Search CVE reports


Toggle filters

371 – 380 of 672 results


CVE-2014-0185

Medium priority

Some fixes available 3 of 4

sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2014-2497

Low priority

Some fixes available 2 of 6

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

2 affected packages

libgd2, php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libgd2
php5
Show less packages

CVE-2014-2270

Medium priority
Fixed

softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.

2 affected packages

file, php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
file
php5
Show less packages

CVE-2014-2020

Medium priority
Fixed

ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2014-1943

Medium priority
Fixed

Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

2 affected packages

file, php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
file
php5
Show less packages

CVE-2013-7328

Medium priority
Fixed

Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2013-7327

Medium priority
Fixed

The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2013-7226

Medium priority
Fixed

Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2012-1171

Low priority
Ignored

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2013-6420

Medium priority
Fixed

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages