Search CVE reports
61 – 70 of 639 results
CVE-2010-4657
Negligible priorityPHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
1 affected packages
php5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | Not in release |
CVE-2019-11043
Medium priorityIn PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.2 | — | — | — | Fixed | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-11042
Medium priorityWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.2 | — | — | — | Fixed | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-11041
Medium priorityWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.2 | — | — | — | Fixed | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
CVE-2017-7189
Low prioritymain/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This...
7 affected packages
php5, php7.0, php7.2, php7.3, php7.4...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
php7.0 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
php7.2 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
php7.3 | Not in release | Not in release | Not in release | Not in release | Not in release |
php7.4 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
php8.1 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
CVE-2019-13224
Medium prioritySome fixes available 15 of 39
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression....
8 affected packages
groonga, libevhtp, libonig, mudlet, php5...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
groonga | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
libevhtp | Not affected | Not affected | Not affected | Not affected | Vulnerable |
libonig | Fixed | Fixed | Fixed | Fixed | Fixed |
mudlet | Not in release | Not in release | Vulnerable | Vulnerable | Vulnerable |
php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
php7.0 | Not in release | Not in release | Not in release | Not in release | Not affected |
php7.2 | Not in release | Not in release | Not in release | Not affected | Not in release |
php7.3 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2019-11038
Low prioritySome fixes available 3 of 5
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply...
5 affected packages
libgd2, php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgd2 | — | — | Not affected | Fixed | Fixed |
php5 | — | — | Not in release | Not in release | Not in release |
php7.0 | — | — | Not in release | Not in release | Not affected |
php7.2 | — | — | Not in release | Not affected | Not in release |
php7.3 | — | — | Not in release | Not in release | Not in release |
CVE-2019-11040
Medium priorityWhen PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.2 | — | — | — | Fixed | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-11039
Medium priorityFunction iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.2 | — | — | — | Fixed | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-11036
Low priorityWhen processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.2 | — | — | — | Fixed | Not in release |
php7.3 | — | — | — | Not in release | Not in release |