Search CVE reports
291 – 300 of 635 results
CVE-2015-2787
Medium priorityUse-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted...
1 affected packages
php5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | — |
CVE-2015-2348
Low priorityThe move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to...
1 affected packages
php5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | — |
CVE-2015-2305
Medium prioritySome fixes available 29 of 83
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to...
23 affected packages
alpine, clamav, cups, efl, haskell-regex-posix...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
alpine | Not affected | Not affected | Not affected | Not affected | Not affected |
clamav | Fixed | Fixed | Fixed | Fixed | Fixed |
cups | Not affected | Not affected | Not affected | Not affected | Not affected |
efl | Not affected | Not affected | Not affected | Not affected | Not affected |
haskell-regex-posix | Not affected | Not affected | Not affected | Not affected | Not affected |
knews | Not affected | Not affected | Not affected | Not affected | Not affected |
librcsb-core-wrapper | Not affected | Not affected | Not affected | Not affected | Not affected |
llvm-toolchain-3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
llvm-toolchain-3.5 | Not in release | Not in release | Not in release | Not in release | Not affected |
llvm-toolchain-3.6 | Not in release | Not in release | Not in release | Not in release | Not affected |
llvm-toolchain-snapshot | Not in release | Not in release | Not in release | Not in release | Not in release |
newlib | Not affected | Not affected | Not affected | Not affected | Not affected |
nvi | Not affected | Not affected | Not affected | Not affected | Vulnerable |
olsrd | Not in release | Not in release | Not in release | Not affected | Not affected |
openrpt | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
ptlib | Not in release | Not in release | Not in release | Not affected | Not affected |
radare2 | Not affected | Not in release | Not affected | Not affected | Vulnerable |
sma | Not affected | Not affected | Not affected | Not affected | Not affected |
vigor | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Not affected | Not affected |
yap | Not in release | Not in release | Not in release | Not affected | Not affected |
z88dk | Not in release | Not in release | Not in release | Not in release | Not affected |
CVE-2014-9709
Low prioritySome fixes available 2 of 4
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF...
2 affected packages
libgd2, php5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgd2 | — | — | — | — | Not affected |
php5 | — | — | — | — | Not in release |
CVE-2014-9653
Low prioritySome fixes available 1 of 5
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which...
2 affected packages
file, php5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
file | — | — | Not affected | Not affected | Not affected |
php5 | — | — | Not in release | Not in release | Not in release |
CVE-2015-2301
Medium priorityUse-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via...
1 affected packages
php5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | — |
CVE-2015-0273
Medium priorityMultiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or...
1 affected packages
php5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | — |
CVE-2015-0232
Medium priorityThe exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and...
1 affected packages
php5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | — |
CVE-2015-0231
Low priorityUse-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted...
1 affected packages
php5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | — |
CVE-2015-1352
Medium priorityThe build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer...
1 affected packages
php5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | — | — | — | — |