Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

31 – 40 of 49 results

CVE-2020-7071

Low priority
Fixed

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Fixed
php7.2 Not in release Not in release Fixed Not in release
php7.4 Not in release Fixed Not in release Not in release
php8.0 Not in release Not in release Not in release Not in release
php8.1 Not affected Not in release Not in release Not in release
Show less packages

CVE-2020-7070

Medium priority
Fixed

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with...

4 affected packages

php5, php7.0, php7.2, php7.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Fixed
php7.2 Not in release Fixed Not in release
php7.4 Fixed Not in release Not in release
Show less packages

CVE-2020-7069

Medium priority
Fixed

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both...

4 affected packages

php5, php7.0, php7.2, php7.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not affected
php7.2 Not in release Fixed Not in release
php7.4 Fixed Not in release Not in release
Show less packages

CVE-2020-7068

Low priority
Fixed

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Fixed
php7.2 Not in release Not in release Fixed Not in release
php7.4 Not in release Fixed Not in release Not in release
php8.0 Not in release Not in release Not in release Not in release
php8.1 Not affected Not in release Not in release Not in release
Show less packages

CVE-2019-11048

Medium priority
Fixed

In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage,...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Fixed
php7.2 Not in release Fixed Not in release
php7.3 Not in release Not in release Not in release
php7.4 Fixed Not in release Not in release
Show less packages

CVE-2020-7067

Medium priority
Not affected

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Not affected
php7.2 Not affected Not in release
php7.3 Not in release Not in release
php7.4 Not in release Not in release
Show less packages

CVE-2020-7066

Medium priority
Fixed

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Fixed
php7.2 Not in release Fixed Not in release
php7.3 Not in release Not in release Not in release
php7.4 Fixed Not in release Not in release
Show less packages

CVE-2020-7065

Medium priority
Fixed

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not affected
php7.2 Not in release Not affected Not in release
php7.3 Not in release Not in release Not in release
php7.4 Fixed Not in release Not in release
Show less packages

CVE-2020-7064

Medium priority
Fixed

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Fixed
php7.2 Not in release Fixed Not in release
php7.3 Not in release Not in release Not in release
php7.4 Fixed Not in release Not in release
Show less packages

CVE-2020-7063

Low priority
Fixed

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.2 Fixed Not in release
php7.3 Not in release Not in release
php7.4 Not in release Not in release
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON