Search CVE reports


Toggle filters

491 – 500 of 672 results


CVE-2009-4142

Medium priority
Fixed

The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2009-2626

Medium priority
Fixed

The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2009-3559

Low priority
Not affected

main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2009-4018

Low priority
Fixed

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2009-4017

Medium priority
Fixed

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion),...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2009-3558

Medium priority
Fixed

The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2009-3557

Low priority
Fixed

The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2009-3546

Medium priority
Fixed

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer...

2 affected packages

libgd2, php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libgd2
php5
Show less packages

CVE-2009-3294

Medium priority
Not affected

The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1)...

1 affected package

php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5
Show less packages

CVE-2009-3293

Low priority
Fixed

Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."

2 affected packages

libgd2, php5

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libgd2
php5
Show less packages