Search CVE reports


Toggle filters

81 – 90 of 113 results


CVE-2019-9637

Low priority
Fixed

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong...

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.2 Fixed Not in release
php7.3 Not in release Not in release
Show less packages

CVE-2019-9025

Medium priority
Not affected

An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which...

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Not affected
php7.2 Not affected Not in release
php7.3 Not in release Not in release
Show less packages

CVE-2019-9024

Medium priority
Fixed

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas...

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.2 Fixed Not in release
php7.3 Not in release Not in release
Show less packages

CVE-2019-9023

Medium priority
Fixed

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied...

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.2 Fixed Not in release
php7.3 Not in release Not in release
Show less packages

CVE-2019-9022

Medium priority
Fixed

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations...

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.2 Fixed Not in release
php7.3 Not in release Not in release
Show less packages

CVE-2019-9021

Medium priority
Fixed

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or...

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.2 Fixed Not in release
php7.3 Not in release Not in release
Show less packages

CVE-2019-9020

Medium priority
Fixed

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read...

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.2 Fixed Not in release
php7.3 Not in release Not in release
Show less packages

CVE-2018-20783

Low priority
Fixed

In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to...

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.2 Fixed Not in release
php7.3 Not in release Not in release
Show less packages

CVE-2019-6978

Low priority
Fixed

The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgd2 Not affected Fixed Fixed
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not affected
php7.2 Not in release Not affected Not in release
php7.3 Not in release Not in release Not in release
Show less packages

CVE-2019-6977

Medium priority
Fixed

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based...

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgd2 Fixed Fixed
php5 Not in release Not in release
php7.0 Not in release Not affected
php7.2 Not affected Not in release
php7.3 Not in release Not in release
Show less packages