Search CVE reports
121 – 130 of 635 results
CVE-2017-11143
Medium prioritySome fixes available 1 of 2
In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty...
3 affected packages
php5, php7.0, php7.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | Not in release |
php7.0 | — | — | — | — | Not affected |
php7.1 | — | — | — | — | Not in release |
CVE-2016-10397
Medium prioritySome fixes available 1 of 2
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated...
3 affected packages
php5, php7.0, php7.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | Not in release |
php7.0 | — | — | — | — | Not affected |
php7.1 | — | — | — | — | Not in release |
CVE-2016-4473
Medium priority/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.
2 affected packages
php5, php7.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | Not in release |
php7.0 | — | — | — | — | Not affected |
CVE-2017-9225
Medium prioritySome fixes available 1 of 3
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during...
4 affected packages
libonig, php5, php7.0, php7.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libonig | — | — | — | Fixed | Not affected |
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Not affected |
php7.1 | — | — | — | Not in release | Not in release |
CVE-2017-9229
Medium prioritySome fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of...
4 affected packages
libonig, php5, php7.0, php7.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libonig | — | — | — | Fixed | Fixed |
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.1 | — | — | — | Not in release | Not in release |
CVE-2017-9228
Medium prioritySome fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an...
4 affected packages
libonig, php5, php7.0, php7.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libonig | — | — | — | Fixed | Fixed |
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.1 | — | — | — | Not in release | Not in release |
CVE-2017-9227
Medium prioritySome fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling...
4 affected packages
libonig, php5, php7.0, php7.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libonig | — | — | — | Fixed | Fixed |
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.1 | — | — | — | Not in release | Not in release |
CVE-2017-9226
Medium prioritySome fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation....
4 affected packages
libonig, php5, php7.0, php7.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libonig | — | — | — | Fixed | Fixed |
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.1 | — | — | — | Not in release | Not in release |
CVE-2017-9224
Medium prioritySome fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error...
4 affected packages
libonig, php5, php7.0, php7.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libonig | — | — | — | Fixed | Fixed |
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.1 | — | — | — | Not in release | Not in release |
CVE-2017-9119
Low prioritySome fixes available 3 of 8
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
php7.0 | Not in release | Not in release | Not in release | Not in release | Fixed |
php7.2 | Not in release | Not in release | Not in release | Fixed | Not in release |
php7.4 | Not in release | Not in release | Fixed | Not in release | Not in release |
php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
php8.1 | Not in release | Not affected | Not in release | Not in release | Not in release |