Search CVE reports


Toggle filters

251 – 260 of 672 results


CVE-2015-8879

Negligible priority
Ignored

The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2015-8878

Medium priority
Not affected

main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2015-8867

Medium priority
Fixed

The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote...

2 affected packages

php5, php7.0

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
php7.0
Show less packages

CVE-2015-8866

Medium priority
Fixed

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2015-8877

Low priority
Fixed

The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a...

3 affected packages

libgd2, php5, php7.0

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libgd2
php5
php7.0
Show less packages

CVE-2015-8876

Medium priority

Some fixes available 2 of 3

Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2015-4642

Medium priority
Not affected

The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2014-0236

Medium priority
Not affected

file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to...

2 affected packages

file, php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
file
php5
Show less packages

CVE-2015-8874

Low priority
Fixed

Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.

3 affected packages

libgd2, php5, php7.0

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libgd2
php5
php7.0
Show less packages

CVE-2015-8873

Low priority

Some fixes available 2 of 3

Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages