Search CVE reports
511 – 520 of 50428 results
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 16.04 LTS |
|---|---|
| expat | Needs evaluation |
| apache2 | Not affected |
| apr-util | Not affected |
| cmake | Not affected |
| ghostscript | Not affected |
| texlive-bin | Not affected |
| xmlrpc-c | Ignored |
| vnc4 | Ignored |
| wbxml2 | Ignored |
| swish-e | Ignored |
| insighttoolkit4 | Ignored |
| cadaver | Ignored |
| gdcm | Ignored |
| ayttm | Ignored |
| cableswig | Ignored |
| coin3 | Ignored |
| matanza | Ignored |
| tdom | Ignored |
| vtk | Ignored |
| smart | Ignored |
| firefox | — |
| thunderbird | — |
| libxmltok | Ignored |
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent...
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Not affected |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php8.5 | — |
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, the code incorrectly assumes that...
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Not affected |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php8.5 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input...
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Needs evaluation |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php8.5 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of...
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Needs evaluation |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php8.5 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted across requests via session...
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Needs evaluation |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php8.5 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault...
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Not affected |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php8.5 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On the systems with default...
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Needs evaluation |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php8.5 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary...
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Needs evaluation |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php8.5 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their...
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Needs evaluation |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php8.5 | — |