Vulnerabilities > PHP > High

DATE CVE VULNERABILITY TITLE RISK
2019-12-23 CVE-2019-11044 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte.
network
low complexity
php tenable fedoraproject
7.5
2019-11-25 CVE-2019-19246 Out-of-bounds Read vulnerability in multiple products
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
7.5
2019-11-13 CVE-2010-4657 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2.
network
low complexity
php redhat debian CWE-772
7.5
2019-08-09 CVE-2019-11042 Out-of-bounds Read vulnerability in multiple products
When PHP EXIF extension is parsing EXIF information from an image, e.g.
7.1
2019-08-09 CVE-2019-11041 Out-of-bounds Read vulnerability in multiple products
When PHP EXIF extension is parsing EXIF information from an image, e.g.
7.1
2019-07-10 CVE-2017-7189 Improper Input Validation vulnerability in PHP
main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80.
network
low complexity
php CWE-20
7.5
2019-03-11 CVE-2019-9675 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3.
network
high complexity
php canonical opensuse CWE-119
8.1
2019-03-09 CVE-2019-9640 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php canonical debian opensuse netapp redhat CWE-125
7.5
2019-03-09 CVE-2019-9639 Missing Initialization of Resource vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp redhat CWE-909
7.5
2019-03-09 CVE-2019-9638 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp redhat CWE-125
7.5