Search CVE reports
201 – 210 of 644 results
CVE-2016-5385
Medium prioritySome fixes available 3 of 4
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might...
2 affected packages
php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Fixed |
CVE-2016-6214
Low prioritySome fixes available 2 of 3
gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
3 affected packages
libgd2, php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libgd2 | — | — | — | — | Fixed |
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Not affected |
CVE-2016-6161
Low priorityThe output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.
3 affected packages
libgd2, php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libgd2 | — | — | — | — | Fixed |
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Not affected |
CVE-2016-6132
Low prioritySome fixes available 2 of 3
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
3 affected packages
libgd2, php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libgd2 | — | — | — | — | Fixed |
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Not affected |
CVE-2016-6128
Medium priorityThe gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
3 affected packages
libgd2, php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libgd2 | — | — | — | — | Fixed |
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Not affected |
CVE-2016-5773
Low prioritySome fixes available 2 of 4
php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary...
2 affected packages
php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Fixed |
CVE-2016-5772
Medium prioritySome fixes available 3 of 4
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application...
2 affected packages
php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Fixed |
CVE-2016-5771
Low prioritySome fixes available 1 of 3
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a...
2 affected packages
php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Not affected |
CVE-2016-5769
Medium prioritySome fixes available 3 of 4
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash)...
2 affected packages
php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Fixed |
CVE-2016-5768
Medium prioritySome fixes available 2 of 3
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code...
2 affected packages
php5, php7.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | — | — | Not in release |
| php7.0 | — | — | — | — | Fixed |