Search CVE reports
141 – 150 of 262 results
Some fixes available 1 of 2
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated...
3 affected packages
php5, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | — | — | — | — |
| php7.0 | — | — | — | — |
| php7.1 | — | — | — | — |
/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.
2 affected packages
php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | — | — | — | — |
| php7.0 | — | — | — | — |
Some fixes available 1 of 3
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during...
4 affected packages
php7.1, libonig, php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php7.1 | — | — | — | Not in release |
| libonig | — | — | — | Fixed |
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
Some fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of...
4 affected packages
libonig, php5, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libonig | — | — | — | Fixed |
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.1 | — | — | — | Not in release |
Some fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an...
4 affected packages
php7.1, libonig, php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php7.1 | — | — | — | Not in release |
| libonig | — | — | — | Fixed |
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
Some fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling...
4 affected packages
libonig, php5, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libonig | — | — | — | Fixed |
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.1 | — | — | — | Not in release |
Some fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation....
4 affected packages
libonig, php5, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libonig | — | — | — | Fixed |
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.1 | — | — | — | Not in release |
Some fixes available 7 of 10
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error...
4 affected packages
libonig, php5, php7.0, php7.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libonig | — | — | — | Fixed |
| php5 | — | — | — | Not in release |
| php7.0 | — | — | — | Not in release |
| php7.1 | — | — | — | Not in release |
Some fixes available 3 of 8
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release |
| php7.2 | Not in release | Not in release | Not in release | Fixed |
| php7.4 | Not in release | Not in release | Fixed | Not in release |
| php8.0 | Not in release | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Not affected | Not in release | Not in release |
Some fixes available 4 of 9
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash)...
6 affected packages
php5, php7.2, php7.4, php8.0, php8.1, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release |
| php7.2 | Not in release | Not in release | Not in release | Fixed |
| php7.4 | Not in release | Not in release | Fixed | Not in release |
| php8.0 | Not in release | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Not affected | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release |