CVE search results

101 – 110 of 124 results

Detailed view

Sort by:

CVE-2019-6977

Medium priority

Fixed

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based...

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
libgd2	—	—	—	Fixed
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Not affected
php7.3	—	—	—	Not in release

CVE-2018-19935

Medium priority

Fixed

ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.

5 affected packages

php-imap, php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php-imap	—	—	—	Not in release
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Fixed
php7.3	—	—	—	Not in release

CVE-2018-19518

Medium priority

Some fixes available 9 of 10

University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function...

6 affected packages

php-imap, php5, php7.0, php7.2, php7.3, uw-imap

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php-imap	—	Not in release	Not in release	Not in release
php5	—	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release
php7.2	—	Not in release	Not in release	Fixed
php7.3	—	Not in release	Not in release	Not in release
uw-imap	—	Not affected	Not affected	Fixed

CVE-2018-19396

Medium priority

Not affected

ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.

3 affected packages

php5, php7.0, php7.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Not affected

CVE-2018-19395

Medium priority

Not affected

ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get...

3 affected packages

php5, php7.0, php7.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Not affected

CVE-2018-17082

Medium priority

Fixed

The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the...

3 affected packages

php7.2, php5, php7.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php7.2	—	—	—	Fixed
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release

CVE-2018-15132

Medium priority

Not affected

An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be...

3 affected packages

php5, php7.0, php7.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Not affected

CVE-2018-14884

Medium priority

Not affected

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c...

3 affected packages

php5, php7.0, php7.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Not affected

CVE-2018-14883

Medium priority

Fixed

An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.

3 affected packages

php5, php7.0, php7.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php5	—	—	—	Not in release
php7.0	—	—	—	Not in release
php7.2	—	—	—	Fixed

CVE-2017-9120

Medium priority

Some fixes available 4 of 7

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.

6 affected packages

php7.0, php7.2, php5, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
php7.0	Not in release	Not in release	Not in release	Not in release
php7.2	Not in release	Not in release	Not in release	Fixed
php5	Not in release	Not in release	Not in release	Not in release
php7.4	Not in release	Not in release	Fixed	Not in release
php8.0	Not in release	Not in release	Not in release	Not in release
php8.1	Not in release	Not affected	Not in release	Not in release

Export to JSON

Results by page:

Search CVE reports