CVE search results

131 – 140 of 644 results

Detailed view

Sort by:

CVE-2016-10397

Medium priority

Some fixes available 1 of 2

In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated...

3 affected packages

php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	—	Not in release
php7.0	—	—	—	—	Not affected
php7.1	—	—	—	—	Not in release

CVE-2016-4473

Medium priority

Not affected

/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.

2 affected packages

php5, php7.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	—	Not in release
php7.0	—	—	—	—	Not affected

CVE-2017-9225

Medium priority

Some fixes available 1 of 3

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during...

4 affected packages

libonig, php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libonig	—	—	—	Fixed	Not affected
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Not affected
php7.1	—	—	—	Not in release	Not in release

CVE-2017-9229

Medium priority

Some fixes available 7 of 10

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of...

4 affected packages

libonig, php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libonig	—	—	—	Fixed	Fixed
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.1	—	—	—	Not in release	Not in release

CVE-2017-9228

Medium priority

Some fixes available 7 of 10

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an...

4 affected packages

libonig, php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libonig	—	—	—	Fixed	Fixed
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.1	—	—	—	Not in release	Not in release

CVE-2017-9227

Medium priority

Some fixes available 7 of 10

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling...

4 affected packages

libonig, php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libonig	—	—	—	Fixed	Fixed
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.1	—	—	—	Not in release	Not in release

CVE-2017-9226

Medium priority

Some fixes available 7 of 10

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation....

4 affected packages

libonig, php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libonig	—	—	—	Fixed	Fixed
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.1	—	—	—	Not in release	Not in release

CVE-2017-9224

Medium priority

Some fixes available 7 of 10

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error...

4 affected packages

libonig, php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libonig	—	—	—	Fixed	Fixed
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.1	—	—	—	Not in release	Not in release

CVE-2017-9119

Low priority

Some fixes available 3 of 8

The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	Not in release	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release	Fixed
php7.2	Not in release	Not in release	Not in release	Fixed	Not in release
php7.4	Not in release	Not in release	Fixed	Not in release	Not in release
php8.0	Not in release	Not in release	Not in release	Not in release	Not in release
php8.1	Not in release	Not affected	Not in release	Not in release	Not in release

CVE-2017-8923

Low priority

Some fixes available 4 of 9

The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash)...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	Not in release	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release	Fixed
php7.2	Not in release	Not in release	Not in release	Fixed	Not in release
php7.4	Not in release	Not in release	Fixed	Not in release	Not in release
php8.0	Not in release	Not in release	Not in release	Not in release	Not in release
php8.1	Not in release	Not affected	Not in release	Not in release	Not in release

Export to JSON

Results by page:

Search CVE reports