Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

41 – 49 of 49 results

CVE-2020-7062

Low priority
Fixed

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.2 Fixed Not in release
php7.3 Not in release Not in release
php7.4 Not in release Not in release
Show less packages

CVE-2020-7061

Low priority
Not affected

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Not affected
php7.2 Not affected Not in release
php7.3 Not in release Not in release
php7.4 Not in release Not in release
Show less packages

CVE-2017-6363

Low priority

Some fixes available 4 of 18

** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2...

7 affected packages

libgd2, libwmf, php5, php7.0, php7.2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgd2 Not affected Not affected Fixed Fixed Fixed
libwmf Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
php5 Not in release Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected Not in release
php7.3 Not in release Not in release Not in release Not in release Not in release
php7.4 Not in release Not in release Not affected Not in release Not in release
Show all 7 packages Show less packages

CVE-2017-7189

Low priority
Vulnerable

main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This...

7 affected packages

php5, php7.0, php7.2, php7.3, php7.4...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release Vulnerable
php7.2 Not in release Not in release Not in release Vulnerable Not in release
php7.3 Not in release Not in release Not in release Not in release Not in release
php7.4 Not in release Not in release Vulnerable Not in release Not in release
php8.0 Not in release Not in release Not in release Not in release Not in release
php8.1 Not in release Vulnerable Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2017-9120

Medium priority

Some fixes available 4 of 7

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release Fixed
php7.2 Not in release Not in release Not in release Fixed Not in release
php7.4 Not in release Not in release Fixed Not in release Not in release
php8.0 Not in release Not in release Not in release Not in release Not in release
php8.1 Not in release Not affected Not in release Not in release Not in release
Show less packages

CVE-2017-9118

Medium priority

Some fixes available 7 of 10

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release Fixed
php7.2 Not in release Not in release Not in release Fixed Not in release
php7.4 Not in release Not in release Fixed Not in release Not in release
php8.0 Not in release Not in release Not in release Not in release Not in release
php8.1 Not in release Fixed Not in release Not in release Not in release
Show less packages

CVE-2017-9119

Low priority

Some fixes available 3 of 8

The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release Fixed
php7.2 Not in release Not in release Not in release Fixed Not in release
php7.4 Not in release Not in release Fixed Not in release Not in release
php8.0 Not in release Not in release Not in release Not in release Not in release
php8.1 Not in release Not affected Not in release Not in release Not in release
Show less packages

CVE-2017-8923

Low priority

Some fixes available 4 of 9

The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash)...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release Fixed
php7.2 Not in release Not in release Not in release Fixed Not in release
php7.4 Not in release Not in release Fixed Not in release Not in release
php8.0 Not in release Not in release Not in release Not in release Not in release
php8.1 Not in release Not affected Not in release Not in release Not in release
Show less packages

CVE-2016-9138

Low priority
Vulnerable

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release Vulnerable
php7.2 Not in release Not in release Not in release Vulnerable Not in release
php7.4 Not in release Not in release Vulnerable Not in release Not in release
php8.0 Not in release Not in release Not in release Not in release Not in release
php8.1 Not in release Vulnerable Not in release Not in release Not in release
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON