| CVE-2020-7067 |  | Information Disclosure | out-of-bounds read when using a malformed url-encoded string | 2020-04-10 | 7.2.0 - 7.2.29
7.3.0 - 7.3.16
7.4.0 - 7.4.4
|
| CVE-2020-7064 |  | Information Disclosure | information disclosure in exif_read_data() function | 2020-04-01 | 7.2.0 - 7.2.8
7.3.0 - 7.3.15
7.4.0 - 7.4.3
|
| CVE-2020-7065 | | Remote Code Execution | by using mb_strtolower() function with UTF-32LE encoding leads to potential code execution | 2020-04-01 | 7.3.0 - 7.3.15
7.4.0 - 7.4.3
|
| CVE-2020-7066 | | Remote File Inclusion | information disclosure in function get_headers | 2020-04-01 | 7.2.0 - 7.2.8
7.3.0 - 7.3.15
7.4.0 - 7.4.3
|
| CVE-2020-7062 | | Denial of Service | NULL pointer dereference in PHP session upload progress | 2020-02-04 | 7.2.0 - 7.2.27
7.3.0 - 7.3.14
7.4.0 - 7.4.2
|
| CVE-2020-7061 | | Information Disclosure | heap-based buffer overflow in phar_extract_file | 2020-01-26 | 7.3.0 - 7.3.14
7.4.0 - 7.4.2
|
| CVE-2020-7059 | | Information Disclosure | Out of bounds read in php_strip_tags_ex | 2020-01-23 | 7.2.0 - 7.2.26
7.3.0 - 7.2.13
7.4.0 - 7.4.1
|
| CVE-2020-7060 | | Information Disclosure | Global buffer-overflow in mbfl_filt_conv_big5_wchar function | 2020-01-23 | 7.2.0 - 7.2.26
7.3.0 - 7.3.13
7.4.0 - 7.4.1
|
| CVE-2020-7063 | | Privilege Escalation | files added to tar with Phar::buildFromIterator have all-access permissions | 2020-01-08 | 7.2.0 - 7.2.27
7.3.0 - 7.3.14
7.4.0 - 7.4.2
|
| CVE-2019-11045 | | Privilege Escalation | PHP DirectoryIterator class accepts filenames with embedded null byte and treats them as terminating at that byte | 2019-12-22 | 7.2.0 - 7.2.25
7.3.0 - 7.3.12
7.4.0
|
