Vulnerabilities > PHP > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-09 | CVE-2019-11041 | Out-of-bounds Read vulnerability in multiple products When PHP EXIF extension is parsing EXIF information from an image, e.g. | 7.1 |
2019-03-11 | CVE-2019-9675 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. | 8.1 |
2019-03-09 | CVE-2019-9641 | Use of Uninitialized Resource vulnerability in multiple products An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. | 7.5 |
2019-02-22 | CVE-2019-9025 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in PHP 7.3.x before 7.3.1. | 7.5 |
2019-02-22 | CVE-2019-9023 | Out-of-bounds Read vulnerability in PHP An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. | 7.5 |
2019-02-22 | CVE-2019-9021 | Out-of-bounds Read vulnerability in PHP An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. | 7.5 |
2019-02-22 | CVE-2019-9020 | Use After Free vulnerability in PHP An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. | 7.5 |
2019-01-27 | CVE-2019-6977 | Out-of-bounds Write vulnerability in multiple products gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. | 8.8 |
2018-11-25 | CVE-2018-19518 | Argument Injection or Modification vulnerability in multiple products University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. | 7.5 |
2018-08-02 | CVE-2017-9120 | Integer Overflow or Wraparound vulnerability in multiple products PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string. | 7.5 |