Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

21 – 30 of 37 results

CVE-2017-11147

Medium priority

Some fixes available 1 of 2

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the...

3 affected packages

php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release
php7.0 Not affected
php7.1 Not in release
Show less packages

CVE-2017-11145

Medium priority

Some fixes available 4 of 5

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter,...

3 affected packages

php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release
php7.0 Fixed
php7.1 Not in release
Show less packages

CVE-2017-11144

Medium priority

Some fixes available 4 of 5

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to...

3 affected packages

php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release
php7.0 Fixed
php7.1 Not in release
Show less packages

CVE-2017-11143

Medium priority

Some fixes available 1 of 2

In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty...

3 affected packages

php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release
php7.0 Not affected
php7.1 Not in release
Show less packages

CVE-2016-10397

Medium priority

Some fixes available 1 of 2

In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated...

3 affected packages

php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release
php7.0 Not affected
php7.1 Not in release
Show less packages

CVE-2017-9225

Medium priority

Some fixes available 1 of 3

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during...

4 affected packages

libonig, php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libonig Fixed Not affected
php5 Not in release Not in release
php7.0 Not in release Not affected
php7.1 Not in release Not in release
Show less packages

CVE-2017-9229

Medium priority

Some fixes available 7 of 10

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of...

4 affected packages

libonig, php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libonig Fixed Fixed
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.1 Not in release Not in release
Show less packages

CVE-2017-9228

Medium priority

Some fixes available 7 of 10

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an...

4 affected packages

libonig, php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libonig Fixed Fixed
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.1 Not in release Not in release
Show less packages

CVE-2017-9227

Medium priority

Some fixes available 7 of 10

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling...

4 affected packages

libonig, php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libonig Fixed Fixed
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.1 Not in release Not in release
Show less packages

CVE-2017-9226

Medium priority

Some fixes available 7 of 10

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation....

4 affected packages

libonig, php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libonig Fixed Fixed
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.1 Not in release Not in release
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. Next page
Export to JSON