Search CVE reports
121 – 130 of 239 results
CVE-2017-9229
Medium prioritySome fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of...
4 affected packages
libonig, php5, php7.0, php7.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libonig | — | — | — | Fixed | Fixed |
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.1 | — | — | — | Not in release | Not in release |
CVE-2017-9228
Medium prioritySome fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an...
4 affected packages
libonig, php5, php7.0, php7.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libonig | — | — | — | Fixed | Fixed |
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.1 | — | — | — | Not in release | Not in release |
CVE-2017-9227
Medium prioritySome fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling...
4 affected packages
libonig, php5, php7.0, php7.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libonig | — | — | — | Fixed | Fixed |
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.1 | — | — | — | Not in release | Not in release |
CVE-2017-9226
Medium prioritySome fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation....
4 affected packages
libonig, php5, php7.0, php7.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libonig | — | — | — | Fixed | Fixed |
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.1 | — | — | — | Not in release | Not in release |
CVE-2017-9224
Medium prioritySome fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error...
4 affected packages
libonig, php5, php7.0, php7.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libonig | — | — | — | Fixed | Fixed |
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
php7.1 | — | — | — | Not in release | Not in release |
CVE-2017-9119
Low prioritySome fixes available 3 of 8
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
php7.0 | Not in release | Not in release | Not in release | Not in release | Fixed |
php7.2 | Not in release | Not in release | Not in release | Fixed | Not in release |
php7.4 | Not in release | Not in release | Fixed | Not in release | Not in release |
php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
php8.1 | Not in release | Not affected | Not in release | Not in release | Not in release |
CVE-2017-8923
Low prioritySome fixes available 4 of 9
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash)...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
php7.0 | Not in release | Not in release | Not in release | Not in release | Fixed |
php7.2 | Not in release | Not in release | Not in release | Fixed | Not in release |
php7.4 | Not in release | Not in release | Fixed | Not in release | Not in release |
php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
php8.1 | Not in release | Not affected | Not in release | Not in release | Not in release |
CVE-2017-6441
Negligible priority** DISPUTED ** The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script....
3 affected packages
php5, php7.0, php7.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | Not in release |
php7.0 | — | — | — | — | Ignored |
php7.1 | — | — | — | — | Not in release |
CVE-2017-7272
Low priorityPHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use...
3 affected packages
php5, php7.0, php7.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | Not in release |
php7.0 | — | — | — | — | Ignored |
php7.1 | — | — | — | — | Not in release |
CVE-2015-8994
Low priorityAn issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with...
3 affected packages
php5, php7.0, php7.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | Not in release |
php7.0 | — | — | — | — | Not affected |
php7.1 | — | — | — | — | Not in release |