Search CVE reports
131 – 140 of 248 results
CVE-2017-9228
Medium prioritySome fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an...
4 affected packages
libonig, php5, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libonig | — | — | — | Fixed | Fixed |
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.1 | — | — | — | Not in release | Not in release |
CVE-2017-9227
Medium prioritySome fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling...
4 affected packages
libonig, php5, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libonig | — | — | — | Fixed | Fixed |
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.1 | — | — | — | Not in release | Not in release |
CVE-2017-9226
Medium prioritySome fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation....
4 affected packages
libonig, php5, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libonig | — | — | — | Fixed | Fixed |
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.1 | — | — | — | Not in release | Not in release |
CVE-2017-9224
Medium prioritySome fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error...
4 affected packages
libonig, php5, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libonig | — | — | — | Fixed | Fixed |
| php5 | — | — | — | Not in release | Not in release |
| php7.0 | — | — | — | Not in release | Fixed |
| php7.1 | — | — | — | Not in release | Not in release |
CVE-2017-9119
Low prioritySome fixes available 3 of 8
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release | Fixed |
| php7.2 | Not in release | Not in release | Not in release | Fixed | Not in release |
| php7.4 | Not in release | Not in release | Fixed | Not in release | Not in release |
| php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Not affected | Not in release | Not in release | Not in release |
CVE-2017-8923
Low prioritySome fixes available 4 of 9
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash)...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release | Fixed |
| php7.2 | Not in release | Not in release | Not in release | Fixed | Not in release |
| php7.4 | Not in release | Not in release | Fixed | Not in release | Not in release |
| php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Not affected | Not in release | Not in release | Not in release |
CVE-2017-6441
Negligible priority** DISPUTED ** The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script....
3 affected packages
php5, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Ignored |
| php7.1 | — | — | — | — | Not in release |
CVE-2017-7272
Low priorityPHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use...
3 affected packages
php5, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Ignored |
| php7.1 | — | — | — | — | Not in release |
CVE-2015-8994
Low priorityAn issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with...
3 affected packages
php5, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Not affected |
| php7.1 | — | — | — | — | Not in release |
CVE-2017-5630
Negligible priorityPECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses,...
4 affected packages
php-pear, php5, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php-pear | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release | Not affected |
| php7.1 | Not in release | Not in release | Not in release | Not in release | Not in release |