Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-5300-2
HistoryMar 03, 2022 - 12:00 a.m.

PHP vulnerabilities

2022-03-0300:00:00
ubuntu.com
90

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.8%

JSON

Releases

  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM

Packages

  • php7.2 - HTML-embedded scripting language interpreter
  • php7.4 - HTML-embedded scripting language interpreter

Details

USN-5300-1 fixed vulnerabilities in PHP. This update provides the
corresponding updates for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

Original advisory details:

It was discovered that PHP incorrectly handled certain scripts.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120)

It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service,
or possibly obtain sensitive information. (CVE-2017-9119)

It was discovered that PHP incorrectly handled certain scripts with XML
parsing functions.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2021-21707)

OSVersionArchitecturePackageVersionFilename
Ubuntu20.04noarchphp7.4-cgi< 7.4.3-4ubuntu2.10UNKNOWN
Ubuntu20.04noarchlibapache2-mod-php7.4< 7.4.3-4ubuntu2.10UNKNOWN
Ubuntu20.04noarchlibapache2-mod-php7.4-dbgsym< 7.4.3-4ubuntu2.10UNKNOWN
Ubuntu20.04noarchlibphp7.4-embed< 7.4.3-4ubuntu2.10UNKNOWN
Ubuntu20.04noarchlibphp7.4-embed-dbgsym< 7.4.3-4ubuntu2.10UNKNOWN
Ubuntu20.04noarchphp7.4< 7.4.3-4ubuntu2.10UNKNOWN
Ubuntu20.04noarchphp7.4-bcmath< 7.4.3-4ubuntu2.10UNKNOWN
Ubuntu20.04noarchphp7.4-bcmath-dbgsym< 7.4.3-4ubuntu2.10UNKNOWN
Ubuntu20.04noarchphp7.4-bz2< 7.4.3-4ubuntu2.10UNKNOWN
Ubuntu20.04noarchphp7.4-bz2-dbgsym< 7.4.3-4ubuntu2.10UNKNOWN
Rows per page:
1-10 of 1441

Related

nessus 52
osv 12
ubuntu 5
suse 11
openvas 12
debiancve 6
prion 6
ubuntucve 6
attackerkb 1
veracode 5
cve 6
f5 1
alpinelinux 2
cbl_mariner 4
redhatcve 5
mageia 2
altlinux 4
fedora 3
checkpoint_advisories 1
ibm 4
debian 2
oraclelinux 1
almalinux 1
redhat 3
rocky 1
rosalinux 1
oracle 1
nessus
nessus
Ubuntu 16.04 ESM : PHP vulnerabilities (USN-5300-1)
2022-02-23 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : PHP vulnerabilities (USN-5300-2)
2022-03-03 00:00:00
EulerOS 2.0 SP8 : php (EulerOS-SA-2022-2477)
2022-10-09 00:00:00
osv
osv
php7.2, php7.4 vulnerabilities
2022-03-03 13:58:39
php7.0 vulnerabilities
2022-02-22 20:26:05
CVE-2017-9119
2017-05-21 19:29:00
ubuntu
ubuntu
PHP vulnerabilities
2022-03-07 00:00:00
PHP vulnerabilities
2022-02-22 00:00:00
PHP vulnerabilities
2018-09-18 00:00:00
suse
suse
Security update for php7 (moderate)
2022-03-02 00:00:00
Security update for php7 (moderate)
2018-09-07 15:10:36
Security update for php7 (moderate)
2022-03-04 00:00:00
openvas
openvas
PHP 'PHP-FPM' Denial of Service Vulnerability (Windows)
2018-02-20 00:00:00
PHP 'PHP-FPM' Denial of Service Vulnerability (Linux)
2018-02-20 00:00:00
PHP Integer Overflow Vulnerability Aug18 (Linux)
2018-08-06 00:00:00
debiancve
debiancve
CVE-2015-9253
2018-02-19 19:29:00
CVE-2017-9120
2018-08-02 15:29:00
CVE-2017-9119
2017-05-21 19:29:00
prion
prion
Code injection
2018-02-19 19:29:00
Integer overflow
2018-08-02 15:29:00
Design/Logic Flaw
2017-05-21 19:29:00
ubuntucve
ubuntucve
CVE-2015-9253
2018-02-19 00:00:00
CVE-2017-9119
2017-05-21 00:00:00
CVE-2017-9120
2018-08-02 00:00:00
attackerkb
attackerkb
CVE-2017-9120
2018-08-02 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-03-08 17:03:01
Denial Of Service (DoS)
2019-08-20 00:10:40
Denial Of Service (DoS)
2022-03-08 17:02:50
cve
cve
CVE-2017-9119
2017-05-21 19:29:00
CVE-2015-9253
2018-02-19 19:29:00
CVE-2017-9120
2018-08-02 15:29:00
f5
f5
K51753557 : PHP vulnerability CVE-2015-9253
2018-05-07 00:00:00
alpinelinux
alpinelinux
CVE-2015-9253
2018-02-19 19:29:00
CVE-2021-21707
2021-11-29 07:15:00
cbl_mariner
cbl_mariner
CVE-2017-8923 affecting package php 7.4.14-3
2024-04-19 09:07:52
CVE-2017-9120 affecting package php 7.4.14-3
2024-04-19 09:07:52
CVE-2017-9118 affecting package php 7.4.14-3
2024-04-19 09:07:52
redhatcve
redhatcve
CVE-2017-9119
2017-05-30 10:20:59
CVE-2017-9118
2019-10-20 12:03:51
CVE-2017-9120
2018-08-03 02:49:00
mageia
mageia
Updated php packages fix security vulnerability
2021-12-24 00:01:45
Updated php packages fix security vulnerability
2021-11-20 22:31:06
altlinux
altlinux
Security fix for the ALT Linux 9 package php7 version 7.3.33-alt1
2021-11-29 00:00:00
Security fix for the ALT Linux 10 package php8.0 version 8.0.13-alt1
2021-12-01 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 8.0.13-alt1
2021-11-20 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: php-7.4.26-1.fc33
2021-11-25 01:05:22
[SECURITY] Fedora 35 Update: php-8.0.13-1.fc35
2021-11-26 01:22:42
[SECURITY] Fedora 34 Update: php-7.4.26-1.fc34
2021-11-25 00:59:03
checkpoint_advisories
checkpoint_advisories
PHP XML Parser Remote Code Execution (CVE-2021-21707)
2022-02-20 00:00:00
ibm
ibm
Security Bulletin: IBM API Connect is affected by PHP (CVE-2015-9253) and nginx (CVE-2016-0746) vulnerabilities
2021-08-12 17:41:58
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in PHP (CVE-2018-14851 CVE-2017-9118)
2019-04-15 15:25:01
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP (CVE-2018-17082 CVE-2018-14883 CVE-2018-14851 CVE-2017-9118)
2023-12-07 22:45:03
debian
debian
[SECURITY] [DSA 5082-1] php7.4 security update
2022-02-18 19:09:20
[SECURITY] [DLA 3243-1] php7.3 security update
2022-12-15 18:33:17
oraclelinux
oraclelinux
php:7.4 security, bug fix, and enhancement update
2022-11-15 00:00:00
almalinux
almalinux
Moderate: php:7.4 security, bug fix, and enhancement update
2022-11-08 00:00:00
redhat
redhat
(RHSA-2022:7628) Moderate: php:7.4 security, bug fix, and enhancement update
2022-11-08 06:25:00
(RHSA-2022:5491) Important: rh-php73-php security and bug fix update
2022-07-04 07:07:16
(RHSA-2019:2519) Moderate: rh-php71-php security, bug fix, and enhancement update
2019-08-19 08:09:18
rocky
rocky
php:7.4 security, bug fix, and enhancement update
2022-11-08 06:25:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
oracle
oracle
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.8%

JSON
Related for USN-5300-2
nessus52osv12ubuntu5suse11openvas12debiancve6prion6ubuntucve6attackerkb1veracode5cve6f51alpinelinux2cbl_mariner4redhatcve5mageia2altlinux4fedora3checkpoint_advisories1ibm4debian2oraclelinux1almalinux1redhat3rocky1rosalinux1oracle1