Product:

Php

(Php)
Repositories https://github.com/php/php-src
https://github.com/file/file
https://github.com/kkos/oniguruma
https://github.com/libgd/libgd
https://github.com/mysql/mysql-server
#Vulnerabilities 683
Date Id Summary Products Score Patch Annotated
2020-02-10 CVE-2020-7059 When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. Debian_linux, Leap, Communications_diameter_signaling_router, Php, Tenable\.sc 9.1
2020-02-10 CVE-2020-7060 When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. Debian_linux, Leap, Communications_diameter_signaling_router, Php, Tenable\.sc 9.1
2020-09-09 CVE-2020-7068 In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure. Debian_linux, Php, Tenable\.sc 3.6
2020-02-27 CVE-2020-7061 In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash. Php, Tenable\.sc 9.1
2020-04-27 CVE-2020-7067 In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes. Debian_linux, Communications_diameter_signaling_router, Php, Tenable\.sc 7.5
2020-02-27 CVE-2020-7063 In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted. Debian_linux, Leap, Php, Tenable\.sc 5.3
2020-04-01 CVE-2020-7066 In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server. Debian_linux, Leap, Php, Tenable\.sc 4.3
2019-03-09 CVE-2019-9638 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. Ubuntu_linux, Debian_linux, Storage_automation_store, Leap, Php, Software_collections 7.5
2019-03-09 CVE-2019-9639 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. Ubuntu_linux, Debian_linux, Storage_automation_store, Leap, Php, Software_collections 7.5
2019-03-09 CVE-2019-9640 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. Ubuntu_linux, Debian_linux, Storage_automation_store, Leap, Php, Software_collections 7.5