Search for packages
| purl | pkg:deb/ubuntu/php7.0@7.0.33-0ubuntu0.16.04.15 |
| Next non-vulnerable version | 7.0.33-0ubuntu0.16.04.16 |
| Latest non-vulnerable version | 7.0.33-0ubuntu0.16.04.16 |
| Risk | 3.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3wkt-v868-aaae
Aliases: CVE-2020-7070 |
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-pmx1-7vev-aaaj | In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server. |
CVE-2019-11048
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|