Search CVE reports
81 – 90 of 243 results
CVE-2019-9021
Medium priorityAn issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.2 | — | — | — | Fixed | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-9020
Medium priorityAn issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.2 | — | — | — | Fixed | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
CVE-2018-20783
Low priorityIn PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to...
4 affected packages
php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.2 | — | — | — | Fixed | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
CVE-2019-6978
Low priorityThe GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
5 affected packages
libgd2, php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgd2 | — | — | Not affected | Fixed | Fixed |
php5 | — | — | Not in release | Not in release | Not in release |
php7.0 | — | — | Not in release | Not in release | Not affected |
php7.2 | — | — | Not in release | Not affected | Not in release |
php7.3 | — | — | Not in release | Not in release | Not in release |
CVE-2019-6977
Medium prioritygdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based...
5 affected packages
libgd2, php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgd2 | — | — | — | Fixed | Fixed |
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Not affected |
php7.2 | — | — | — | Not affected | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
CVE-2018-19935
Medium priorityext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
5 affected packages
php-imap, php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php-imap | — | — | — | Not in release | Not in release |
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.2 | — | — | — | Fixed | Not in release |
php7.3 | — | — | — | Not in release | Not in release |
CVE-2018-19518
Medium prioritySome fixes available 9 of 10
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function...
6 affected packages
php-imap, php5, php7.0, php7.2, php7.3, uw-imap
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php-imap | — | Not in release | Not in release | Not in release | Not in release |
php5 | — | Not in release | Not in release | Not in release | Not in release |
php7.0 | — | Not in release | Not in release | Not in release | Fixed |
php7.2 | — | Not in release | Not in release | Fixed | Not in release |
php7.3 | — | Not in release | Not in release | Not in release | Not in release |
uw-imap | — | Not affected | Not affected | Fixed | Fixed |
CVE-2018-19396
Medium priorityext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.
3 affected packages
php5, php7.0, php7.2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Not affected |
php7.2 | — | — | — | Not affected | Not in release |
CVE-2018-19395
Medium priorityext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get...
3 affected packages
php5, php7.0, php7.2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Not affected |
php7.2 | — | — | — | Not affected | Not in release |
CVE-2018-17082
Medium priorityThe Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the...
3 affected packages
php5, php7.0, php7.2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.2 | — | — | — | Fixed | Not in release |