CVE search results

71 – 80 of 656 results

Detailed view

Sort by:

CVE-2019-11047

Low priority

Fixed

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to...

4 affected packages

php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Fixed
php7.3	—	—	—	Not in release

CVE-2019-11046

Low priority

Fixed

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing...

4 affected packages

php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Fixed
php7.3	—	—	—	Not in release

CVE-2019-11045

Low priority

Fixed

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g....

4 affected packages

php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Fixed
php7.3	—	—	—	Not in release

CVE-2019-11044

Low priority

Not affected

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities,...

4 affected packages

php7.2, php7.3, php5, php7.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php7.2	—	—	—	Not affected
php7.3	—	—	—	Not in release
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release

CVE-2010-4657

Negligible priority

Ignored

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.

1 affected package

php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	—

CVE-2019-11043

Medium priority

Fixed

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol...

4 affected packages

php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Fixed
php7.3	—	—	—	Not in release

CVE-2019-11042

Medium priority

Fixed

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will...

4 affected packages

php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Fixed
php7.3	—	—	—	Not in release

CVE-2019-11041

Medium priority

Fixed

4 affected packages

php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Fixed
php7.3	—	—	—	Not in release

CVE-2017-7189

Low priority

Vulnerable

main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This...

7 affected packages

php5, php7.4, php8.0, php8.1, php7.0...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	Not in release	Not in release	Not in release	Not in release
php7.4	Not in release	Not in release	Vulnerable	Not in release
php8.0	Not in release	Not in release	Not in release	Not in release
php8.1	Not in release	Vulnerable	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release
php7.2	Not in release	Not in release	Not in release	Vulnerable
php7.3	Not in release	Not in release	Not in release	Not in release

CVE-2019-13224

Medium priority

Some fixes available 16 of 41

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression....

8 affected packages

libonig, groonga, libevhtp, mudlet, php5...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libonig	Fixed	Fixed	Fixed	Fixed
groonga	Vulnerable	Vulnerable	Vulnerable	Vulnerable
libevhtp	Not affected	Not affected	Not affected	Not affected
mudlet	Not in release	Not in release	Vulnerable	Vulnerable
php5	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release
php7.2	Not in release	Not in release	Not in release	Not affected
php7.3	Not in release	Not in release	Not in release	Not in release

Export to JSON

Results by page:

Search CVE reports