Search CVE reports

Toggle filters

121 – 130 of 259 results

CVE-2017-9227

Medium priority

Some fixes available 7 of 10

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling...

4 affected packages

libonig, php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libonig Fixed
php5 Not in release
php7.0 Not in release
php7.1 Not in release
Show less packages

CVE-2017-9226

Medium priority

Some fixes available 7 of 10

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation....

4 affected packages

libonig, php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libonig Fixed
php5 Not in release
php7.0 Not in release
php7.1 Not in release
Show less packages

CVE-2017-9225

Medium priority

Some fixes available 1 of 3

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during...

4 affected packages

php7.1, libonig, php5, php7.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php7.1 Not in release
libonig Fixed
php5 Not in release
php7.0 Not in release
Show less packages

CVE-2017-9224

Medium priority

Some fixes available 7 of 10

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error...

4 affected packages

libonig, php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libonig Fixed
php5 Not in release
php7.0 Not in release
php7.1 Not in release
Show less packages

CVE-2017-9120

Medium priority

Some fixes available 4 of 7

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.

6 affected packages

php7.0, php7.2, php5, php7.4, php8.0, php8.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php7.0 Not in release Not in release Not in release Not in release
php7.2 Not in release Not in release Not in release Fixed
php5 Not in release Not in release Not in release Not in release
php7.4 Not in release Not in release Fixed Not in release
php8.0 Not in release Not in release Not in release Not in release
php8.1 Not in release Not affected Not in release Not in release
Show less packages

CVE-2017-9119

Low priority

Some fixes available 3 of 8

The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release
php7.2 Not in release Not in release Not in release Fixed
php7.4 Not in release Not in release Fixed Not in release
php8.0 Not in release Not in release Not in release Not in release
php8.1 Not in release Not affected Not in release Not in release
Show less packages

CVE-2017-9118

Medium priority

Some fixes available 7 of 10

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

6 affected packages

php5, php7.4, php8.0, php8.1, php7.0, php7.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release Not in release Not in release Not in release
php7.4 Not in release Not in release Fixed Not in release
php8.0 Not in release Not in release Not in release Not in release
php8.1 Not in release Fixed Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release
php7.2 Not in release Not in release Not in release Fixed
Show less packages

CVE-2017-8923

Low priority

Some fixes available 4 of 9

The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash)...

6 affected packages

php5, php7.2, php7.4, php8.0, php8.1, php7.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release Not in release Not in release Not in release
php7.2 Not in release Not in release Not in release Fixed
php7.4 Not in release Not in release Fixed Not in release
php8.0 Not in release Not in release Not in release Not in release
php8.1 Not in release Not affected Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release
Show less packages

CVE-2017-7890

Medium priority
Fixed

The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image...

4 affected packages

libgd2, php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libgd2
php5
php7.0
php7.1
Show less packages

CVE-2017-7272

Low priority
Ignored

PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use...

3 affected packages

php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
php7.0
php7.1
Show less packages
  1. Previous page
  2. 11
  3. 12
  4. 13
  5. 14
  6. 15
  7. Next page
Export to JSON