Vulnerabilities (CVE)

Vendor filter

Php Subscribe

Filter

624 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-11034 1 Php 1 Php 2019-04-19 6.4
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.2.8, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVE-2019-11035 1 Php 1 Php 2019-04-19 6.4
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.2.8, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
CVE-2019-9024 4 Php, Debian, Canonical and 1 more 4 Php, Debian Linux, Ubuntu Linux and 1 more 2019-04-17 5.0
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in...
CVE-2017-8923 1 Php 1 Php 2019-04-16 7.5
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly...
CVE-2019-6977 5 Libgd, Php, Debian and 2 more 5 Libgd, Php, Debian Linux and 2 more 2019-04-10 6.8
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow....
CVE-2019-9023 3 Php, Debian, Canonical 3 Php, Debian Linux, Ubuntu Linux 2019-03-21 7.5
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid...
CVE-2019-9022 3 Php, Debian, Canonical 3 Php, Debian Linux, Ubuntu Linux 2019-03-21 5.0
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the...
CVE-2019-9021 3 Php, Debian, Canonical 3 Php, Debian Linux, Ubuntu Linux 2019-03-21 7.5
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated...
CVE-2019-9020 3 Php, Debian, Canonical 3 Php, Debian Linux, Ubuntu Linux 2019-03-21 7.5
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is...
CVE-2017-9119 2 Php, Netapp 3 Php, Clustered Data Ontap, Storage Automation Store 2019-03-19 7.5
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data...
CVE-2017-9120 2 Php, Netapp 2 Php, Storage Automation Store 2019-03-19 7.5
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
CVE-2017-9118 2 Php, Netapp 2 Php, Storage Automation Store 2019-03-19 5.0
PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
CVE-2018-10546 4 Php, Canonical, Netapp and 1 more 4 Php, Ubuntu Linux, Storage Automation Store and 1 more 2019-03-18 5.0
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
CVE-2018-10548 4 Php, Canonical, Debian and 1 more 4 Php, Ubuntu Linux, Debian Linux and 1 more 2019-03-18 5.0
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of...
CVE-2018-10545 4 Php, Canonical, Debian and 1 more 4 Php, Ubuntu Linux, Debian Linux and 1 more 2019-03-18 1.9
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing...
CVE-2018-10547 4 Php, Canonical, Debian and 1 more 4 Php, Ubuntu Linux, Debian Linux and 1 more 2019-03-15 4.3
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file....
CVE-2018-10549 4 Php, Canonical, Netapp and 1 more 4 Php, Ubuntu Linux, Storage Automation Store and 1 more 2019-03-15 6.8
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a...
CVE-2018-12882 3 Php, Canonical, Netapp 3 Php, Ubuntu Linux, Storage Automation Store 2019-03-12 7.5
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through...
CVE-2019-9641 2 Php, Debian 2 Php, Debian Linux 2019-03-11 7.5
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
CVE-2019-9675 1 Php 1 Php 2019-03-11 6.8
** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an...