Updated php and pcre2 packages fix security vulnerabilities: - FPM (#78599) env_path_info underflow in fpm_main.c can lead to RCE. (CVE-2019-11043) - MBString (#78633) Heap buffer overflow (read) in mb_eregi. - Mysqlnd (#78525) Memory leak in pdo when reusing native prepared statements. - PCRE (#78272) calling preg_match() before pcntl_fork() will freeze child process. - Base (#78612) strtr leaks memory when integer keys are used and the subject string shorter.

OSVersionArchitecturePackageVersionFilename
Mageia7noarchphp< 7.3.11-1php-7.3.11-1.mga7
Mageia7noarchpcre2< 10.33-1.1pcre2-10.33-1.1.mga7

OS	Version	Architecture	Package	Version	Filename
Mageia	7	noarch	php	< 7.3.11-1	php-7.3.11-1.mga7
Mageia	7	noarch	pcre2	< 10.33-1.1	pcre2-10.33-1.1.mga7

References

bugs.mageia.org/show_bug.cgi?id=25603

bugs.php.net/bug.php?id=78272

www.php.net/ChangeLog-7.php#7.3.11

githubexploit 18

threatpost 5

openvas 29

f5 1

redhat 9

oraclelinux 5

nessus 60

packetstorm 1

exploitpack 1

redhatcve 1

ubuntucve 1

thn 2

rocky 2

altlinux 3

alpinelinux 1

osv 10

debian 3

prion 1

archlinux 1

almalinux 2

metasploit 1

checkpoint_advisories 1

gentoo 1

ibm 1

exploitdb 2

nvd 1

centos 2

zdt 2

symantec 1

veracode 1

impervablog 2

suse 2

hackerone 2

amazon 2

fedora 3

attackerkb 1

debiancve 1

qualysblog 1

cisa_kev 1

cvelist 1

ubuntu 2

freebsd 1

cve 1

apple 2

githubexploit

Exploit for Out-of-bounds Write in Php

2019-11-11 11:29:54

Exploit for Out-of-bounds Write in Php

2019-10-28 15:31:34

Exploit for Out-of-bounds Write in Php

2019-10-24 09:09:01

threatpost

WordPress Flaw Opens Millions of WooCommerce Shops to Takeover

2018-11-07 15:33:51

GoDaddy Shutters 15,000 Subdomains Tied to 'Snake Oil' Scams

2019-04-26 17:47:01

PHP Bug Allows Remote Code-Execution on NGINX Servers

2019-10-28 16:18:11

openvas

PHP 'CVE-2019-11043' FPM Remote Code Execution Vulnerability (Version Check)

2019-10-25 00:00:00

Fedora Update for php FEDORA-2019-4adc49a476

2020-01-09 00:00:00

SUSE: Security Advisory (SUSE-SU-2019:2819-1)

2021-06-09 00:00:00

K75408500 : PHP FPM vulnerability CVE-2019-11043

2019-10-30 00:00:00

redhat

(RHSA-2019:3287) Critical: php security update

2019-10-31 16:35:54

(RHSA-2020:0322) Critical: php:7.2 security update

2020-02-03 21:13:36

(RHSA-2019:3300) Critical: rh-php71-php security update

2019-11-01 12:22:29

oraclelinux

php security update

2019-10-31 00:00:00

php security update

2019-10-31 00:00:00

php:7.2 security update

2019-11-23 00:00:00

nessus

CentOS 6 : php (CESA-2019:3287)

2019-11-04 00:00:00

Oracle Linux 6 : php (ELSA-2019-3287)

2019-11-04 00:00:00

SUSE SLES12 Security Update : php72 (SUSE-SU-2019:2909-1)

2019-11-07 00:00:00

packetstorm

PHP-FPM 7.x Remote Code Execution

2020-03-05 00:00:00

exploitpack

PHP-FPM + Nginx - Remote Code Execution

2019-10-28 00:00:00

redhatcve

CVE-2019-11043

2019-10-29 16:34:45

ubuntucve

CVE-2019-11043

2019-10-24 00:00:00

thn

Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacks

2022-06-23 06:36:00

New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers

2019-10-26 19:03:00

rocky

php:7.3 security update

2019-11-06 13:15:46

php:7.2 security update

2019-11-06 13:15:34

altlinux

Security fix for the ALT Linux 9 package php7 version 7.3.11-alt1

2019-12-04 00:00:00

Security fix for the ALT Linux 10 package php8.0 version 7.3.11-alt1

2019-11-19 00:00:00

Security fix for the ALT Linux 10 package php8.1 version 7.3.11-alt1

2019-11-19 00:00:00

alpinelinux

CVE-2019-11043

2019-10-28 15:15:13

osv

Critical: php:7.3 security update

2019-11-06 13:15:46

CVE-2019-11043

2019-10-28 15:15:13

php7.0 - security update

2019-10-28 00:00:00

debian

[SECURITY] [DSA 4552-1] php7.0 security update

2019-10-28 21:35:53

[SECURITY] [DLA 1970-1] php5 security update

2019-10-26 15:16:10

[SECURITY] [DSA 4553-1] php7.3 security update

2019-10-28 21:36:30

prion

Remote code execution

2019-10-28 15:15:00

archlinux

[ASA-201910-14] php: arbitrary code execution

2019-10-25 00:00:00

almalinux

Critical: php:7.2 security update

2019-11-06 13:15:34

Critical: php:7.3 security update

2019-11-06 13:15:46

metasploit

PHP-FPM Underflow RCE

2020-01-20 19:07:34

checkpoint_advisories

PHP FastCGI Process Manager Remote Code Execution (CVE-2019-11043)

2019-10-27 00:00:00

gentoo

PHP: Arbitrary code execution

2019-10-25 00:00:00

ibm

Security Bulletin: API Connect is impacted by a vulnerability in PHP (CVE-2019-11043)

2020-01-24 20:33:22

exploitdb

PHP-FPM + Nginx - Remote Code Execution

2019-10-28 00:00:00

PHP-FPM - Underflow Remote Code Execution (Metasploit)

2020-03-09 00:00:00

nvd

CVE-2019-11043

2019-10-28 15:15:13

centos

php security update

2019-11-01 22:23:48

php security update

2019-11-01 22:31:56

zdt

PHP-FPM 7.x Remote Code Execution Exploit

2020-03-06 00:00:00

PHP-FPM + Nginx - Remote Code Execution Exploit

2019-10-29 00:00:00

symantec

PHP CVE-2019-11043 Remote Code Execution Vulnerability

2019-10-24 00:00:00

veracode

Remote Code Execution (RCE)

2020-05-10 23:28:09

impervablog

Tracking CVE-2019-11043 PHP Vulnerability – An Uncommon Chain of Events

2019-10-30 11:03:17

The State of Vulnerabilities in 2019

2020-01-23 08:56:58

suse

Security update for php7 (important)

2019-11-05 00:00:00

Security update for php7 (important)

2019-11-09 00:00:00

hackerone

Internet Bug Bounty: CVE-2019-11043: a buffer underflow in fpm_main.c can lead to RCE in php-fpm

2019-10-24 18:27:39

Nextcloud: Docker image with FPM is vulnerable to CVE-2019-11043

2019-10-22 16:44:12

amazon

Critical: php

2019-10-31 20:28:00

Critical: php71, php72, php73, php56

2019-10-31 20:13:00

fedora

[SECURITY] Fedora 31 Update: php-7.3.11-1.fc31

2019-10-31 00:59:18

[SECURITY] Fedora 30 Update: php-7.3.11-1.fc30

2019-11-03 00:13:06

[SECURITY] Fedora 29 Update: php-7.2.24-1.fc29

2019-11-02 01:44:52

attackerkb

CVE-2019-11043

2019-10-28 00:00:00

debiancve

CVE-2019-11043

2019-10-28 15:15:13

qualysblog

PHP Remote Code Execution Vulnerability (CVE-2019-11043)

2019-10-30 19:40:38

cisa_kev

PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability

2022-03-25 00:00:00

cvelist

CVE-2019-11043 Underflow in PHP-FPM can lead to RCE

2019-10-28 14:19:04

ubuntu

PHP vulnerability

2019-10-28 00:00:00

PHP vulnerability

2019-10-29 00:00:00

freebsd

php -- env_path_info underflow in fpm_main.c can lead to RCE

2019-10-24 00:00:00

cve

CVE-2019-11043

2019-10-28 15:15:13

apple

About the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra

2020-01-28 00:00:00

About the security content of macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra - Apple Support

2020-09-08 03:54:07

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.972

Percentile

99.9%

JSON

Related for MGASA-2019-0307