Search CVE reports
11 – 18 of 18 results
CVE-2020-7071
Low priorityIn PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | Not in release | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release | Fixed |
| php7.2 | — | Not in release | Not in release | Fixed | Not in release |
| php7.4 | — | Not in release | Fixed | Not in release | Not in release |
| php8.0 | — | Not in release | Not in release | Not in release | Not in release |
| php8.1 | — | Not affected | Not in release | Not in release | Not in release |
CVE-2020-7068
Low priorityIn PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | Not in release | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release | Fixed |
| php7.2 | — | Not in release | Not in release | Fixed | Not in release |
| php7.4 | — | Not in release | Fixed | Not in release | Not in release |
| php8.0 | — | Not in release | Not in release | Not in release | Not in release |
| php8.1 | — | Not affected | Not in release | Not in release | Not in release |
CVE-2017-7189
Low prioritymain/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This...
7 affected packages
php5, php7.0, php7.2, php7.3, php7.4...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| php7.2 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| php7.3 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.4 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
| php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
CVE-2017-9120
Medium prioritySome fixes available 4 of 7
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release | Fixed |
| php7.2 | Not in release | Not in release | Not in release | Fixed | Not in release |
| php7.4 | Not in release | Not in release | Fixed | Not in release | Not in release |
| php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Not affected | Not in release | Not in release | Not in release |
CVE-2017-9118
Medium prioritySome fixes available 7 of 10
PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release | Fixed |
| php7.2 | Not in release | Not in release | Not in release | Fixed | Not in release |
| php7.4 | Not in release | Not in release | Fixed | Not in release | Not in release |
| php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Fixed | Not in release | Not in release | Not in release |
CVE-2017-9119
Low prioritySome fixes available 3 of 8
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release | Fixed |
| php7.2 | Not in release | Not in release | Not in release | Fixed | Not in release |
| php7.4 | Not in release | Not in release | Fixed | Not in release | Not in release |
| php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Not affected | Not in release | Not in release | Not in release |
CVE-2017-8923
Low prioritySome fixes available 4 of 9
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash)...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release | Fixed |
| php7.2 | Not in release | Not in release | Not in release | Fixed | Not in release |
| php7.4 | Not in release | Not in release | Fixed | Not in release | Not in release |
| php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Not affected | Not in release | Not in release | Not in release |
CVE-2016-9138
Low priorityPHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| php7.2 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| php7.4 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
| php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Vulnerable | Not in release | Not in release | Not in release |