Search CVE reports
41 – 50 of 243 results
CVE-2020-7068
Low priorityIn PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | Not in release | Not in release | Not in release | Not in release |
php7.0 | — | Not in release | Not in release | Not in release | Fixed |
php7.2 | — | Not in release | Not in release | Fixed | Not in release |
php7.4 | — | Not in release | Fixed | Not in release | Not in release |
php8.0 | — | Not in release | Not in release | Not in release | Not in release |
php8.1 | — | Not affected | Not in release | Not in release | Not in release |
CVE-2019-11048
Medium priorityIn PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage,...
5 affected packages
php5, php7.0, php7.2, php7.3, php7.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | Not in release | Not in release | Not in release |
php7.0 | — | — | Not in release | Not in release | Fixed |
php7.2 | — | — | Not in release | Fixed | Not in release |
php7.3 | — | — | Not in release | Not in release | Not in release |
php7.4 | — | — | Fixed | Not in release | Not in release |
CVE-2020-7067
Medium priorityIn PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously...
5 affected packages
php5, php7.0, php7.2, php7.3, php7.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Not affected |
php7.2 | — | — | — | Not affected | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
php7.4 | — | — | — | Not in release | Not in release |
CVE-2020-7066
Medium priorityIn PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some...
5 affected packages
php5, php7.0, php7.2, php7.3, php7.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | Not in release | Not in release | Not in release |
php7.0 | — | — | Not in release | Not in release | Fixed |
php7.2 | — | — | Not in release | Fixed | Not in release |
php7.3 | — | — | Not in release | Not in release | Not in release |
php7.4 | — | — | Fixed | Not in release | Not in release |
CVE-2020-7065
Medium priorityIn PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory...
5 affected packages
php5, php7.0, php7.2, php7.3, php7.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | Not in release | Not in release | Not in release |
php7.0 | — | — | Not in release | Not in release | Not affected |
php7.2 | — | — | Not in release | Not affected | Not in release |
php7.3 | — | — | Not in release | Not in release | Not in release |
php7.4 | — | — | Fixed | Not in release | Not in release |
CVE-2020-7064
Medium priorityIn PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This...
5 affected packages
php5, php7.0, php7.2, php7.3, php7.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | Not in release | Not in release | Not in release |
php7.0 | — | — | Not in release | Not in release | Fixed |
php7.2 | — | — | Not in release | Fixed | Not in release |
php7.3 | — | — | Not in release | Not in release | Not in release |
php7.4 | — | — | Fixed | Not in release | Not in release |
CVE-2020-7063
Low priorityIn PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the...
5 affected packages
php5, php7.0, php7.2, php7.3, php7.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.2 | — | — | — | Fixed | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
php7.4 | — | — | — | Not in release | Not in release |
CVE-2020-7062
Low priorityIn PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file...
5 affected packages
php5, php7.0, php7.2, php7.3, php7.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.2 | — | — | — | Fixed | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
php7.4 | — | — | — | Not in release | Not in release |
CVE-2020-7061
Low priorityIn PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially...
5 affected packages
php5, php7.0, php7.2, php7.3, php7.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Not affected |
php7.2 | — | — | — | Not affected | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
php7.4 | — | — | — | Not in release | Not in release |
CVE-2017-6363
Low prioritySome fixes available 4 of 6
** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2...
6 affected packages
libgd2, php5, php7.0, php7.2, php7.3, php7.4
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgd2 | Not affected | Not affected | Fixed | Fixed | Fixed |
php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
php7.0 | Not in release | Not in release | Not in release | Not in release | Not affected |
php7.2 | Not in release | Not in release | Not in release | Not affected | Not in release |
php7.3 | Not in release | Not in release | Not in release | Not in release | Not in release |
php7.4 | Not in release | Not in release | Not affected | Not in release | Not in release |