CVE-2019-11043

KEV
Published: Ott 28, 2019 Last Modified: Nov 03, 2025
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,7
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: none
HIGH 7,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,9411
Percentile
1,0th
Updated

EPSS Score Trend (Last 90 Days)

120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Modify Memory Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu)
Applicable Platforms
Languages: Assembly, C, C++, Memory-Unsafe
Likelihood of Exploit: High
View CWE Details
787

Out-of-bounds Write

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Availability Other
Potential Impacts:
Modify Memory Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Unexpected State
Applicable Platforms
Languages: Assembly, C, C++, Memory-Unsafe
Technologies: ICS/OT
Likelihood of Exploit: High
View CWE Details
Exploit

PHP-FPM + Nginx - Remote Code Execution

PHP-FPM + Nginx - Remote Code Execution

Author: Emil Lerner Published:
View Exploit Code →
Exploit

PHP-FPM - Underflow Remote Code Execution (Metasploit)

Verified Metasploit Framework (MSF)

PHP-FPM - Underflow Remote Code Execution (Metasploit)

Author: Metasploit Published: Status: Verified
View Exploit Code →
Operating System

Enterprise Linux For Ibm Z Systems Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Ibm Z Systems Eus
Version 8.1_s390x
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Ibm Z Systems Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Ibm Z Systems Eus
Version 8.4_s390x
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Ibm Z Systems Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Ibm Z Systems Eus
Version 8.2_s390x
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Eus
Version 8.4
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Tus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Tus
Version 8.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Tus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Tus
Version 7.7
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Arm 64 Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Arm 64 Eus
Version 8.8_aarch64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Ibm Z Systems by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Ibm Z Systems
Version 7.0_s390x
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Ibm Z Systems Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Ibm Z Systems Eus
Version 8.8_s390x
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 18.04
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Power Little Endian by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Power Little Endian
Version 8.0_ppc64le
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Arm 64 Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Arm 64 Eus
Version 8.1_aarch64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Ibm Z Systems by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Ibm Z Systems
Version 8.0_s390x
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Desktop by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Desktop
Version 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Arm 64 Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Arm 64 Eus
Version 8.6_aarch64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Scientific Computing by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Scientific Computing
Version 7.0
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Power Little Endian Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Power Little Endian Eus
Version 7.7_ppc64le
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Tenable.Sc by Tenable

Product Information
Vendor Tenable
Product Tenable.Sc
Version Range Affected
To 5.19.0 (exclusive)
cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server
Version 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Arm 64 by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Arm 64
Version 8.0_aarch64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Eus
Version 8.8
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Aus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Aus
Version 8.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Eus
Version 8.6
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Power Big Endian by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Power Big Endian
Version 6.0_ppc64
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Eus Compute Node by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Eus Compute Node
Version 7.7
cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Aus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Aus
Version 7.7
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Aus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Aus
Version 8.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Power Little Endian by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Power Little Endian
Version 7.0_ppc64le
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Power Big Endian Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Power Big Endian Eus
Version 7.7_ppc64
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fedora by Fedoraproject

Product Information
Vendor Fedoraproject
Product Fedora
Version 31
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Workstation by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Workstation
Version 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Eus
Version 8.2
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Eus
Version 7.7
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Php by Php

Product Information
Vendor Php
Product Php
Version Range Affected
From 7.3.0 (inclusive)
To 7.3.11 (exclusive)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Power Big Endian by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Power Big Endian
Version 7.0_ppc64
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Eus
Version 8.1
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Power Little Endian Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Power Little Endian Eus
Version 8.2_ppc64le
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fedora by Fedoraproject

Product Information
Vendor Fedoraproject
Product Fedora
Version 30
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server
Version 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Software Collections by Redhat

Product Information
Vendor Redhat
Product Software Collections
Version 1.0
cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 19.10
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Tus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Tus
Version 8.4
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Arm 64 Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Arm 64 Eus
Version 8.4_aarch64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Tus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Tus
Version 8.2
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Ibm Z Systems Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Ibm Z Systems Eus
Version 8.6_s390x
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Power Little Endian Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Power Little Endian Eus
Version 8.4_ppc64le
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Ibm Z Systems by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Ibm Z Systems
Version 6.0_s390x
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 19.04
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fedora by Fedoraproject

Product Information
Vendor Fedoraproject
Product Fedora
Version 29
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Php by Php

Product Information
Vendor Php
Product Php
Version Range Affected
From 7.1.0 (inclusive)
To 7.1.33 (exclusive)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Php by Php

Product Information
Vendor Php
Product Php
Version Range Affected
From 7.2.0 (inclusive)
To 7.2.24 (exclusive)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Power Little Endian Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Power Little Endian Eus
Version 8.6_ppc64le
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Aus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Aus
Version 8.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Workstation by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Workstation
Version 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Arm 64 Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Arm 64 Eus
Version 8.2_aarch64
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Desktop by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Desktop
Version 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux Server Tus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux Server Tus
Version 8.8
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux
Version 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Power Little Endian Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Power Little Endian Eus
Version 8.1_ppc64le
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Power Little Endian Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Power Little Endian Eus
Version 8.8_ppc64le
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux For Ibm Z Systems Eus by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux For Ibm Z Systems Eus
Version 7.7_s390x
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalo…
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019…
http://lists.opensuse.org/opensuse-security-announce/2019-1…
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2019-1…
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html
http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Rem…
http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.h…
https://access.redhat.com/errata/RHSA-2019:3286
https://access.redhat.com/errata/RHSA-2019:3286
https://access.redhat.com/errata/RHSA-2019:3287
https://access.redhat.com/errata/RHSA-2019:3287
https://access.redhat.com/errata/RHSA-2019:3299
https://access.redhat.com/errata/RHSA-2019:3299
https://access.redhat.com/errata/RHSA-2019:3300
https://access.redhat.com/errata/RHSA-2019:3300
https://access.redhat.com/errata/RHSA-2019:3724
https://access.redhat.com/errata/RHSA-2019:3724
https://access.redhat.com/errata/RHSA-2019:3735
https://access.redhat.com/errata/RHSA-2019:3735
https://access.redhat.com/errata/RHSA-2019:3736
https://access.redhat.com/errata/RHSA-2019:3736
https://access.redhat.com/errata/RHSA-2020:0322
https://access.redhat.com/errata/RHSA-2020:0322
https://bugs.php.net/bug.php?id=78599
https://bugs.php.net/bug.php?id=78599
http://seclists.org/fulldisclosure/2020/Jan/40
http://seclists.org/fulldisclosure/2020/Jan/40
https://github.com/neex/phuip-fpizdam
https://github.com/neex/phuip-fpizdam
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://seclists.org/bugtraq/2020/Jan/44
https://seclists.org/bugtraq/2020/Jan/44
https://security.netapp.com/advisory/ntap-20191031-0003/
https://security.netapp.com/advisory/ntap-20191031-0003/
https://support.apple.com/kb/HT210919
https://support.apple.com/kb/HT210919
https://support.f5.com/csp/article/K75408500?utm_source=f5s…
https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_med…
https://usn.ubuntu.com/4166-1/
https://usn.ubuntu.com/4166-1/
https://usn.ubuntu.com/4166-2/
https://usn.ubuntu.com/4166-2/
https://www.debian.org/security/2019/dsa-4552
https://www.debian.org/security/2019/dsa-4552
https://www.debian.org/security/2019/dsa-4553
https://www.debian.org/security/2019/dsa-4553
https://www.synology.com/security/advisory/Synology_SA_19_36
https://www.synology.com/security/advisory/Synology_SA_19_36
https://www.tenable.com/security/tns-2021-14
https://www.tenable.com/security/tns-2021-14
http://lists.opensuse.org/opensuse-security-announce/2019-1…
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2019-1…
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html
http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Rem…
http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.h…
https://access.redhat.com/errata/RHSA-2019:3286
https://access.redhat.com/errata/RHSA-2019:3286
https://access.redhat.com/errata/RHSA-2019:3287
https://access.redhat.com/errata/RHSA-2019:3287
https://access.redhat.com/errata/RHSA-2019:3299
https://access.redhat.com/errata/RHSA-2019:3299
https://access.redhat.com/errata/RHSA-2019:3300
https://access.redhat.com/errata/RHSA-2019:3300
https://access.redhat.com/errata/RHSA-2019:3724
https://access.redhat.com/errata/RHSA-2019:3724
https://access.redhat.com/errata/RHSA-2019:3735
https://access.redhat.com/errata/RHSA-2019:3735
https://access.redhat.com/errata/RHSA-2019:3736
https://access.redhat.com/errata/RHSA-2019:3736
https://access.redhat.com/errata/RHSA-2020:0322
https://access.redhat.com/errata/RHSA-2020:0322
https://bugs.php.net/bug.php?id=78599
https://bugs.php.net/bug.php?id=78599
http://seclists.org/fulldisclosure/2020/Jan/40
http://seclists.org/fulldisclosure/2020/Jan/40
https://github.com/neex/phuip-fpizdam
https://github.com/neex/phuip-fpizdam
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://seclists.org/bugtraq/2020/Jan/44
https://seclists.org/bugtraq/2020/Jan/44
https://security.netapp.com/advisory/ntap-20191031-0003/
https://security.netapp.com/advisory/ntap-20191031-0003/
https://support.apple.com/kb/HT210919
https://support.apple.com/kb/HT210919
https://support.f5.com/csp/article/K75408500?utm_source=f5s…
https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_med…
https://usn.ubuntu.com/4166-1/
https://usn.ubuntu.com/4166-1/
https://usn.ubuntu.com/4166-2/
https://usn.ubuntu.com/4166-2/
https://www.debian.org/security/2019/dsa-4552
https://www.debian.org/security/2019/dsa-4552
https://www.debian.org/security/2019/dsa-4553
https://www.debian.org/security/2019/dsa-4553
https://www.synology.com/security/advisory/Synology_SA_19_36
https://www.synology.com/security/advisory/Synology_SA_19_36
https://www.tenable.com/security/tns-2021-14
https://www.tenable.com/security/tns-2021-14