Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

91 – 100 of 644 results


CVE-2019-6978

Low priority
Fixed

The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgd2 Not affected Fixed Fixed
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not affected
php7.2 Not in release Not affected Not in release
php7.3 Not in release Not in release Not in release
Show less packages

CVE-2019-6977

Medium priority
Fixed

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based...

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgd2 Fixed Fixed
php5 Not in release Not in release
php7.0 Not in release Not affected
php7.2 Not affected Not in release
php7.3 Not in release Not in release
Show less packages

CVE-2018-19935

Medium priority
Fixed

ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.

5 affected packages

php-imap, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php-imap Not in release Not in release
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.2 Fixed Not in release
php7.3 Not in release Not in release
Show less packages

CVE-2018-19518

Medium priority

Some fixes available 9 of 10

University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function...

6 affected packages

php-imap, php5, php7.0, php7.2, php7.3, uw-imap

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php-imap Not in release Not in release Not in release Not in release
php5 Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Fixed
php7.2 Not in release Not in release Fixed Not in release
php7.3 Not in release Not in release Not in release Not in release
uw-imap Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-19396

Medium priority
Not affected

ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.

3 affected packages

php5, php7.0, php7.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Not affected
php7.2 Not affected Not in release
Show less packages

CVE-2018-19395

Medium priority
Not affected

ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get...

3 affected packages

php5, php7.0, php7.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Not affected
php7.2 Not affected Not in release
Show less packages

CVE-2018-17082

Medium priority
Fixed

The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the...

3 affected packages

php5, php7.0, php7.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Fixed
php7.2 Fixed Not in release
Show less packages

CVE-2018-1000222

Medium priority
Fixed

Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double...

4 affected packages

libgd2, php5, php7.0, php7.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgd2 Fixed Fixed
php5 Not in release Not in release
php7.0 Not in release Not affected
php7.1 Not in release Not in release
Show less packages

CVE-2018-15132

Medium priority
Not affected

An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be...

3 affected packages

php5, php7.0, php7.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Not affected
php7.2 Not affected Not in release
Show less packages

CVE-2018-14884

Medium priority
Not affected

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c...

3 affected packages

php5, php7.0, php7.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release
php7.0 Not in release Not affected
php7.2 Not affected Not in release
Show less packages