CVE search results

91 – 100 of 248 results

Detailed view

Sort by:

CVE-2018-19935

Medium priority

Fixed

ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.

5 affected packages

php-imap, php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php-imap	—	—	—	Not in release	Not in release
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.2	—	—	—	Fixed	Not in release
php7.3	—	—	—	Not in release	Not in release

CVE-2018-19518

Medium priority

Some fixes available 9 of 10

University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function...

6 affected packages

php-imap, php5, php7.0, php7.2, php7.3, uw-imap

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php-imap	—	Not in release	Not in release	Not in release	Not in release
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Fixed
php7.2	—	Not in release	Not in release	Fixed	Not in release
php7.3	—	Not in release	Not in release	Not in release	Not in release
uw-imap	—	Not affected	Not affected	Fixed	Fixed

CVE-2018-19396

Medium priority

Not affected

ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.

3 affected packages

php5, php7.0, php7.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Not affected
php7.2	—	—	—	Not affected	Not in release

CVE-2018-19395

Medium priority

Not affected

ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get...

3 affected packages

php5, php7.0, php7.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Not affected
php7.2	—	—	—	Not affected	Not in release

CVE-2018-17082

Medium priority

Fixed

The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the...

3 affected packages

php5, php7.0, php7.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.2	—	—	—	Fixed	Not in release

CVE-2018-1000222

Medium priority

Fixed

Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double...

4 affected packages

libgd2, php5, php7.0, php7.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libgd2	—	—	—	Fixed	Fixed
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Not affected
php7.1	—	—	—	Not in release	Not in release

CVE-2018-15132

Medium priority

Not affected

An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be...

3 affected packages

php5, php7.0, php7.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Not affected
php7.2	—	—	—	Not affected	Not in release

CVE-2018-14884

Medium priority

Not affected

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c...

3 affected packages

php5, php7.0, php7.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Not affected
php7.2	—	—	—	Not affected	Not in release

CVE-2018-14883

Medium priority

Fixed

An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.

3 affected packages

php5, php7.0, php7.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	—	Not in release	Not in release
php7.0	—	—	—	Not in release	Fixed
php7.2	—	—	—	Fixed	Not in release

CVE-2017-9120

Medium priority

Some fixes available 4 of 7

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	Not in release	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release	Fixed
php7.2	Not in release	Not in release	Not in release	Fixed	Not in release
php7.4	Not in release	Not in release	Fixed	Not in release	Not in release
php8.0	Not in release	Not in release	Not in release	Not in release	Not in release
php8.1	Not in release	Not affected	Not in release	Not in release	Not in release

Export to JSON

Results by page:

Search CVE reports