High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-30	CVE-2021-32610	Link Following vulnerability in multiple products In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. local low complexity php debian fedoraproject CWE-59	7.1
2021-01-18	CVE-2020-36193	Link Following vulnerability in multiple products Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. network low complexity php fedoraproject debian drupal CWE-59	7.5
2020-11-19	CVE-2020-28949	Injection vulnerability in multiple products Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. local low complexity php debian fedoraproject drupal CWE-74	7.8
2020-11-19	CVE-2020-28948	Deserialization of Untrusted Data vulnerability in multiple products Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. local low complexity php debian fedoraproject drupal CWE-502	7.8
2020-02-12	CVE-2011-3336	Resource Exhaustion vulnerability in multiple products regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. network low complexity php apple freebsd openbsd CWE-400	7.8
2019-12-23	CVE-2019-11044	In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. network low complexity php tenable fedoraproject	7.5
2019-11-26	CVE-2011-1939	SQL Injection vulnerability in multiple products SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6. network low complexity zend php debian CWE-89	7.5
2019-11-25	CVE-2019-19246	Out-of-bounds Read vulnerability in multiple products Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. network low complexity oniguruma-project php fedoraproject canonical debian CWE-125	7.5
2019-09-06	CVE-2016-7398	Incorrect Type Conversion or Cast vulnerability in PHP Ext-Http A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests. network low complexity php CWE-704	7.5
2019-08-09	CVE-2019-11042	Out-of-bounds Read vulnerability in multiple products When PHP EXIF extension is parsing EXIF information from an image, e.g. network low complexity php debian canonical apple opensuse redhat tenable CWE-125	7.1