Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

41 – 50 of 239 results

CVE-2020-7065

Medium priority
Fixed

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not affected
php7.2 Not in release Not affected Not in release
php7.3 Not in release Not in release Not in release
php7.4 Fixed Not in release Not in release
Show less packages

CVE-2020-7064

Medium priority
Fixed

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Fixed
php7.2 Not in release Fixed Not in release
php7.3 Not in release Not in release Not in release
php7.4 Fixed Not in release Not in release
Show less packages

CVE-2020-7063

Low priority
Fixed

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.2 Fixed Not in release
php7.3 Not in release Not in release
php7.4 Not in release Not in release
Show less packages

CVE-2020-7062

Low priority
Fixed

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.2 Fixed Not in release
php7.3 Not in release Not in release
php7.4 Not in release Not in release
Show less packages

CVE-2020-7061

Low priority
Not affected

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Not affected
php7.2 Not affected Not in release
php7.3 Not in release Not in release
php7.4 Not in release Not in release
Show less packages

CVE-2017-6363

Low priority

Some fixes available 4 of 18

** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2...

7 affected packages

libgd2, libwmf, php5, php7.0, php7.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgd2 Not affected Not affected Fixed Fixed Fixed
libwmf Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
php5 Not in release Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected Not in release
php7.3 Not in release Not in release Not in release Not in release Not in release
php7.4 Not in release Not in release Not affected Not in release Not in release
Show all 7 packages Show less packages

CVE-2018-14553

Low priority

Some fixes available 13 of 22

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

6 affected packages

doxygen, libgd2, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
doxygen Vulnerable Vulnerable Vulnerable Not affected Not affected
libgd2 Fixed Fixed Fixed Fixed Fixed
php5 Not in release Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected Not in release
php7.3 Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-7060

Medium priority
Fixed

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to...

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.2 Fixed Not in release
php7.3 Not in release Not in release
Show less packages

CVE-2020-7059

Medium priority
Fixed

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated...

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.2 Fixed Not in release
php7.3 Not in release Not in release
Show less packages

CVE-2019-11050

Low priority
Fixed

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to...

4 affected packages

php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.2 Fixed Not in release
php7.3 Not in release Not in release
Show less packages
  1. Previous page
  2. 3
  3. 4
  4. 5
  5. 6
  6. 7
  7. Next page
Export to JSON