Search CVE reports

41 – 50 of 53 results

Detailed view

Sort by:

CVE-2020-7066

Medium priority

Fixed

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	Not in release	Not in release	Not in release
php7.0	—	—	Not in release	Not in release	Fixed
php7.2	—	—	Not in release	Fixed	Not in release
php7.3	—	—	Not in release	Not in release	Not in release
php7.4	—	—	Fixed	Not in release	Not in release

CVE-2020-7065

Medium priority

Fixed

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	Not in release	Not in release	Not in release
php7.0	—	—	Not in release	Not in release	Not affected
php7.2	—	—	Not in release	Not affected	Not in release
php7.3	—	—	Not in release	Not in release	Not in release
php7.4	—	—	Fixed	Not in release	Not in release

CVE-2020-7064

Medium priority

Fixed

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	Not in release	Not in release	Not in release
php7.0	—	—	Not in release	Not in release	Fixed
php7.2	—	—	Not in release	Fixed	Not in release
php7.3	—	—	Not in release	Not in release	Not in release
php7.4	—	—	Fixed	Not in release	Not in release

CVE-2020-7063

Low priority

Fixed

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.2	—	—	—	Fixed	Not in release
php7.3	—	—	—	Not in release	Not in release
php7.4	—	—	—	Not in release	Not in release

CVE-2020-7062

Low priority

Fixed

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.2	—	—	—	Fixed	Not in release
php7.3	—	—	—	Not in release	Not in release
php7.4	—	—	—	Not in release	Not in release

CVE-2020-7061

Low priority

Not affected

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Not affected
php7.2	—	—	—	Not affected	Not in release
php7.3	—	—	—	Not in release	Not in release
php7.4	—	—	—	Not in release	Not in release

CVE-2017-6363

Low priority

Some fixes available 4 of 6

** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2...

6 affected packages

libgd2, php5, php7.0, php7.2, php7.3, php7.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libgd2	Not affected	Not affected	Fixed	Fixed	Fixed
php5	Not in release	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release	Not affected
php7.2	Not in release	Not in release	Not in release	Not affected	Not in release
php7.3	Not in release	Not in release	Not in release	Not in release	Not in release
php7.4	Not in release	Not in release	Not affected	Not in release	Not in release

CVE-2017-7189

Low priority

Vulnerable

main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This...

7 affected packages

php5, php7.0, php7.2, php7.3, php7.4...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	Not in release	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release	Vulnerable
php7.2	Not in release	Not in release	Not in release	Vulnerable	Not in release
php7.3	Not in release	Not in release	Not in release	Not in release	Not in release
php7.4	Not in release	Not in release	Vulnerable	Not in release	Not in release
php8.0	Not in release	Not in release	Not in release	Not in release	Not in release
php8.1	Not in release	Vulnerable	Not in release	Not in release	Not in release

CVE-2017-9120

Medium priority

Some fixes available 4 of 7

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	Not in release	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release	Fixed
php7.2	Not in release	Not in release	Not in release	Fixed	Not in release
php7.4	Not in release	Not in release	Fixed	Not in release	Not in release
php8.0	Not in release	Not in release	Not in release	Not in release	Not in release
php8.1	Not in release	Not affected	Not in release	Not in release	Not in release

CVE-2017-9118

Medium priority

Some fixes available 7 of 10

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	Not in release	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release	Fixed
php7.2	Not in release	Not in release	Not in release	Fixed	Not in release
php7.4	Not in release	Not in release	Fixed	Not in release	Not in release
php8.0	Not in release	Not in release	Not in release	Not in release	Not in release
php8.1	Not in release	Fixed	Not in release	Not in release	Not in release

Export to JSON

Results by page: