Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

111 – 120 of 639 results

CVE-2017-16642

Low priority

Some fixes available 2 of 3

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak...

3 affected packages

php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.1 Not in release Not in release
Show less packages

CVE-2017-14107

Low priority

Some fixes available 2 of 7

The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive.

2 affected packages

libzip, php5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libzip Not affected Not affected Fixed Fixed
php5 Not in release Not in release Not in release Not in release
Show less packages

CVE-2017-6362

Medium priority
Fixed

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.

4 affected packages

libgd2, php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgd2 Fixed
php5 Not in release
php7.0 Not affected
php7.1 Not in release
Show less packages

CVE-2015-3211

Low priority
Not affected

php-fpm allows local users to write to or create arbitrary files via a symlink attack.

1 affected packages

php5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5
Show less packages

CVE-2017-12934

Low priority
Not affected

ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of...

3 affected packages

php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release
php7.0 Not affected
php7.1 Not in release
Show less packages

CVE-2017-12932

Low priority

Some fixes available 1 of 2

ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation...

3 affected packages

php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release
php7.0 Fixed
php7.1 Not in release
Show less packages

CVE-2017-12933

Low priority
Fixed

The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue...

3 affected packages

php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Not affected
php7.1 Not in release Not in release
Show less packages

CVE-2017-7890

Medium priority
Fixed

The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image...

4 affected packages

libgd2, php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgd2 Fixed
php5 Not in release
php7.0 Not affected
php7.1 Not in release
Show less packages

CVE-2017-11628

Medium priority
Fixed

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE:...

3 affected packages

php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release
php7.0 Fixed
php7.1 Not in release
Show less packages

CVE-2017-11362

Low priority

Some fixes available 4 of 5

In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application...

3 affected packages

php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.1 Not in release Not in release
Show less packages
  1. Previous page
  2. 10
  3. 11
  4. 12
  5. 13
  6. 14
  7. Next page
Export to JSON