CVE search results

131 – 140 of 259 results

Detailed view

Sort by:

CVE-2017-7189

Low priority

Vulnerable

main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This...

7 affected packages

php5, php7.4, php8.0, php8.1, php7.0...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	Not in release	Not in release	Not in release	Not in release
php7.4	Not in release	Not in release	Vulnerable	Not in release
php8.0	Not in release	Not in release	Not in release	Not in release
php8.1	Not in release	Vulnerable	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release
php7.2	Not in release	Not in release	Not in release	Vulnerable
php7.3	Not in release	Not in release	Not in release	Not in release

CVE-2017-6441

Negligible priority

Ignored

The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor...

3 affected packages

php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	—
php7.0	—	—	—	—
php7.1	—	—	—	—

CVE-2017-6363

Low priority

Some fixes available 4 of 6

In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats...

6 affected packages

libgd2, php5, php7.0, php7.2, php7.3, php7.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libgd2	Not affected	Not affected	Fixed	Fixed
php5	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release
php7.2	Not in release	Not in release	Not in release	Not affected
php7.3	Not in release	Not in release	Not in release	Not in release
php7.4	Not in release	Not in release	Not affected	Not in release

CVE-2017-6362

Medium priority

Fixed

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.

4 affected packages

libgd2, php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libgd2	—	—	—	—
php5	—	—	—	—
php7.0	—	—	—	—
php7.1	—	—	—	—

CVE-2017-5630

Negligible priority

Vulnerable

PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses,...

4 affected packages

php-pear, php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php-pear	Vulnerable	Vulnerable	Vulnerable	Vulnerable
php5	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release
php7.1	Not in release	Not in release	Not in release	Not in release

CVE-2017-5340

Medium priority

Fixed

Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow,...

1 affected package

php7.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php7.0	—	—	—	—

CVE-2017-16642

Low priority

Some fixes available 2 of 3

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak...

3 affected packages

php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.1	—	—	—	Not in release

CVE-2017-12934

Low priority

Not affected

ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of...

3 affected packages

php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	—
php7.0	—	—	—	—
php7.1	—	—	—	—

CVE-2017-12933

Low priority

Fixed

The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue...

3 affected packages

php7.0, php5, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php7.0	—	—	—	Not in release
php5	—	—	—	Not in release
php7.1	—	—	—	Not in release

CVE-2017-12932

Low priority

Some fixes available 1 of 2

ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation...

3 affected packages

php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	—
php7.0	—	—	—	—
php7.1	—	—	—	—

Export to JSON

Results by page:

Search CVE reports