CVE search results

51 – 60 of 113 results

Detailed view

Sort by:

CVE-2020-7064

Medium priority

Fixed

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	Not in release	Not in release
php7.0	—	—	Not in release	Not in release
php7.2	—	—	Not in release	Fixed
php7.3	—	—	Not in release	Not in release
php7.4	—	—	Fixed	Not in release

CVE-2020-7063

Low priority

Fixed

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Fixed
php7.3	—	—	—	Not in release
php7.4	—	—	—	Not in release

CVE-2020-7062

Low priority

Fixed

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Fixed
php7.3	—	—	—	Not in release
php7.4	—	—	—	Not in release

CVE-2020-7061

Low priority

Not affected

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Not affected
php7.3	—	—	—	Not in release
php7.4	—	—	—	Not in release

CVE-2017-6363

Low priority

Some fixes available 4 of 6

** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says “In my opinion this issue should not have a CVE, since the GD and GD2...

6 affected packages

libgd2, php5, php7.0, php7.2, php7.3, php7.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libgd2	Not affected	Not affected	Fixed	Fixed
php5	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release
php7.2	Not in release	Not in release	Not in release	Not affected
php7.3	Not in release	Not in release	Not in release	Not in release
php7.4	Not in release	Not in release	Not affected	Not in release

CVE-2018-14553

Low priority

Some fixes available 14 of 24

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

6 affected packages

doxygen, libgd2, php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
doxygen	Vulnerable	Vulnerable	Vulnerable	Not affected
libgd2	Fixed	Fixed	Fixed	Fixed
php5	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release
php7.2	Not in release	Not in release	Not in release	Not affected
php7.3	Not in release	Not in release	Not in release	Not in release

CVE-2020-7060

Medium priority

Fixed

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to...

4 affected packages

php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Fixed
php7.3	—	—	—	Not in release

CVE-2020-7059

Medium priority

Fixed

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated...

4 affected packages

php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Fixed
php7.3	—	—	—	Not in release

CVE-2019-11050

Low priority

Fixed

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to...

4 affected packages

php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Fixed
php7.3	—	—	—	Not in release

CVE-2019-11049

Medium priority

Not affected

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this...

4 affected packages

php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Not affected
php7.3	—	—	—	Not in release

Export to JSON

Results by page:

Search CVE reports