CVE search results

121 – 124 of 124 results

Detailed view

Sort by:

CVE-2018-5712

Medium priority

Fixed

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

4 affected packages

php7.1, php5, php7.0, php7.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php7.1	—	—	—	Not in release
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Not affected

CVE-2017-9119

Low priority

Some fixes available 3 of 8

The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release
php7.2	Not in release	Not in release	Not in release	Fixed
php7.4	Not in release	Not in release	Fixed	Not in release
php8.0	Not in release	Not in release	Not in release	Not in release
php8.1	Not in release	Not affected	Not in release	Not in release

CVE-2017-8923

Low priority

Some fixes available 4 of 9

The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash)...

6 affected packages

php5, php7.2, php7.4, php8.0, php8.1, php7.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	Not in release	Not in release	Not in release	Not in release
php7.2	Not in release	Not in release	Not in release	Fixed
php7.4	Not in release	Not in release	Fixed	Not in release
php8.0	Not in release	Not in release	Not in release	Not in release
php8.1	Not in release	Not affected	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release

CVE-2016-9138

Low priority

Vulnerable

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted...

6 affected packages

php7.4, php7.0, php7.2, php5, php8.1, php8.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php7.4	Not in release	Not in release	Vulnerable	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release
php7.2	Not in release	Not in release	Not in release	Vulnerable
php5	Not in release	Not in release	Not in release	Not in release
php8.1	Not in release	Vulnerable	Not in release	Not in release
php8.0	Not in release	Not in release	Not in release	Not in release

Export to JSON

Results by page:

Search CVE reports