Search CVE reports
231 – 239 of 239 results
CVE-2016-3185
Medium priorityThe make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a...
2 affected packages
php5, php7.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | Not in release |
php7.0 | — | — | — | — | Not affected |
CVE-2016-2554
Medium priorityStack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a...
2 affected packages
php5, php7.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | — |
php7.0 | — | — | — | — | — |
CVE-2016-1904
Medium priorityMultiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2)...
2 affected packages
php5, php7.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | — |
php7.0 | — | — | — | — | — |
CVE-2016-1903
Low prioritySome fixes available 2 of 3
The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service...
3 affected packages
libgd2, php5, php7.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgd2 | — | — | — | — | Not affected |
php5 | — | — | — | — | Not in release |
php7.0 | — | — | — | — | Not affected |
CVE-2015-8865
Low prioritySome fixes available 5 of 7
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent...
3 affected packages
file, php5, php7.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
file | — | — | — | Not affected | Not affected |
php5 | — | — | — | Not in release | Not in release |
php7.0 | — | — | — | Not in release | Fixed |
CVE-2015-8838
Medium priorityext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade...
2 affected packages
php5, php7.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | — |
php7.0 | — | — | — | — | — |
CVE-2015-8835
Medium priorityThe make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL...
2 affected packages
php5, php7.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | — |
php7.0 | — | — | — | — | — |
CVE-2013-6501
Negligible priorityThe default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a...
2 affected packages
php5, php7.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | Not in release |
php7.0 | — | — | — | — | Ignored |
CVE-2014-9767
Low prioritySome fixes available 3 of 4
Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers...
3 affected packages
hhvm, php5, php7.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
hhvm | Not in release | Not in release | Not in release | Not affected | Vulnerable |
php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
php7.0 | Not in release | Not in release | Not in release | Not in release | Not affected |