CVE search results

101 – 110 of 635 results

Detailed view

Sort by:

CVE-2018-10545

Medium priority

Fixed

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl...

4 affected packages

php5, php7.0, php7.1, php7.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.1	—	—	—	Not in release	Not in release
php7.2	—	—	—	Fixed	Not in release

CVE-2018-7584

Medium priority

Fixed

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function...

4 affected packages

php5, php7.0, php7.1, php7.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.1	—	—	—	Not in release	Not in release
php7.2	—	—	—	Fixed	Not in release

CVE-2015-9253

Low priority

Fixed

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec,...

4 affected packages

php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Fixed
php7.2	—	Not in release	Not in release	Fixed	Not in release
php7.3	—	Not in release	Not in release	Not in release	Not in release

CVE-2016-10712

Low priority

Fixed

In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri...

3 affected packages

php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Not affected
php7.1	—	—	—	Not in release	Not in release

CVE-2018-5712

Medium priority

Fixed

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

4 affected packages

php5, php7.0, php7.1, php7.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.1	—	—	—	Not in release	Not in release
php7.2	—	—	—	Not affected	Not in release

CVE-2018-5711

Low priority

Some fixes available 9 of 10

gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF...

4 affected packages

libgd2, php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libgd2	—	—	Fixed	Fixed	Fixed
php5	—	—	Not in release	Not in release	Not in release
php7.0	—	—	Not in release	Not in release	Not affected
php7.1	—	—	Not in release	Not in release	Not in release

CVE-2017-16642

Low priority

Some fixes available 2 of 3

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak...

3 affected packages

php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.1	—	—	—	Not in release	Not in release

CVE-2017-14107

Low priority

Some fixes available 2 of 7

The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive.

2 affected packages

libzip, php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libzip	—	Not affected	Not affected	Fixed	Fixed
php5	—	Not in release	Not in release	Not in release	Not in release

CVE-2017-6362

Medium priority

Fixed

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.

4 affected packages

libgd2, php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libgd2	—	—	—	—	Fixed
php5	—	—	—	—	Not in release
php7.0	—	—	—	—	Not affected
php7.1	—	—	—	—	Not in release

CVE-2015-3211

Low priority

Not affected

php-fpm allows local users to write to or create arbitrary files via a symlink attack.

1 affected packages

php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	—	—

Export to JSON

Results by page:

Search CVE reports