Search CVE reports
71 – 80 of 659 results
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated...
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.2 | — | — | — | Fixed |
| php7.3 | — | — | — | Not in release |
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to...
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.2 | — | — | — | Fixed |
| php7.3 | — | — | — | Not in release |
In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this...
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.2 | — | — | — | Not affected |
| php7.3 | — | — | — | Not in release |
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to...
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.2 | — | — | — | Fixed |
| php7.3 | — | — | — | Not in release |
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing...
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.2 | — | — | — | Fixed |
| php7.3 | — | — | — | Not in release |
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g....
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.2 | — | — | — | Fixed |
| php7.3 | — | — | — | Not in release |
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities,...
4 affected packages
php7.2, php7.3, php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php7.2 | — | — | — | Not affected |
| php7.3 | — | — | — | Not in release |
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
1 affected package
php5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | — | — | — | — |
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol...
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.2 | — | — | — | Fixed |
| php7.3 | — | — | — | Not in release |
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will...
4 affected packages
php5, php7.0, php7.2, php7.3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.2 | — | — | — | Fixed |
| php7.3 | — | — | — | Not in release |