CVE search results

121 – 130 of 239 results

Detailed view

Sort by:

CVE-2017-9229

Medium priority

Some fixes available 7 of 10

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of...

4 affected packages

libonig, php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libonig	—	—	—	Fixed	Fixed
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.1	—	—	—	Not in release	Not in release

CVE-2017-9228

Medium priority

Some fixes available 7 of 10

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an...

4 affected packages

libonig, php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libonig	—	—	—	Fixed	Fixed
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.1	—	—	—	Not in release	Not in release

CVE-2017-9227

Medium priority

Some fixes available 7 of 10

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling...

4 affected packages

libonig, php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libonig	—	—	—	Fixed	Fixed
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.1	—	—	—	Not in release	Not in release

CVE-2017-9226

Medium priority

Some fixes available 7 of 10

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation....

4 affected packages

libonig, php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libonig	—	—	—	Fixed	Fixed
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.1	—	—	—	Not in release	Not in release

CVE-2017-9224

Medium priority

Some fixes available 7 of 10

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error...

4 affected packages

libonig, php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libonig	—	—	—	Fixed	Fixed
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.1	—	—	—	Not in release	Not in release

CVE-2017-9119

Low priority

Some fixes available 3 of 8

The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	Not in release	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release	Fixed
php7.2	Not in release	Not in release	Not in release	Fixed	Not in release
php7.4	Not in release	Not in release	Fixed	Not in release	Not in release
php8.0	Not in release	Not in release	Not in release	Not in release	Not in release
php8.1	Not in release	Not affected	Not in release	Not in release	Not in release

CVE-2017-8923

Low priority

Some fixes available 4 of 9

The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash)...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	Not in release	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release	Fixed
php7.2	Not in release	Not in release	Not in release	Fixed	Not in release
php7.4	Not in release	Not in release	Fixed	Not in release	Not in release
php8.0	Not in release	Not in release	Not in release	Not in release	Not in release
php8.1	Not in release	Not affected	Not in release	Not in release	Not in release

CVE-2017-6441

Negligible priority

Ignored

** DISPUTED ** The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script....

3 affected packages

php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	—	Not in release
php7.0	—	—	—	—	Ignored
php7.1	—	—	—	—	Not in release

CVE-2017-7272

Low priority

Ignored

PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use...

3 affected packages

php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	—	Not in release
php7.0	—	—	—	—	Ignored
php7.1	—	—	—	—	Not in release

CVE-2015-8994

Low priority

Fixed

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with...

3 affected packages

php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	—	Not in release
php7.0	—	—	—	—	Not affected
php7.1	—	—	—	—	Not in release

Export to JSON

Results by page:

Search CVE reports