CVE search results

221 – 230 of 262 results

Detailed view

Sort by:

CVE-2016-5768

Medium priority

Some fixes available 2 of 3

Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code...

2 affected packages

php5, php7.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	—
php7.0	—	—	—	—

CVE-2016-5766

Medium priority

Fixed

Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of...

3 affected packages

libgd2, php5, php7.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libgd2	—	—	—	—
php5	—	—	—	—
php7.0	—	—	—	—

CVE-2015-8935

Medium priority

Fixed

The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct...

2 affected packages

php7.0, php5

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php7.0	—	—	—	—
php5	—	—	—	—

CVE-2016-5116

Low priority

Fixed

gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service...

3 affected packages

php5, libgd2, php7.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	—
libgd2	—	—	—	—
php7.0	—	—	—	—

CVE-2016-5114

Low priority

Some fixes available 2 of 3

sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a...

2 affected packages

php5, php7.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	—
php7.0	—	—	—	—

CVE-2016-5093

Low priority

Some fixes available 3 of 4

The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a...

2 affected packages

php5, php7.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	—
php7.0	—	—	—	—

CVE-2013-7456

Low priority

Fixed

gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly...

3 affected packages

php5, libgd2, php7.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	—
libgd2	—	—	—	—
php7.0	—	—	—	—

CVE-2016-4346

Medium priority

Not affected

Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer...

2 affected packages

php5, php7.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	—
php7.0	—	—	—	—

CVE-2016-4345

Medium priority

Not affected

Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string,...

2 affected packages

php5, php7.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	—
php7.0	—	—	—	—

CVE-2016-4344

Medium priority

Not affected

Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argument to the utf8_encode function,...

2 affected packages

php5, php7.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	—
php7.0	—	—	—	—

Export to JSON

Results by page:

Search CVE reports