": "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.", + "cveid": "CVE-2019-9021", + "summary": "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext\/phar\/phar.c.", "fixVersions": { "base": [ - "7.1.27", - "7.2.16", - "7.3.3" + "7.3.1", + "7.2.14", + "7.1.26" ] } }, { "threat": "7.5", - "cveid": "CVE-2019-9640", - "summary": "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.", + "cveid": "CVE-2019-9022", + "summary": "An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext\/standard\/dns.c for DNS_CAA and DNS_ANY queries.", "fixVersions": { "base": [ - "7.1.27", - "7.2.16", - "7.3.3" + "7.3.2", + "7.2.14", + "7.1.26" + ] + } + }, + { + "threat": "9.8", + "cveid": "CVE-2019-9023", + "summary": "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext\/mbstring\/oniguruma\/regcomp.c, ext\/mbstring\/oniguruma\/regexec.c, ext\/mbstring\/oniguruma\/regparse.c, ext\/mbstring\/oniguruma\/enc\/unicode.c, and ext\/mbstring\/oniguruma\/src\/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.", + "fixVersions": { + "base": [ + "7.3.1", + "7.2.14", + "7.1.26" ] } }, { "threat": "7.5", - "cveid": "CVE-2019-9638", - "summary": "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.", + "cveid": "CVE-2019-9024", + "summary": "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext\/xmlrpc\/libxmlrpc\/base64.c.", "fixVersions": { "base": [ - "7.1.27", - "7.2.16", - "7.3.3" + "7.3.1", + "7.2.14", + "7.1.26" + ] + } + }, + { + "threat": "9.8", + "cveid": "CVE-2019-9025", + "summary": "An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext\/mbstring\/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data.", + "fixVersions": { + "base": [ + "7.3.1" ] } }, { "threat": "7.5", - "cveid": "CVE-2019-9639", - "summary": "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.", + "cveid": "CVE-2019-9637", + "summary": "An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.", "fixVersions": { "base": [ "7.1.27", @@ -7229,123 +7338,122 @@ }, { "threat": "7.5", - "cveid": "CVE-2019-9022", - "summary": "An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.", + "cveid": "CVE-2019-9638", + "summary": "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.", "fixVersions": { "base": [ - "7.3.2", - "7.2.14", - "7.1.26" + "7.1.27", + "7.2.16", + "7.3.3" ] } }, { - "threat": "9.8", - "cveid": "CVE-2016-10166", - "summary": "Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.", + "threat": "7.5", + "cveid": "CVE-2019-9639", + "summary": "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.", "fixVersions": { "base": [ - "7.3.1", - "7.2.14", - "7.1.26" + "7.1.27", + "7.2.16", + "7.3.3" ] } }, { - "threat": "8.8", - "cveid": "CVE-2019-6977", - "summary": "gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigger imagecolormatch calls with crafted image data.", + "threat": "7.5", + "cveid": "CVE-2019-9640", + "summary": "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.", "fixVersions": { "base": [ - "7.3.1", - "7.2.14", - "7.1.26" + "7.1.27", + "7.2.16", + "7.3.3" ] } }, { "threat": "9.8", - "cveid": "CVE-2019-9025", - "summary": "An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data.", + "cveid": "CVE-2019-9641", + "summary": "An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.", "fixVersions": { "base": [ - "7.3.1" + "7.1.27", + "7.2.16", + "7.3.3" ] } }, { - "threat": "9.8", - "cveid": "CVE-2019-9023", - "summary": "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.", + "threat": "9.1", + "cveid": "CVE-2019-11034", + "summary": "When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.", "fixVersions": { "base": [ - "7.3.1", - "7.2.14", - "7.1.26" + "7.1.28", + "7.3.4", + "7.2.17" ] } }, { - "threat": "9.8", - "cveid": "CVE-2019-9021", - "summary": "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.", + "threat": "9.1", + "cveid": "CVE-2019-11035", + "summary": "When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.", "fixVersions": { "base": [ - "7.3.1", - "7.2.14", - "7.1.26" + "7.1.28", + "7.3.4", + "7.2.17" ] } }, { - "threat": "9.8", - "cveid": "CVE-2019-9020", - "summary": "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.", + "threat": "6.4", + "cveid": "CVE-2019-11036", + "summary": "When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.", "fixVersions": { "base": [ - "7.3.1", - "7.2.14", - "7.1.26" + "7.3.5", + "7.2.18", + "7.1.29" ] } }, { - "threat": "7.5", - "cveid": "CVE-2019-9024", - "summary": "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.", + "threat": "6.4", + "cveid": "CVE-2019-11040", + "summary": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.", "fixVersions": { "base": [ - "7.3.1", - "7.2.14", - "7.1.26" + "7.3.6", + "7.2.19", + "7.1.30" ] } }, { - "threat": "7.5", - "cveid": "CVE-2018-19518", - "summary": "University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a \"-oProxyCommand\" argument.", + "threat": "6.8", + "cveid": "CVE-2019-11042", + "summary": "When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.", "fixVersions": { "base": [ - "7.0.33", - "7.3.0", - "7.2.13", - "7.1.25" + "7.3.8", + "7.2.21", + "7.1.31" ] } }, { "threat": "7.5", - "cveid": "CVE-2018-20783", - "summary": "In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c.", + "cveid": "CVE-2019-13224", + "summary": "A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.", "fixVersions": { "base": [ - "7.0.33", - "7.3.0", - "7.2.13", - "7.1.25" + "7.3.9" ] } } - ] -} + ], + "updatedAt": "2019-08-29T16:21:39+00:00" +} \ No newline at end of file