CVE search results

11 – 20 of 48 results

Detailed view

Sort by:

CVE-2020-7061

Low priority

Not affected

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Not affected
php7.2	—	—	—	Not affected	Not in release
php7.3	—	—	—	Not in release	Not in release
php7.4	—	—	—	Not in release	Not in release

CVE-2017-6363

Low priority

Some fixes available 4 of 18

** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2...

7 affected packages

libgd2, libwmf, php5, php7.0, php7.2...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libgd2	Not affected	Not affected	Fixed	Fixed	Fixed
libwmf	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
php5	Not in release	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release	Not affected
php7.2	Not in release	Not in release	Not in release	Not affected	Not in release
php7.3	Not in release	Not in release	Not in release	Not in release	Not in release
php7.4	Not in release	Not in release	Not affected	Not in release	Not in release

CVE-2018-14553

Low priority

Some fixes available 13 of 22

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

6 affected packages

doxygen, libgd2, php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
doxygen	Vulnerable	Vulnerable	Vulnerable	Not affected	Not affected
libgd2	Fixed	Fixed	Fixed	Fixed	Fixed
php5	Not in release	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release	Not affected
php7.2	Not in release	Not in release	Not in release	Not affected	Not in release
php7.3	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2020-7060

Medium priority

Fixed

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to...

4 affected packages

php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.2	—	—	—	Fixed	Not in release
php7.3	—	—	—	Not in release	Not in release

CVE-2020-7059

Medium priority

Fixed

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated...

4 affected packages

php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.2	—	—	—	Fixed	Not in release
php7.3	—	—	—	Not in release	Not in release

CVE-2019-11050

Low priority

Fixed

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to...

4 affected packages

php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.2	—	—	—	Fixed	Not in release
php7.3	—	—	—	Not in release	Not in release

CVE-2019-11049

Medium priority

Not affected

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this...

4 affected packages

php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Not affected
php7.2	—	—	—	Not affected	Not in release
php7.3	—	—	—	Not in release	Not in release

CVE-2019-11047

Low priority

Fixed

4 affected packages

php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.2	—	—	—	Fixed	Not in release
php7.3	—	—	—	Not in release	Not in release

CVE-2019-11046

Low priority

Fixed

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing...

4 affected packages

php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.2	—	—	—	Fixed	Not in release
php7.3	—	—	—	Not in release	Not in release

CVE-2019-11045

Low priority

Fixed

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g....

4 affected packages

php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.2	—	—	—	Fixed	Not in release
php7.3	—	—	—	Not in release	Not in release

Export to JSON

Results by page:

Search CVE reports