Vulnerabilities > PHP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-09 | CVE-2019-9638 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. | 5.0 |
| 2019-03-09 | CVE-2019-9637 | Permissions, Privileges, and Access Controls vulnerability in PHP An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. | 5.0 |
| 2019-02-22 | CVE-2019-9024 | Out-of-bounds Read vulnerability in PHP An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. | 5.0 |
| 2019-02-22 | CVE-2019-9022 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. | 5.0 |
| 2019-02-21 | CVE-2018-20783 | Out-of-bounds Read vulnerability in PHP In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. | 5.0 |
| 2018-12-28 | CVE-2018-1000888 | Deserialization of Untrusted Data vulnerability in multiple products PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. | 6.8 |
| 2018-12-07 | CVE-2018-19935 | NULL Pointer Dereference vulnerability in multiple products ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function. | 5.0 |
| 2018-11-25 | CVE-2018-19520 | Code Injection vulnerability in multiple products An issue was discovered in SDCMS 1.6 with PHP 5.x. | 6.5 |
| 2018-11-20 | CVE-2018-19396 | Deserialization of Untrusted Data vulnerability in PHP ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class. | 5.0 |
| 2018-11-20 | CVE-2018-19395 | NULL Pointer Dereference vulnerability in PHP ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell"). | 5.0 |