Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
canonical php5 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-11043
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code exec...
Php Php
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2 EDB exploits
40 Github repositories
1 Article
9.8
CVSSv3
CVE-2019-13224
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows malicious users to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a ...
Oniguruma Project Oniguruma 6.9.2
Php Php
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Debian Debian Linux 8.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
9.8
CVSSv3
CVE-2019-9641
An issue exists in the EXIF component in PHP prior to 7.1.27, 7.2.x prior to 7.2.16, and 7.3.x prior to 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
Php Php
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Opensuse Leap 15.0
Opensuse Leap 15.1
Opensuse Leap 42.3
Netapp Storage Automation Store -
1 Github repository
9.8
CVSSv3
CVE-2019-9020
An issue exists in PHP prior to 5.6.40, 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ...
Php Php
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Netapp Storage Automation Store -
Opensuse Leap 42.3
9.8
CVSSv3
CVE-2019-9021
An issue exists in PHP prior to 5.6.40, 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an malicious user to read allocated or unallocated memory past the actual data whe...
Php Php
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Netapp Storage Automation Store -
Opensuse Leap 42.3
9.8
CVSSv3
CVE-2019-9023
An issue exists in PHP prior to 5.6.40, 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstr...
Php Php
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Netapp Storage Automation Store -
Opensuse Leap 42.3
9.8
CVSSv3
CVE-2018-7584
In PHP up to and including 5.6.33, 7.0.x prior to 7.0.28, 7.1.x up to and including 7.1.14, and 7.2.x up to and including 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper....
Php Php
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
1 EDB exploit
9.8
CVSSv3
CVE-2008-2108
The GENERATE_SEED macro in PHP 4.x prior to 4.4.8 and 5.x prior to 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force ...
Php Php
Fedoraproject Fedora 9
Fedoraproject Fedora 8
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Debian Debian Linux 4.0
9.8
CVSSv3
CVE-2008-0599
The init_request_info function in sapi/cgi/cgi_main.c in PHP prior to 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote malicious users to execute arbitrary code via a crafted URI.
Php Php
Fedoraproject Fedora 9
Fedoraproject Fedora 8
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Apple Mac Os X Server
Apple Mac Os X
9.1
CVSSv3
CVE-2019-11036
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
Php Php
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Redhat Software Collections 1.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Leap 15.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »