CVE search results

291 – 300 of 635 results

Detailed view

Sort by:

CVE-2015-2787

Medium priority

Fixed

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted...

1 affected packages

php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	—	—

CVE-2015-2348

Low priority

Fixed

The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to...

1 affected packages

php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	—	—

CVE-2015-2305

Medium priority

Some fixes available 29 of 83

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to...

23 affected packages

alpine, clamav, cups, efl, haskell-regex-posix...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
alpine	Not affected	Not affected	Not affected	Not affected	Not affected
clamav	Fixed	Fixed	Fixed	Fixed	Fixed
cups	Not affected	Not affected	Not affected	Not affected	Not affected
efl	Not affected	Not affected	Not affected	Not affected	Not affected
haskell-regex-posix	Not affected	Not affected	Not affected	Not affected	Not affected
knews	Not affected	Not affected	Not affected	Not affected	Not affected
librcsb-core-wrapper	Not affected	Not affected	Not affected	Not affected	Not affected
llvm-toolchain-3.4	Not in release	Not in release	Not in release	Not in release	Not in release
llvm-toolchain-3.5	Not in release	Not in release	Not in release	Not in release	Not affected
llvm-toolchain-3.6	Not in release	Not in release	Not in release	Not in release	Not affected
llvm-toolchain-snapshot	Not in release	Not in release	Not in release	Not in release	Not in release
newlib	Not affected	Not affected	Not affected	Not affected	Not affected
nvi	Not affected	Not affected	Not affected	Not affected	Vulnerable
olsrd	Not in release	Not in release	Not in release	Not affected	Not affected
openrpt	Not in release	Not in release	Not in release	Vulnerable	Vulnerable
php5	Not in release	Not in release	Not in release	Not in release	Not in release
ptlib	Not in release	Not in release	Not in release	Not affected	Not affected
radare2	Not affected	Not in release	Not affected	Not affected	Vulnerable
sma	Not affected	Not affected	Not affected	Not affected	Not affected
vigor	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Not affected	Not affected
yap	Not in release	Not in release	Not in release	Not affected	Not affected
z88dk	Not in release	Not in release	Not in release	Not in release	Not affected

CVE-2014-9709

Low priority

Some fixes available 2 of 4

The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF...

2 affected packages

libgd2, php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libgd2	—	—	—	—	Not affected
php5	—	—	—	—	Not in release

CVE-2014-9653

Low priority

Some fixes available 1 of 5

readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which...

2 affected packages

file, php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
file	—	—	Not affected	Not affected	Not affected
php5	—	—	Not in release	Not in release	Not in release

CVE-2015-2301

Medium priority

Fixed

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via...

1 affected packages

php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	—	—

CVE-2015-0273

Medium priority

Fixed

Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or...

1 affected packages

php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	—	—

CVE-2015-0232

Medium priority

Fixed

The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and...

1 affected packages

php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	—	—

CVE-2015-0231

Low priority

Fixed

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted...

1 affected packages

php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	—	—

CVE-2015-1352

Medium priority

Fixed

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer...

1 affected packages

php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	—	—

Export to JSON

Results by page:

Search CVE reports