Search CVE reports

Toggle filters

101 – 110 of 124 results

CVE-2018-19396

Medium priority
Not affected

ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.

3 affected packages

php5, php7.0, php7.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release
php7.0 Not in release
php7.2 Not affected
Show less packages

CVE-2018-19395

Medium priority
Not affected

ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get...

3 affected packages

php5, php7.0, php7.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release
php7.0 Not in release
php7.2 Not affected
Show less packages

CVE-2018-17082

Medium priority
Fixed

The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the...

3 affected packages

php7.2, php5, php7.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php7.2 Fixed
php5 Not in release
php7.0 Not in release
Show less packages

CVE-2018-15879

Medium priority
Fixed

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6978. Reason: This candidate is a reservation duplicate of CVE-2019-6978. Notes: All CVE users should reference CVE-2019-6978 instead of this candidate. All...

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libgd2 Fixed
php5 Not in release
php7.0 Not in release
php7.2 Not affected
php7.3 Not in release
Show less packages

CVE-2018-15878

Medium priority
Fixed

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6978. Reason: This candidate is a reservation duplicate of CVE-2019-6978. Notes: All CVE users should reference CVE-2019-6978 instead of this candidate. All...

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libgd2 Fixed
php5 Not in release
php7.0 Not in release
php7.2 Not affected
php7.3 Not in release
Show less packages

CVE-2018-15132

Medium priority
Not affected

An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be...

3 affected packages

php5, php7.0, php7.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release
php7.0 Not in release
php7.2 Not affected
Show less packages

CVE-2018-14884

Medium priority
Not affected

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c...

3 affected packages

php5, php7.0, php7.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release
php7.0 Not in release
php7.2 Not affected
Show less packages

CVE-2018-14883

Medium priority
Fixed

An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.

3 affected packages

php5, php7.0, php7.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release
php7.0 Not in release
php7.2 Fixed
Show less packages

CVE-2018-14851

Low priority
Fixed

exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application...

3 affected packages

php5, php7.0, php7.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release
php7.0 Not in release
php7.2 Fixed
Show less packages

CVE-2018-14553

Low priority

Some fixes available 15 of 26

gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked with an external libgd (not bundled).

6 affected packages

libgd2, php5, php7.0, php7.2, doxygen, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libgd2 Fixed Fixed Fixed Fixed
php5 Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release
php7.2 Not in release Not in release Not in release Not affected
doxygen Vulnerable Vulnerable Vulnerable Not affected
php7.3 Not in release Not in release Not in release Not in release
Show less packages
  1. Previous page
  2. 9
  3. 10
  4. 11
  5. 12
  6. 13
  7. Next page
Export to JSON