Search CVE reports


Toggle filters

11 – 20 of 50 results


CVE-2020-7060

Medium priority
Fixed

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to...

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release
php7.0 Not in release
php7.2 Fixed
php7.3 Not in release
Show less packages

CVE-2020-7059

Medium priority
Fixed

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated...

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release
php7.0 Not in release
php7.2 Fixed
php7.3 Not in release
Show less packages

CVE-2019-9675

Low priority
Fixed

An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an...

4 affected packages

php7.2, php5, php7.0, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php7.2 Fixed
php5 Not in release
php7.0 Not in release
php7.3 Not in release
Show less packages

CVE-2019-9641

Medium priority
Fixed

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release
php7.0 Not in release
php7.2 Fixed
php7.3 Not in release
Show less packages

CVE-2019-9640

Medium priority
Fixed

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.

4 affected packages

php7.0, php5, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php7.0 Not in release
php5 Not in release
php7.2 Fixed
php7.3 Not in release
Show less packages

CVE-2019-9639

Medium priority
Fixed

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release
php7.0 Not in release
php7.2 Fixed
php7.3 Not in release
Show less packages

CVE-2019-9638

Medium priority
Fixed

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the...

4 affected packages

php7.3, php7.2, php5, php7.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php7.3 Not in release
php7.2 Fixed
php5 Not in release
php7.0 Not in release
Show less packages

CVE-2019-9637

Low priority
Fixed

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong...

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release
php7.0 Not in release
php7.2 Fixed
php7.3 Not in release
Show less packages

CVE-2019-9025

Medium priority
Not affected

An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which...

4 affected packages

php7.2, php7.3, php5, php7.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php7.2 Not affected
php7.3 Not in release
php5 Not in release
php7.0 Not in release
Show less packages

CVE-2019-9024

Medium priority
Fixed

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas...

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release
php7.0 Not in release
php7.2 Fixed
php7.3 Not in release
Show less packages