Vulnerabilities (CVE)

Vendor filter

Php Subscribe

Filter

633 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-9675 3 Php, Canonical, Opensuse 3 Php, Ubuntu Linux, Leap 2019-06-03 6.8
** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an...
CVE-2019-9640 5 Php, Canonical, Debian and 2 more 5 Php, Ubuntu Linux, Debian Linux and 2 more 2019-06-03 5.0
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
CVE-2019-9639 5 Php, Canonical, Debian and 2 more 5 Php, Ubuntu Linux, Debian Linux and 2 more 2019-06-03 5.0
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
CVE-2019-9638 5 Php, Debian, Canonical and 2 more 5 Php, Debian Linux, Ubuntu Linux and 2 more 2019-06-03 5.0
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
CVE-2019-9637 5 Php, Debian, Canonical and 2 more 5 Php, Debian Linux, Ubuntu Linux and 2 more 2019-06-03 5.0
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the...
CVE-2019-11035 3 Php, Canonical, Netapp 3 Php, Ubuntu Linux, Storage Automation Store 2019-06-03 6.4
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
CVE-2019-11034 3 Php, Canonical, Netapp 3 Php, Ubuntu Linux, Storage Automation Store 2019-06-03 6.4
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVE-2007-1864 4 Php, Canonical, Debian and 1 more 5 Php, Ubuntu Linux, Debian Linux and 2 more 2019-05-22 7.5
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.
CVE-2017-11362 1 Php 1 Php 2019-05-22 7.5
In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly...
CVE-2016-10712 2 Php, Canonical 2 Php, Ubuntu Linux 2019-05-22 5.0
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri =...
CVE-2018-20783 2 Php, Opensuse 2 Php, Leap 2019-05-22 5.0
In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar...
CVE-2019-11037 1 Php 1 Imagick 2019-05-16 7.5
In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to...
CVE-2015-4643 4 Php, Redhat, Debian and 1 more 12 Enterprise Linux Desktop, Enterprise Linux, Php and 9 more 2019-05-10 7.5
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based...
CVE-2015-9253 1 Php 1 Php 2019-04-26 6.8
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or...
CVE-2015-4024 5 Hp, Apple, Php and 2 more 12 Linux, Enterprise Linux Desktop, Enterprise Linux and 9 more 2019-04-22 5.0
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted...
CVE-2015-4022 3 Apple, Php, Redhat 9 Enterprise Linux Desktop, Enterprise Linux, Php and 6 more 2019-04-22 7.5
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer...
CVE-2015-4026 3 Apple, Php, Redhat 9 Enterprise Linux Desktop, Enterprise Linux, Php and 6 more 2019-04-22 7.5
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute...
CVE-2015-4602 2 Php, Redhat 8 Enterprise Linux Desktop, Enterprise Linux, Php and 5 more 2019-04-22 10.0
The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code...
CVE-2015-3330 4 Apple, Php, Oracle and 1 more 11 Linux, Enterprise Linux Desktop, Enterprise Linux and 8 more 2019-04-22 6.8
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash)...
CVE-2015-4603 2 Php, Redhat 8 Enterprise Linux Desktop, Enterprise Linux, Php and 5 more 2019-04-22 10.0
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.