1. Amazon Container Registry
  2. cmotta2016/apache

cmotta2016/apache

Region: us-east-2
Scan Summary
High vulnerabilities
17
Malicious files
0
Last scan

1 year, 10 months ago
Type of scan
Prevasio CSPM
Scan duration
2 minutes and 47 seconds
Image Details
Image URI
531239714189.dkr.ecr.us-east-2.amazonaws.com/cmotta2016/apache
Image tags
latest
Digest
sha256:570a377ec7621c2e2a688ac6c2f9ed54ad9ebd0c68019dc4971b273ef3512541
Created

7 years ago
Compressed size
107.99 MB
Uncompressed size
255.55 MB
OS/architecture
linux/amd64
OS distribution
ubuntu 14.04 (reached end of life)
Working directory
ENTRYPOINT
CMD
/usr/bin/supervisord
User
Ports
443/tcp
80/tcp
Volumes
Environment variables
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Overview
Critical
0
High
17
Medium
925
Low
481
Informational
0
Vulnerabilities (1,000)
Severity Name Package VersionFixed inDescription Package:version
High CVE-2016-1252 apt 1.0.1ubuntu2.141.0.1ubuntu2.17The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable ... apt:1.0.1ubuntu2.14
High CVE-2019-3462 apt 1.0.1ubuntu2.141.0.1ubuntu2.19Incorrect sanitation of the 302 redirect field in HTTP transport metho ... apt:1.0.1ubuntu2.14
High CVE-2016-1252 apt-utils 1.0.1ubuntu2.141.0.1ubuntu2.17The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable ... apt-utils:1.0.1ubuntu2.14
High CVE-2019-3462 apt-utils 1.0.1ubuntu2.141.0.1ubuntu2.19Incorrect sanitation of the 302 redirect field in HTTP transport metho ... apt-utils:1.0.1ubuntu2.14
High CVE-2016-6313 gnupg 1.4.16-1ubuntu2.31.4.16-1ubuntu2.4libgcrypt: PRNG output is predictable gnupg:1.4.16-1ubuntu2.3
High CVE-2016-6313 gpgv 1.4.16-1ubuntu2.31.4.16-1ubuntu2.4libgcrypt: PRNG output is predictable gpgv:1.4.16-1ubuntu2.3
High CVE-2016-1252 libapt-inst1.5 1.0.1ubuntu2.141.0.1ubuntu2.17The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable ... libapt-inst1.5:1.0.1ubuntu2.14
High CVE-2019-3462 libapt-inst1.5 1.0.1ubuntu2.141.0.1ubuntu2.19Incorrect sanitation of the 302 redirect field in HTTP transport metho ... libapt-inst1.5:1.0.1ubuntu2.14
High CVE-2016-1252 libapt-pkg4.12 1.0.1ubuntu2.141.0.1ubuntu2.17The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable ... libapt-pkg4.12:1.0.1ubuntu2.14
High CVE-2019-3462 libapt-pkg4.12 1.0.1ubuntu2.141.0.1ubuntu2.19Incorrect sanitation of the 302 redirect field in HTTP transport metho ... libapt-pkg4.12:1.0.1ubuntu2.14
High CVE-2018-1000001 libc-bin 2.19-0ubuntu6.92.19-0ubuntu6.14glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation libc-bin:2.19-0ubuntu6.9
High CVE-2018-1000001 libc6 2.19-0ubuntu6.92.19-0ubuntu6.14glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation libc6:2.19-0ubuntu6.9
High CVE-2016-6313 libgcrypt11 1.5.3-2ubuntu4.31.5.3-2ubuntu4.4libgcrypt: PRNG output is predictable libgcrypt11:1.5.3-2ubuntu4.3
High CVE-2016-6304 libssl1.0.0 1.0.1f-1ubuntu2.191.0.1f-1ubuntu2.20openssl: OCSP Status Request extension unbounded memory growth libssl1.0.0:1.0.1f-1ubuntu2.19
High CVE-2018-1000001 multiarch-support 2.19-0ubuntu6.92.19-0ubuntu6.14glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation multiarch-support:2.19-0ubuntu6.9
High CVE-2016-6304 openssl 1.0.1f-1ubuntu2.191.0.1f-1ubuntu2.20openssl: OCSP Status Request extension unbounded memory growth openssl:1.0.1f-1ubuntu2.19
High CVE-2017-1000367 sudo 1.8.9p5-1ubuntu1.21.8.9p5-1ubuntu1.4sudo: Privilege escalation in via improper get_process_ttyname() parsing sudo:1.8.9p5-1ubuntu1.2
Medium CVE-2016-0736 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.14httpd: Padding Oracle in Apache mod_session_crypto apache2:2.4.7-1ubuntu4.9
Medium CVE-2016-5387 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.13Apache HTTPD: sets environmental variable based on user supplied Proxy request header apache2:2.4.7-1ubuntu4.9
Medium CVE-2016-8743 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.14httpd: Apache HTTP Request Parsing Whitespace Defects apache2:2.4.7-1ubuntu4.9
Medium CVE-2017-3167 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.16httpd: ap_get_basic_auth_pw() authentication bypass apache2:2.4.7-1ubuntu4.9
Medium CVE-2017-3169 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.16httpd: mod_ssl NULL pointer dereference apache2:2.4.7-1ubuntu4.9
Medium CVE-2017-7668 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.16httpd: ap_find_token() buffer overread apache2:2.4.7-1ubuntu4.9
Medium CVE-2017-9788 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.17httpd: Uninitialized memory reflection in mod_auth_digest apache2:2.4.7-1ubuntu4.9
Medium CVE-2017-9798 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.18httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed) apache2:2.4.7-1ubuntu4.9
Medium CVE-2019-0217 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.22httpd: mod_auth_digest: access control bypass due to race condition apache2:2.4.7-1ubuntu4.9
Medium CVE-2016-0736 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.14httpd: Padding Oracle in Apache mod_session_crypto apache2-bin:2.4.7-1ubuntu4.9
Medium CVE-2016-5387 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.13Apache HTTPD: sets environmental variable based on user supplied Proxy request header apache2-bin:2.4.7-1ubuntu4.9
Medium CVE-2016-8743 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.14httpd: Apache HTTP Request Parsing Whitespace Defects apache2-bin:2.4.7-1ubuntu4.9
Medium CVE-2017-3167 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.16httpd: ap_get_basic_auth_pw() authentication bypass apache2-bin:2.4.7-1ubuntu4.9
Medium CVE-2017-3169 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.16httpd: mod_ssl NULL pointer dereference apache2-bin:2.4.7-1ubuntu4.9
Medium CVE-2017-7668 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.16httpd: ap_find_token() buffer overread apache2-bin:2.4.7-1ubuntu4.9
Medium CVE-2017-9788 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.17httpd: Uninitialized memory reflection in mod_auth_digest apache2-bin:2.4.7-1ubuntu4.9
Medium CVE-2017-9798 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.18httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed) apache2-bin:2.4.7-1ubuntu4.9
Medium CVE-2019-0217 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.22httpd: mod_auth_digest: access control bypass due to race condition apache2-bin:2.4.7-1ubuntu4.9
Medium CVE-2016-0736 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.14httpd: Padding Oracle in Apache mod_session_crypto apache2-data:2.4.7-1ubuntu4.9
Medium CVE-2016-5387 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.13Apache HTTPD: sets environmental variable based on user supplied Proxy request header apache2-data:2.4.7-1ubuntu4.9
Medium CVE-2016-8743 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.14httpd: Apache HTTP Request Parsing Whitespace Defects apache2-data:2.4.7-1ubuntu4.9
Medium CVE-2017-3167 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.16httpd: ap_get_basic_auth_pw() authentication bypass apache2-data:2.4.7-1ubuntu4.9
Medium CVE-2017-3169 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.16httpd: mod_ssl NULL pointer dereference apache2-data:2.4.7-1ubuntu4.9
Medium CVE-2017-7668 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.16httpd: ap_find_token() buffer overread apache2-data:2.4.7-1ubuntu4.9
Medium CVE-2017-9788 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.17httpd: Uninitialized memory reflection in mod_auth_digest apache2-data:2.4.7-1ubuntu4.9
Medium CVE-2017-9798 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.18httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed) apache2-data:2.4.7-1ubuntu4.9
Medium CVE-2019-0217 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.22httpd: mod_auth_digest: access control bypass due to race condition apache2-data:2.4.7-1ubuntu4.9
Medium CVE-2016-7543 bash 4.3-7ubuntu1.54.3-7ubuntu1.7bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution bash:4.3-7ubuntu1.5
Medium CVE-2015-9261 busybox-initramfs 1:1.21.0-1ubuntu11:1.21.0-1ubuntu1.4busybox: Segmentation fault when unzipping specially crafted zip file busybox-initramfs:1:1.21.0-1ubuntu1
Medium CVE-2017-16544 busybox-initramfs 1:1.21.0-1ubuntu11:1.21.0-1ubuntu1.4busybox: Insufficient sanitization of filenames when autocompleting busybox-initramfs:1:1.21.0-1ubuntu1
Medium CVE-2018-1000517 busybox-initramfs 1:1.21.0-1ubuntu11:1.21.0-1ubuntu1.4busybox: wget: Heap-based buffer overflow in the retrieve_file_data() function busybox-initramfs:1:1.21.0-1ubuntu1
Medium CVE-2019-5747 busybox-initramfs 1:1.21.0-1ubuntu11:1.21.0-1ubuntu1.4busybox: Out of bounds read in udhcp components resulting in information disclosure busybox-initramfs:1:1.21.0-1ubuntu1
Medium CVE-2017-6964 eject 2.1.5+deb1+cvs20081104-13.12.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1dmcrypt-get-device, as shipped in the eject package of Debian and Ubun ... eject:2.1.5+deb1+cvs20081104-13.1
Medium CVE-2016-5384 fontconfig-config 2.11.0-0ubuntu4.12.11.0-0ubuntu4.2fontconfig: Possible double free due to insufficiently validated cache files fontconfig-config:2.11.0-0ubuntu4.1
Medium CVE-2017-7526 gnupg 1.4.16-1ubuntu2.31.4.16-1ubuntu2.6libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery gnupg:1.4.16-1ubuntu2.3
Medium CVE-2018-12020 gnupg 1.4.16-1ubuntu2.31.4.16-1ubuntu2.5gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification gnupg:1.4.16-1ubuntu2.3
Medium CVE-2017-7526 gpgv 1.4.16-1ubuntu2.31.4.16-1ubuntu2.6libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery gpgv:1.4.16-1ubuntu2.3
Medium CVE-2018-12020 gpgv 1.4.16-1ubuntu2.31.4.16-1ubuntu2.5gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification gpgv:1.4.16-1ubuntu2.3
Medium CVE-2018-5732 isc-dhcp-client 4.2.4-7ubuntu12.44.2.4-7ubuntu12.12dhcp: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server isc-dhcp-client:4.2.4-7ubuntu12.4
Medium CVE-2018-5733 isc-dhcp-client 4.2.4-7ubuntu12.44.2.4-7ubuntu12.12dhcp: Reference count overflow in dhcpd allows denial of service isc-dhcp-client:4.2.4-7ubuntu12.4
Medium CVE-2018-5732 isc-dhcp-common 4.2.4-7ubuntu12.44.2.4-7ubuntu12.12dhcp: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server isc-dhcp-common:4.2.4-7ubuntu12.4
Medium CVE-2018-5733 isc-dhcp-common 4.2.4-7ubuntu12.44.2.4-7ubuntu12.12dhcp: Reference count overflow in dhcpd allows denial of service isc-dhcp-common:4.2.4-7ubuntu12.4
Medium CVE-2015-8629 krb5-locales 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: xdr_nullstring() doesn't check for terminating null character krb5-locales:1.12+dfsg-2ubuntu5.2
Medium CVE-2015-8630 krb5-locales 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask krb5-locales:1.12+dfsg-2ubuntu5.2
Medium CVE-2015-8631 krb5-locales 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: Memory leak caused by supplying a null principal name in request krb5-locales:1.12+dfsg-2ubuntu5.2
Medium CVE-2016-3119 krb5-locales 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: null pointer dereference in kadmin krb5-locales:1.12+dfsg-2ubuntu5.2
Medium CVE-2016-3120 krb5-locales 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: S4U2Self KDC crash when anon is restricted krb5-locales:1.12+dfsg-2ubuntu5.2
Medium CVE-2017-11368 krb5-locales 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure krb5-locales:1.12+dfsg-2ubuntu5.2
Medium CVE-2015-8876 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Zend/zend_exceptions.c does not validate certain Exception objects libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2015-8935 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: HTTP response splitting in header() function libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-10160 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-10397 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect handling of URI components in URL parser libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5385 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19PHP: sets environmental variable based on user supplied Proxy request header libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5399 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Improper error handling in bzread() libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5768 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Double free in _php_mb_regex_ereg_replace_exec libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5769 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5772 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Double Free Corruption in wddx_deserialize libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6288 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Buffer over-read in php_url_parse_ex libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6289 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Integer overflow leads to buffer overflow in virtual_file_ex libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6290 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Use after free in unserialize() with Unexpected Session Deserialization libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6291 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6292 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Null pointer dereference in exif_process_user_comment libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6294 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Out-of-bounds access in locale_accept_from_http libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6295 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Use after free in SNMP with GC and unserialize() libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6296 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6297 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Stack-based buffer overflow vulnerability in php_stream_zip_opener libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7127 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: imagegammacorrect allows arbitrary write access libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7129 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize allows illegal memory access libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7130 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7131 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference with invalid xml libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7132 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference in php_wddx_pop_element libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7411 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Memory corruption when destructing deserialized object libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7412 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7413 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Use after free in wddx_deserialize libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7414 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7417 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Missing type check when unserializing SplArray libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7478 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Unserialize Exception object can lead to infinite loop libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7479 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-9934 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-9935 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Invalid read when wddx decodes empty boolean element libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11143 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect WDDX deserialization of boolean parameters leads to DoS libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11144 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect return value check of OpenSSL sealing function leads to crash libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11145 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: wddx_deserialize() heap out-of-bound read via php_parse_date() libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11147 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Out-of-bounds read in phar_parse_pharfile libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11628 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9224 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds stack read in match_at() during regular expression searching libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9226 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9227 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9228 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds heap write in bitset_set_range() libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9229 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Invalid pointer dereference in left_adjust_char_head() libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10545 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Dumpable FPM child processes allow bypassing opcache access controls libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10546 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10547 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Reflected XSS vulnerability on PHAR 403 and 404 error pages libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10548 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-14883 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.26php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract() libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-17082 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.26php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-5712 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.23php: Reflected XSS on PHAR 404 page libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-7584 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.24php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9020 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Invalid memory access in function xmlrpc_decode() libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9021 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Heap-based buffer over-read in PHAR reading functions libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9022 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: memcpy with negative length via crafted DNS response libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9023 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Heap-based buffer over-read in mbstring regular expression functions libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9024 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9638 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_MAKERNOTE libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9639 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_MAKERNOTE libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9640 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Invalid read in exif_process_SOFn() libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9641 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_TIFF libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11103 libasn1-8-heimdal 1.6~git20131207+dfsg-1ubuntu1.11.6~git20131207+dfsg-1ubuntu1.2krb5: Metadata taken from the unauthenticated plaintext libasn1-8-heimdal:1.6~git20131207+dfsg-1ubuntu1.1
Medium CVE-2015-8982 libc-bin 2.19-0ubuntu6.92.19-0ubuntu6.10glibc: multiple overflows in strxfrm() libc-bin:2.19-0ubuntu6.9
Medium CVE-2015-8983 libc-bin 2.19-0ubuntu6.92.19-0ubuntu6.10glibc: _IO_wstr_overflow integer overflow libc-bin:2.19-0ubuntu6.9
Medium CVE-2015-8984 libc-bin 2.19-0ubuntu6.92.19-0ubuntu6.10glibc: potential denial of service in internal_fnmatch() libc-bin:2.19-0ubuntu6.9
Medium CVE-2017-1000366 libc-bin 2.19-0ubuntu6.92.19-0ubuntu6.13glibc: heap/stack gap jumping via unbounded stack allocations libc-bin:2.19-0ubuntu6.9
Medium CVE-2015-8982 libc6 2.19-0ubuntu6.92.19-0ubuntu6.10glibc: multiple overflows in strxfrm() libc6:2.19-0ubuntu6.9
Medium CVE-2015-8983 libc6 2.19-0ubuntu6.92.19-0ubuntu6.10glibc: _IO_wstr_overflow integer overflow libc6:2.19-0ubuntu6.9
Medium CVE-2015-8984 libc6 2.19-0ubuntu6.92.19-0ubuntu6.10glibc: potential denial of service in internal_fnmatch() libc6:2.19-0ubuntu6.9
Medium CVE-2017-1000366 libc6 2.19-0ubuntu6.92.19-0ubuntu6.13glibc: heap/stack gap jumping via unbounded stack allocations libc6:2.19-0ubuntu6.9
Medium CVE-2017-10140 libdb5.3 5.3.28-3ubuntu35.3.28-3ubuntu3.1libdb: Reads DB_CONFIG from the current working directory libdb5.3:5.3.28-3ubuntu3
Medium CVE-2015-0245 libdbus-1-3 1.6.18-0ubuntu4.31.6.18-0ubuntu4.4dbus: denial of service in dbus systemd activation libdbus-1-3:1.6.18-0ubuntu4.3
Medium CVE-2012-6702 libexpat1 2.1.0-4ubuntu1.22.1.0-4ubuntu1.3expat: Using XML_Parse before rand() results into non-random output libexpat1:2.1.0-4ubuntu1.2
Medium CVE-2016-5300 libexpat1 2.1.0-4ubuntu1.22.1.0-4ubuntu1.3expat: Little entropy used for hash initialization libexpat1:2.1.0-4ubuntu1.2
Medium CVE-2017-9233 libexpat1 2.1.0-4ubuntu1.22.1.0-4ubuntu1.4expat: Inifinite loop due to invalid XML in external entity libexpat1:2.1.0-4ubuntu1.2
Medium CVE-2017-1000376 libffi6 3.1~rc1+r3.0.13-12ubuntu0.13.1~rc1+r3.0.13-12ubuntu0.2libffi requests an executable stack allowing attackers to more easily ... libffi6:3.1~rc1+r3.0.13-12ubuntu0.1
Medium CVE-2016-5384 libfontconfig1 2.11.0-0ubuntu4.12.11.0-0ubuntu4.2fontconfig: Possible double free due to insufficiently validated cache files libfontconfig1:2.11.0-0ubuntu4.1
Medium CVE-2016-10244 libfreetype6 2.5.2-1ubuntu2.52.5.2-1ubuntu2.6freetype: parse_charstrings function in type1/t1load.c does not ensure that a font contains a glyph name libfreetype6:2.5.2-1ubuntu2.5
Medium CVE-2016-10328 libfreetype6 2.5.2-1ubuntu2.52.5.2-1ubuntu2.7freetype: heap-based buffer overflow related to the cff_parser_run function libfreetype6:2.5.2-1ubuntu2.5
Medium CVE-2017-8105 libfreetype6 2.5.2-1ubuntu2.52.5.2-1ubuntu2.8freetype: heap-based buffer overflow related to the t1_decoder_parse_charstrings libfreetype6:2.5.2-1ubuntu2.5
Medium CVE-2017-8287 libfreetype6 2.5.2-1ubuntu2.52.5.2-1ubuntu2.8freetype: heap-based buffer overflow related to the t1_builder_close_contour function libfreetype6:2.5.2-1ubuntu2.5
Medium CVE-2017-7526 libgcrypt11 1.5.3-2ubuntu4.31.5.3-2ubuntu4.5libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery libgcrypt11:1.5.3-2ubuntu4.3
Medium CVE-2016-10166 libgd3 2.1.0-3ubuntu0.12.1.0-3ubuntu0.6gd: Unsigned integer underflow _gdContributionsAlloc() libgd3:2.1.0-3ubuntu0.1
Medium CVE-2016-10167 libgd3 2.1.0-3ubuntu0.12.1.0-3ubuntu0.6gd: DoS vulnerability in gdImageCreateFromGd2Ctx() libgd3:2.1.0-3ubuntu0.1
Medium CVE-2016-10168 libgd3 2.1.0-3ubuntu0.12.1.0-3ubuntu0.6gd: Integer overflow in gd_io.c libgd3:2.1.0-3ubuntu0.1
Medium CVE-2016-5766 libgd3 2.1.0-3ubuntu0.12.1.0-3ubuntu0.2gd: Integer overflow in _gd2GetHeader() resulting in heap overflow libgd3:2.1.0-3ubuntu0.1
Medium CVE-2016-6128 libgd3 2.1.0-3ubuntu0.12.1.0-3ubuntu0.2gd: Invalid color index not properly handled libgd3:2.1.0-3ubuntu0.1
Medium CVE-2016-6207 libgd3 2.1.0-3ubuntu0.12.1.0-3ubuntu0.3php,gd: Integer overflow error within _gdContributionsAlloc() libgd3:2.1.0-3ubuntu0.1
Medium CVE-2016-6905 libgd3 2.1.0-3ubuntu0.12.1.0-3ubuntu0.3gd: Out-of-bounds read in function read_image_tga in gd_tga.c libgd3:2.1.0-3ubuntu0.1
Medium CVE-2016-6911 libgd3 2.1.0-3ubuntu0.12.1.0-3ubuntu0.5gd, php: Missing check for OOB read in dynamicGetbuf() libgd3:2.1.0-3ubuntu0.1
Medium CVE-2016-6912 libgd3 2.1.0-3ubuntu0.12.1.0-3ubuntu0.6gd, php: Double free in gdImageWebpPtr() libgd3:2.1.0-3ubuntu0.1
Medium CVE-2016-7568 libgd3 2.1.0-3ubuntu0.12.1.0-3ubuntu0.5gd, php: Integer overflow in gdImageWebpCtx libgd3:2.1.0-3ubuntu0.1
Medium CVE-2016-8670 libgd3 2.1.0-3ubuntu0.12.1.0-3ubuntu0.5gd, php: Stack based buffer overflow in dynamicGetbuf libgd3:2.1.0-3ubuntu0.1
Medium CVE-2017-6362 libgd3 2.1.0-3ubuntu0.12.1.0-3ubuntu0.8gd: Double free in the gdImagePngPtr function libgd3:2.1.0-3ubuntu0.1
Medium CVE-2017-7890 libgd3 2.1.0-3ubuntu0.12.1.0-3ubuntu0.7php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function libgd3:2.1.0-3ubuntu0.1
Medium CVE-2018-1000222 libgd3 2.1.0-3ubuntu0.12.1.0-3ubuntu0.10gd: Double free in src/gd_bump.c:gdImageBmpPtr() via crafted JPEG libgd3:2.1.0-3ubuntu0.1
Medium CVE-2019-6977 libgd3 2.1.0-3ubuntu0.12.1.0-3ubuntu0.11gd: Heap-based buffer overflow in gdImageColorMatch() in gd_color_match.c libgd3:2.1.0-3ubuntu0.1
Medium CVE-2017-5335 libgnutls-openssl27 2.12.23-12ubuntu2.52.12.23-12ubuntu2.6gnutls: Out of memory while parsing crafted OpenPGP certificate libgnutls-openssl27:2.12.23-12ubuntu2.5
Medium CVE-2017-5336 libgnutls-openssl27 2.12.23-12ubuntu2.52.12.23-12ubuntu2.6gnutls: Stack overflow in cdk_pk_get_keyid libgnutls-openssl27:2.12.23-12ubuntu2.5
Medium CVE-2017-5337 libgnutls-openssl27 2.12.23-12ubuntu2.52.12.23-12ubuntu2.6gnutls: Heap read overflow in read-packet.c libgnutls-openssl27:2.12.23-12ubuntu2.5
Medium CVE-2017-5335 libgnutls26 2.12.23-12ubuntu2.52.12.23-12ubuntu2.6gnutls: Out of memory while parsing crafted OpenPGP certificate libgnutls26:2.12.23-12ubuntu2.5
Medium CVE-2017-5336 libgnutls26 2.12.23-12ubuntu2.52.12.23-12ubuntu2.6gnutls: Stack overflow in cdk_pk_get_keyid libgnutls26:2.12.23-12ubuntu2.5
Medium CVE-2017-5337 libgnutls26 2.12.23-12ubuntu2.52.12.23-12ubuntu2.6gnutls: Heap read overflow in read-packet.c libgnutls26:2.12.23-12ubuntu2.5
Medium CVE-2015-8629 libgssapi-krb5-2 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: xdr_nullstring() doesn't check for terminating null character libgssapi-krb5-2:1.12+dfsg-2ubuntu5.2
Medium CVE-2015-8630 libgssapi-krb5-2 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask libgssapi-krb5-2:1.12+dfsg-2ubuntu5.2
Medium CVE-2015-8631 libgssapi-krb5-2 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: Memory leak caused by supplying a null principal name in request libgssapi-krb5-2:1.12+dfsg-2ubuntu5.2
Medium CVE-2016-3119 libgssapi-krb5-2 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: null pointer dereference in kadmin libgssapi-krb5-2:1.12+dfsg-2ubuntu5.2
Medium CVE-2016-3120 libgssapi-krb5-2 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: S4U2Self KDC crash when anon is restricted libgssapi-krb5-2:1.12+dfsg-2ubuntu5.2
Medium CVE-2017-11368 libgssapi-krb5-2 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure libgssapi-krb5-2:1.12+dfsg-2ubuntu5.2
Medium CVE-2017-11103 libgssapi3-heimdal 1.6~git20131207+dfsg-1ubuntu1.11.6~git20131207+dfsg-1ubuntu1.2krb5: Metadata taken from the unauthenticated plaintext libgssapi3-heimdal:1.6~git20131207+dfsg-1ubuntu1.1
Medium CVE-2017-11103 libhcrypto4-heimdal 1.6~git20131207+dfsg-1ubuntu1.11.6~git20131207+dfsg-1ubuntu1.2krb5: Metadata taken from the unauthenticated plaintext libhcrypto4-heimdal:1.6~git20131207+dfsg-1ubuntu1.1
Medium CVE-2017-11103 libheimbase1-heimdal 1.6~git20131207+dfsg-1ubuntu1.11.6~git20131207+dfsg-1ubuntu1.2krb5: Metadata taken from the unauthenticated plaintext libheimbase1-heimdal:1.6~git20131207+dfsg-1ubuntu1.1
Medium CVE-2017-11103 libheimntlm0-heimdal 1.6~git20131207+dfsg-1ubuntu1.11.6~git20131207+dfsg-1ubuntu1.2krb5: Metadata taken from the unauthenticated plaintext libheimntlm0-heimdal:1.6~git20131207+dfsg-1ubuntu1.1
Medium CVE-2017-11103 libhx509-5-heimdal 1.6~git20131207+dfsg-1ubuntu1.11.6~git20131207+dfsg-1ubuntu1.2krb5: Metadata taken from the unauthenticated plaintext libhx509-5-heimdal:1.6~git20131207+dfsg-1ubuntu1.1
Medium CVE-2016-6261 libidn11 1.28-1ubuntu21.28-1ubuntu2.1libidn: Out of bounds stack read in idna_to_ascii_4i libidn11:1.28-1ubuntu2
Medium CVE-2016-6262 libidn11 1.28-1ubuntu21.28-1ubuntu2.1libidn: Out-of-bounds read when reading zero byte as input libidn11:1.28-1ubuntu2
Medium CVE-2016-6263 libidn11 1.28-1ubuntu21.28-1ubuntu2.1libidn: Crash when given invalid UTF-8 data on input libidn11:1.28-1ubuntu2
Medium CVE-2017-14062 libidn11 1.28-1ubuntu21.28-1ubuntu2.2libidn2: Integer overflow in puny_decode.c/decode_digit libidn11:1.28-1ubuntu2
Medium CVE-2015-8629 libk5crypto3 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: xdr_nullstring() doesn't check for terminating null character libk5crypto3:1.12+dfsg-2ubuntu5.2
Medium CVE-2015-8630 libk5crypto3 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask libk5crypto3:1.12+dfsg-2ubuntu5.2
Medium CVE-2015-8631 libk5crypto3 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: Memory leak caused by supplying a null principal name in request libk5crypto3:1.12+dfsg-2ubuntu5.2
Medium CVE-2016-3119 libk5crypto3 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: null pointer dereference in kadmin libk5crypto3:1.12+dfsg-2ubuntu5.2
Medium CVE-2016-3120 libk5crypto3 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: S4U2Self KDC crash when anon is restricted libk5crypto3:1.12+dfsg-2ubuntu5.2
Medium CVE-2017-11368 libk5crypto3 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure libk5crypto3:1.12+dfsg-2ubuntu5.2
Medium CVE-2017-11103 libkrb5-26-heimdal 1.6~git20131207+dfsg-1ubuntu1.11.6~git20131207+dfsg-1ubuntu1.2krb5: Metadata taken from the unauthenticated plaintext libkrb5-26-heimdal:1.6~git20131207+dfsg-1ubuntu1.1
Medium CVE-2015-8629 libkrb5-3 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: xdr_nullstring() doesn't check for terminating null character libkrb5-3:1.12+dfsg-2ubuntu5.2
Medium CVE-2015-8630 libkrb5-3 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask libkrb5-3:1.12+dfsg-2ubuntu5.2
Medium CVE-2015-8631 libkrb5-3 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: Memory leak caused by supplying a null principal name in request libkrb5-3:1.12+dfsg-2ubuntu5.2
Medium CVE-2016-3119 libkrb5-3 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: null pointer dereference in kadmin libkrb5-3:1.12+dfsg-2ubuntu5.2
Medium CVE-2016-3120 libkrb5-3 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: S4U2Self KDC crash when anon is restricted libkrb5-3:1.12+dfsg-2ubuntu5.2
Medium CVE-2017-11368 libkrb5-3 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure libkrb5-3:1.12+dfsg-2ubuntu5.2
Medium CVE-2015-8629 libkrb5support0 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: xdr_nullstring() doesn't check for terminating null character libkrb5support0:1.12+dfsg-2ubuntu5.2
Medium CVE-2015-8630 libkrb5support0 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask libkrb5support0:1.12+dfsg-2ubuntu5.2
Medium CVE-2015-8631 libkrb5support0 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: Memory leak caused by supplying a null principal name in request libkrb5support0:1.12+dfsg-2ubuntu5.2
Medium CVE-2016-3119 libkrb5support0 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: null pointer dereference in kadmin libkrb5support0:1.12+dfsg-2ubuntu5.2
Medium CVE-2016-3120 libkrb5support0 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: S4U2Self KDC crash when anon is restricted libkrb5support0:1.12+dfsg-2ubuntu5.2
Medium CVE-2017-11368 libkrb5support0 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure libkrb5support0:1.12+dfsg-2ubuntu5.2
Medium CVE-2017-9287 libldap-2.4-2 2.4.31-1+nmu2ubuntu8.22.4.31-1+nmu2ubuntu8.4openldap: Double free vulnerability in servers/slapd/back-mdb/search.c libldap-2.4-2:2.4.31-1+nmu2ubuntu8.2
Medium CVE-2016-3477 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.50-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-3492 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.52-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU October 2016) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-3521 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.50-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: Types (CPU July 2016) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-3615 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.50-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: DML (CPU July 2016) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-5440 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.50-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: RBR (CPU July 2016) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-5584 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.53-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU October 2016) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-5612 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.52-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-5624 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.52-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-5626 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.52-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: GIS (CPU October 2016) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-5629 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.52-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: Federated (CPU October 2016) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-6662 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.52-0ubuntu0.14.04.1mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-6663 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.52-0ubuntu0.14.04.1CVE-2016-5616 CVE-2016-6663 mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-6664 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.52-0ubuntu0.14.04.1CVE-2016-5617 mysql: insecure error log file handling in mysqld_safe (CPU Oct 2016) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-7440 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.53-0ubuntu0.14.04.1yaSSL: AES key leak via cache-bank timing side channel attack libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-8283 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.52-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: Types (CPU October 2016) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-10268 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.58-0ubuntu0.14.04.1mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-10378 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.58-0ubuntu0.14.04.1mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-10379 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.58-0ubuntu0.14.04.1mysql: Client programs unspecified vulnerability (CPU Oct 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-10384 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.58-0ubuntu0.14.04.1mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3238 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3243 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: Server: Charsets unspecified vulnerability (CPU Jan 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3244 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: Server: DML unspecified vulnerability (CPU Jan 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3258 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: Server: DDL unspecified vulnerability (CPU Jan 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3265 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: unsafe chmod/chown use in init script (CPU Jan 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3291 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: unrestricted mysqld_safe's ledir (CPU Jan 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3305 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: incorrect enforcement of ssl-mode=REQUIRED in MySQL 5.5 and 5.6 libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3308 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: Server: DML unspecified vulnerability (CPU Apr 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3309 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3312 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 fix (CPU Jan 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3313 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: Server: MyISAM unspecified vulnerability (CPU Jan 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3317 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: Logging unspecified vulnerability (CPU Jan 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3318 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: Server: Error Handling unspecified vulnerability (CPU Jan 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3329 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: Server: Thread Pooling unspecified vulnerability (CPU Apr 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3453 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3456 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: Server: DML unspecified vulnerability (CPU Apr 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3461 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3462 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3463 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3464 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: Server: DDL unspecified vulnerability (CPU Apr 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3600 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mariadb, mysql: Incorrect input validation allowing code execution via mysqldump libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3635 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.57-0ubuntu0.14.04.1mysql: C API unspecified vulnerability (CPU Jul 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3636 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.57-0ubuntu0.14.04.1mysql: Client programs unspecified vulnerability (CPU Jul 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3641 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.57-0ubuntu0.14.04.1mysql: Server: DML unspecified vulnerability (CPU Jul 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3648 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.57-0ubuntu0.14.04.1mysql: Server: Charsets unspecified vulnerability (CPU Jul 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3651 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.57-0ubuntu0.14.04.1mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3652 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.57-0ubuntu0.14.04.1mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3653 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.57-0ubuntu0.14.04.1mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2562 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.59-0ubuntu0.14.04.1mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2622 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.59-0ubuntu0.14.04.1mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2640 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.59-0ubuntu0.14.04.1mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2665 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.59-0ubuntu0.14.04.1mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2668 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.59-0ubuntu0.14.04.1mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2755 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.60-0ubuntu0.14.04.1mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2761 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.60-0ubuntu0.14.04.1mysql: Client programs unspecified vulnerability (CPU Apr 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2767 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.61-0ubuntu0.14.04.1mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2771 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.60-0ubuntu0.14.04.1mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2773 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.60-0ubuntu0.14.04.1mysql: pid file can be created in a world-writeable directory (CPU Apr 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2781 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.60-0ubuntu0.14.04.1mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2813 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.60-0ubuntu0.14.04.1mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2817 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.60-0ubuntu0.14.04.1mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2818 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.60-0ubuntu0.14.04.1mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2819 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.60-0ubuntu0.14.04.1mysql: InnoDB unspecified vulnerability (CPU Apr 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-3058 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.61-0ubuntu0.14.04.1mysql: MyISAM unspecified vulnerability (CPU Jul 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-3063 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.61-0ubuntu0.14.04.1mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-3066 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.61-0ubuntu0.14.04.1mysql: Server: Options unspecified vulnerability (CPU Jul 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-3070 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.61-0ubuntu0.14.04.1mysql: Client mysqldump unspecified vulnerability (CPU Jul 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-3081 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.61-0ubuntu0.14.04.1mysql: Client programs unspecified vulnerability (CPU Jul 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-3133 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.62-0ubuntu0.14.04.1mysql: Server: Parser unspecified vulnerability (CPU Oct 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-3174 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.62-0ubuntu0.14.04.1mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-3282 libmysqlclient18 5.5.49-0ubuntu0.14.04.15.5.62-0ubuntu0.14.04.1mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) libmysqlclient18:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-1122 libprocps3 1:3.3.9-1ubuntu2.21:3.3.9-1ubuntu2.3procps-ng, procps: Local privilege escalation in top libprocps3:1:3.3.9-1ubuntu2.2
Medium CVE-2018-1123 libprocps3 1:3.3.9-1ubuntu2.21:3.3.9-1ubuntu2.3procps-ng, procps: denial of service in ps via mmap buffer overflow libprocps3:1:3.3.9-1ubuntu2.2
Medium CVE-2018-1124 libprocps3 1:3.3.9-1ubuntu2.21:3.3.9-1ubuntu2.3procps-ng, procps: Integer overflows leading to heap overflow in file2strvec libprocps3:1:3.3.9-1ubuntu2.2
Medium CVE-2018-1125 libprocps3 1:3.3.9-1ubuntu2.21:3.3.9-1ubuntu2.3procps-ng, procps: stack buffer overflow in pgrep libprocps3:1:3.3.9-1ubuntu2.2
Medium CVE-2018-1126 libprocps3 1:3.3.9-1ubuntu2.21:3.3.9-1ubuntu2.3procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues libprocps3:1:3.3.9-1ubuntu2.2
Medium CVE-2016-0772 libpython2.7-minimal 2.7.6-8ubuntu0.22.7.6-8ubuntu0.3python: smtplib StartTLS stripping attack libpython2.7-minimal:2.7.6-8ubuntu0.2
Medium CVE-2016-1000110 libpython2.7-minimal 2.7.6-8ubuntu0.22.7.6-8ubuntu0.3Python CGIHandler: sets environmental variable based on user supplied Proxy request header libpython2.7-minimal:2.7.6-8ubuntu0.2
Medium CVE-2016-5636 libpython2.7-minimal 2.7.6-8ubuntu0.22.7.6-8ubuntu0.3python: Heap overflow in zipimporter module libpython2.7-minimal:2.7.6-8ubuntu0.2
Medium CVE-2016-5699 libpython2.7-minimal 2.7.6-8ubuntu0.22.7.6-8ubuntu0.3python: http protocol steam injection attack libpython2.7-minimal:2.7.6-8ubuntu0.2
Medium CVE-2017-1000158 libpython2.7-minimal 2.7.6-8ubuntu0.22.7.6-8ubuntu0.4python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow libpython2.7-minimal:2.7.6-8ubuntu0.2
Medium CVE-2018-1000802 libpython2.7-minimal 2.7.6-8ubuntu0.22.7.6-8ubuntu0.5python: Command injection in the shutil module libpython2.7-minimal:2.7.6-8ubuntu0.2
Medium CVE-2018-14647 libpython2.7-minimal 2.7.6-8ubuntu0.22.7.6-8ubuntu0.5python: Missing salt initialization in _elementtree.c module libpython2.7-minimal:2.7.6-8ubuntu0.2
Medium CVE-2016-0772 libpython2.7-stdlib 2.7.6-8ubuntu0.22.7.6-8ubuntu0.3python: smtplib StartTLS stripping attack libpython2.7-stdlib:2.7.6-8ubuntu0.2
Medium CVE-2016-1000110 libpython2.7-stdlib 2.7.6-8ubuntu0.22.7.6-8ubuntu0.3Python CGIHandler: sets environmental variable based on user supplied Proxy request header libpython2.7-stdlib:2.7.6-8ubuntu0.2
Medium CVE-2016-5636 libpython2.7-stdlib 2.7.6-8ubuntu0.22.7.6-8ubuntu0.3python: Heap overflow in zipimporter module libpython2.7-stdlib:2.7.6-8ubuntu0.2
Medium CVE-2016-5699 libpython2.7-stdlib 2.7.6-8ubuntu0.22.7.6-8ubuntu0.3python: http protocol steam injection attack libpython2.7-stdlib:2.7.6-8ubuntu0.2
Medium CVE-2017-1000158 libpython2.7-stdlib 2.7.6-8ubuntu0.22.7.6-8ubuntu0.4python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow libpython2.7-stdlib:2.7.6-8ubuntu0.2
Medium CVE-2018-1000802 libpython2.7-stdlib 2.7.6-8ubuntu0.22.7.6-8ubuntu0.5python: Command injection in the shutil module libpython2.7-stdlib:2.7.6-8ubuntu0.2
Medium CVE-2018-14647 libpython2.7-stdlib 2.7.6-8ubuntu0.22.7.6-8ubuntu0.5python: Missing salt initialization in _elementtree.c module libpython2.7-stdlib:2.7.6-8ubuntu0.2
Medium CVE-2016-0772 libpython3.4-minimal 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.5python: smtplib StartTLS stripping attack libpython3.4-minimal:3.4.3-1ubuntu1~14.04.3
Medium CVE-2016-1000110 libpython3.4-minimal 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.5Python CGIHandler: sets environmental variable based on user supplied Proxy request header libpython3.4-minimal:3.4.3-1ubuntu1~14.04.3
Medium CVE-2016-5636 libpython3.4-minimal 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.5python: Heap overflow in zipimporter module libpython3.4-minimal:3.4.3-1ubuntu1~14.04.3
Medium CVE-2016-5699 libpython3.4-minimal 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.5python: http protocol steam injection attack libpython3.4-minimal:3.4.3-1ubuntu1~14.04.3
Medium CVE-2017-1000158 libpython3.4-minimal 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.6python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow libpython3.4-minimal:3.4.3-1ubuntu1~14.04.3
Medium CVE-2018-1000802 libpython3.4-minimal 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.7python: Command injection in the shutil module libpython3.4-minimal:3.4.3-1ubuntu1~14.04.3
Medium CVE-2018-14647 libpython3.4-minimal 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.7python: Missing salt initialization in _elementtree.c module libpython3.4-minimal:3.4.3-1ubuntu1~14.04.3
Medium CVE-2016-0772 libpython3.4-stdlib 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.5python: smtplib StartTLS stripping attack libpython3.4-stdlib:3.4.3-1ubuntu1~14.04.3
Medium CVE-2016-1000110 libpython3.4-stdlib 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.5Python CGIHandler: sets environmental variable based on user supplied Proxy request header libpython3.4-stdlib:3.4.3-1ubuntu1~14.04.3
Medium CVE-2016-5636 libpython3.4-stdlib 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.5python: Heap overflow in zipimporter module libpython3.4-stdlib:3.4.3-1ubuntu1~14.04.3
Medium CVE-2016-5699 libpython3.4-stdlib 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.5python: http protocol steam injection attack libpython3.4-stdlib:3.4.3-1ubuntu1~14.04.3
Medium CVE-2017-1000158 libpython3.4-stdlib 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.6python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow libpython3.4-stdlib:3.4.3-1ubuntu1~14.04.3
Medium CVE-2018-1000802 libpython3.4-stdlib 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.7python: Command injection in the shutil module libpython3.4-stdlib:3.4.3-1ubuntu1~14.04.3
Medium CVE-2018-14647 libpython3.4-stdlib 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.7python: Missing salt initialization in _elementtree.c module libpython3.4-stdlib:3.4.3-1ubuntu1~14.04.3
Medium CVE-2017-11103 libroken18-heimdal 1.6~git20131207+dfsg-1ubuntu1.11.6~git20131207+dfsg-1ubuntu1.2krb5: Metadata taken from the unauthenticated plaintext libroken18-heimdal:1.6~git20131207+dfsg-1ubuntu1.1
Medium CVE-2016-6303 libssl1.0.0 1.0.1f-1ubuntu2.191.0.1f-1ubuntu2.20openssl: Integer overflow in MDC2_Update() libssl1.0.0:1.0.1f-1ubuntu2.19
Medium CVE-2016-6306 libssl1.0.0 1.0.1f-1ubuntu2.191.0.1f-1ubuntu2.20openssl: certificate message OOB reads libssl1.0.0:1.0.1f-1ubuntu2.19
Medium CVE-2016-7056 libssl1.0.0 1.0.1f-1ubuntu2.191.0.1f-1ubuntu2.22openssl: ECDSA P-256 timing attack key recovery libssl1.0.0:1.0.1f-1ubuntu2.19
Medium CVE-2017-3731 libssl1.0.0 1.0.1f-1ubuntu2.191.0.1f-1ubuntu2.22openssl: Truncated packet could crash via OOB read libssl1.0.0:1.0.1f-1ubuntu2.19
Medium CVE-2018-0739 libssl1.0.0 1.0.1f-1ubuntu2.191.0.1f-1ubuntu2.24openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service libssl1.0.0:1.0.1f-1ubuntu2.19
Medium CVE-2017-6891 libtasn1-6 3.4-3ubuntu0.43.4-3ubuntu0.5libtasn1: Stack-based buffer overflow in asn1_find_node() libtasn1-6:3.4-3ubuntu0.4
Medium CVE-2015-7554 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-10092 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: Heap-based buffer overflow in _TIFFFax3fillruns libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-10093 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: Integer overflow in DECLAREreadFunc libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-10094 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: Off-by-one error in t2p_readwrite_pdf_image_tile() causing heap buffer overflow libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-10271 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: Heap-based buffer overflow in tif_fax3.c libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-3186 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.9libtiff: buffer overflow in gif2tiff libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-3624 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: out of bounds write in the rgb2ycybr tool libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-3632 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: out-of-bounds write in _TIFFVGetField function libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-3945 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: out-of-bounds write in the tiff2rgba tool libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-3990 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: out-of-bounds write in horizontalDifference8() libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-5314 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: Out-of-bounds write in PixarLogDecode() function libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-5315 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: Out-of-bounds read in setByteArray() function in tif_dir.c libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-5316 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: Out-of-bounds read in PixarLogCleanup() function in tif_pixarlog.c libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-5317 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: Out-of-bounds write in PixarLogDecode() function in libtiff.so libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-5321 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: tiffcrop readSeparateTilesIntoBuffer() memory corruption libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-5322 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: Out-of-bounds read in extractContigSamplesBytes() function libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-8331 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: FAX IFD Entry Parsing Type Confusion libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-9453 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: Out-of-bounds access in t2p_readwrite_pdf_image_tile() libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-9533 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: PixarLog horizontalDifference heap-buffer-overflow libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-9534 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: TIFFFlushData1 heap-buffer-overflow libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2016-9535 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: Predictor heap-buffer-overflow libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2017-5225 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.6libtiff: Heap-buffer overflow in tools/tiffcp via crafted BitsPerSample value libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2017-7592 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.8libtiff: Left shift of unsigned char without a cast libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2017-7593 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.8libtiff: tif_rawdata not properly initialized in tif_read.c libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2017-7594 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.8libtiff: Memory leak in OJPEGReadHeaderInfoSecTablesDcTable function libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2017-7595 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.8libtiff: Divide-by-zero in JPEGSetupEncode (tiff_jpeg.c) libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2017-7596 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.8libtiff: Float out of range issue in tif_dir.c libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2017-7597 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.8libtiff: Float out of range issue in tif_dirread.c libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2017-7598 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.8libtiff: Divide-by-zero in tif_dirread.c libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2017-7599 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.8libtiff: Unsigned short out of range in tif_dirwrite.c libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2017-7600 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.8libtiff: Unsigned char out of range in tif_dirwrite.c libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2017-7601 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.8libtiff: Signed integer overflow in tif_jpeg.c libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2017-7602 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.8libtiff: Signed integer overflow in tif_read.c libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2017-9935 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.9libtiff: Heap-based buffer overflow in t2p_write_pdf function libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2017-9936 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.8libtiff: memory leak in tif_jbig.c libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2018-16335 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.9libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2018-17100 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.10libtiff: Integer overflow in multiply_ms in tools/ppm2tiff.c libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2018-17101 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.10libtiff: Two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2018-17795 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.9libtiff: Heap-based buffer overflow in tiff2pdf.c:t2p_write_pdf() libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2018-18557 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.10libtiff: Out-of-bounds write in tif_jbig.c libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2019-7663 libtiff5 4.0.3-7ubuntu0.44.0.3-7ubuntu0.11libtiff: integer overflow in libtiff/tif_dirwrite.c resulting in an invalid pointer dereference libtiff5:4.0.3-7ubuntu0.4
Medium CVE-2018-1049 libudev1 204-5ubuntu20.19204-5ubuntu20.26systemd: automount: access to automounted volumes can lock up libudev1:204-5ubuntu20.19
Medium CVE-2019-3842 libudev1 204-5ubuntu20.19204-5ubuntu20.31systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" libudev1:204-5ubuntu20.19
Medium CVE-2017-11103 libwind0-heimdal 1.6~git20131207+dfsg-1ubuntu1.11.6~git20131207+dfsg-1ubuntu1.2krb5: Metadata taken from the unauthenticated plaintext libwind0-heimdal:1.6~git20131207+dfsg-1ubuntu1.1
Medium CVE-2018-14598 libx11-6 2:1.6.2-1ubuntu22:1.6.2-1ubuntu2.1libX11: Crash on invalid reply in XListExtensions in ListExt.c libx11-6:2:1.6.2-1ubuntu2
Medium CVE-2018-14599 libx11-6 2:1.6.2-1ubuntu22:1.6.2-1ubuntu2.1libX11: Off-by-one error in XListExtensions in ListExt.c libx11-6:2:1.6.2-1ubuntu2
Medium CVE-2018-14600 libx11-6 2:1.6.2-1ubuntu22:1.6.2-1ubuntu2.1libX11: Out of Bounds write in XListExtensions in ListExt.c libx11-6:2:1.6.2-1ubuntu2
Medium CVE-2018-14598 libx11-data 2:1.6.2-1ubuntu22:1.6.2-1ubuntu2.1libX11: Crash on invalid reply in XListExtensions in ListExt.c libx11-data:2:1.6.2-1ubuntu2
Medium CVE-2018-14599 libx11-data 2:1.6.2-1ubuntu22:1.6.2-1ubuntu2.1libX11: Off-by-one error in XListExtensions in ListExt.c libx11-data:2:1.6.2-1ubuntu2
Medium CVE-2018-14600 libx11-data 2:1.6.2-1ubuntu22:1.6.2-1ubuntu2.1libX11: Out of Bounds write in XListExtensions in ListExt.c libx11-data:2:1.6.2-1ubuntu2
Medium CVE-2016-4658 libxml2 2.9.1+dfsg1-3ubuntu4.82.9.1+dfsg1-3ubuntu4.9libxml2: Use after free via namespace node in XPointer ranges libxml2:2.9.1+dfsg1-3ubuntu4.8
Medium CVE-2016-5131 libxml2 2.9.1+dfsg1-3ubuntu4.82.9.1+dfsg1-3ubuntu4.9libxml2: Use after free triggered by XPointer paths beginning with range-to libxml2:2.9.1+dfsg1-3ubuntu4.8
Medium CVE-2017-0663 libxml2 2.9.1+dfsg1-3ubuntu4.82.9.1+dfsg1-3ubuntu4.10libxml2: Heap buffer overflow in xmlAddID libxml2:2.9.1+dfsg1-3ubuntu4.8
Medium CVE-2017-15412 libxml2 2.9.1+dfsg1-3ubuntu4.82.9.1+dfsg1-3ubuntu4.12libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c libxml2:2.9.1+dfsg1-3ubuntu4.8
Medium CVE-2017-7375 libxml2 2.9.1+dfsg1-3ubuntu4.82.9.1+dfsg1-3ubuntu4.10libxml2: Missing validation for external entities in xmlParsePEReference libxml2:2.9.1+dfsg1-3ubuntu4.8
Medium CVE-2017-7376 libxml2 2.9.1+dfsg1-3ubuntu4.82.9.1+dfsg1-3ubuntu4.10libxml2: Incorrect limit used for port values libxml2:2.9.1+dfsg1-3ubuntu4.8
Medium CVE-2017-9047 libxml2 2.9.1+dfsg1-3ubuntu4.82.9.1+dfsg1-3ubuntu4.10libxml2: Buffer overflow in function xmlSnprintfElementContent libxml2:2.9.1+dfsg1-3ubuntu4.8
Medium CVE-2017-9048 libxml2 2.9.1+dfsg1-3ubuntu4.82.9.1+dfsg1-3ubuntu4.10libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent libxml2:2.9.1+dfsg1-3ubuntu4.8
Medium CVE-2017-9049 libxml2 2.9.1+dfsg1-3ubuntu4.82.9.1+dfsg1-3ubuntu4.10libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey libxml2:2.9.1+dfsg1-3ubuntu4.8
Medium CVE-2017-9050 libxml2 2.9.1+dfsg1-3ubuntu4.82.9.1+dfsg1-3ubuntu4.10libxml2: Heap-based buffer over-read in function xmlDictAddString libxml2:2.9.1+dfsg1-3ubuntu4.8
Medium CVE-2018-14404 libxml2 2.9.1+dfsg1-3ubuntu4.82.9.1+dfsg1-3ubuntu4.13libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c libxml2:2.9.1+dfsg1-3ubuntu4.8
Medium CVE-2018-14567 libxml2 2.9.1+dfsg1-3ubuntu4.82.9.1+dfsg1-3ubuntu4.13libxml2: Infinite loop caused by incorrect error detection during LZMA decompression libxml2:2.9.1+dfsg1-3ubuntu4.8
Medium CVE-2016-10164 libxpm4 1:3.5.10-11:3.5.10-1ubuntu0.1libXpm: Out-of-bounds write in XPM extension parsing libxpm4:1:3.5.10-1
Medium CVE-2016-6252 login 1:4.1.5.1-1ubuntu9.21:4.1.5.1-1ubuntu9.4shadow-utils: Incorrect integer handling results in LPE login:1:4.1.5.1-1ubuntu9.2
Medium CVE-2017-2616 login 1:4.1.5.1-1ubuntu9.21:4.1.5.1-1ubuntu9.4util-linux: Sending SIGKILL to other processes with root privileges via su login:1:4.1.5.1-1ubuntu9.2
Medium CVE-2015-8982 multiarch-support 2.19-0ubuntu6.92.19-0ubuntu6.10glibc: multiple overflows in strxfrm() multiarch-support:2.19-0ubuntu6.9
Medium CVE-2015-8983 multiarch-support 2.19-0ubuntu6.92.19-0ubuntu6.10glibc: _IO_wstr_overflow integer overflow multiarch-support:2.19-0ubuntu6.9
Medium CVE-2015-8984 multiarch-support 2.19-0ubuntu6.92.19-0ubuntu6.10glibc: potential denial of service in internal_fnmatch() multiarch-support:2.19-0ubuntu6.9
Medium CVE-2017-1000366 multiarch-support 2.19-0ubuntu6.92.19-0ubuntu6.13glibc: heap/stack gap jumping via unbounded stack allocations multiarch-support:2.19-0ubuntu6.9
Medium CVE-2016-3477 mysql-common 5.5.49-0ubuntu0.14.04.15.5.50-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-3492 mysql-common 5.5.49-0ubuntu0.14.04.15.5.52-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU October 2016) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-3521 mysql-common 5.5.49-0ubuntu0.14.04.15.5.50-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: Types (CPU July 2016) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-3615 mysql-common 5.5.49-0ubuntu0.14.04.15.5.50-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: DML (CPU July 2016) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-5440 mysql-common 5.5.49-0ubuntu0.14.04.15.5.50-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: RBR (CPU July 2016) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-5584 mysql-common 5.5.49-0ubuntu0.14.04.15.5.53-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU October 2016) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-5612 mysql-common 5.5.49-0ubuntu0.14.04.15.5.52-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-5624 mysql-common 5.5.49-0ubuntu0.14.04.15.5.52-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-5626 mysql-common 5.5.49-0ubuntu0.14.04.15.5.52-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: GIS (CPU October 2016) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-5629 mysql-common 5.5.49-0ubuntu0.14.04.15.5.52-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: Federated (CPU October 2016) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-6662 mysql-common 5.5.49-0ubuntu0.14.04.15.5.52-0ubuntu0.14.04.1mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-6663 mysql-common 5.5.49-0ubuntu0.14.04.15.5.52-0ubuntu0.14.04.1CVE-2016-5616 CVE-2016-6663 mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-6664 mysql-common 5.5.49-0ubuntu0.14.04.15.5.52-0ubuntu0.14.04.1CVE-2016-5617 mysql: insecure error log file handling in mysqld_safe (CPU Oct 2016) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-7440 mysql-common 5.5.49-0ubuntu0.14.04.15.5.53-0ubuntu0.14.04.1yaSSL: AES key leak via cache-bank timing side channel attack mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2016-8283 mysql-common 5.5.49-0ubuntu0.14.04.15.5.52-0ubuntu0.14.04.1mysql: unspecified vulnerability in subcomponent: Server: Types (CPU October 2016) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-10268 mysql-common 5.5.49-0ubuntu0.14.04.15.5.58-0ubuntu0.14.04.1mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-10378 mysql-common 5.5.49-0ubuntu0.14.04.15.5.58-0ubuntu0.14.04.1mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-10379 mysql-common 5.5.49-0ubuntu0.14.04.15.5.58-0ubuntu0.14.04.1mysql: Client programs unspecified vulnerability (CPU Oct 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-10384 mysql-common 5.5.49-0ubuntu0.14.04.15.5.58-0ubuntu0.14.04.1mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3238 mysql-common 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3243 mysql-common 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: Server: Charsets unspecified vulnerability (CPU Jan 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3244 mysql-common 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: Server: DML unspecified vulnerability (CPU Jan 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3258 mysql-common 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: Server: DDL unspecified vulnerability (CPU Jan 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3265 mysql-common 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: unsafe chmod/chown use in init script (CPU Jan 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3291 mysql-common 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: unrestricted mysqld_safe's ledir (CPU Jan 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3305 mysql-common 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: incorrect enforcement of ssl-mode=REQUIRED in MySQL 5.5 and 5.6 mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3308 mysql-common 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: Server: DML unspecified vulnerability (CPU Apr 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3309 mysql-common 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3312 mysql-common 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 fix (CPU Jan 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3313 mysql-common 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: Server: MyISAM unspecified vulnerability (CPU Jan 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3317 mysql-common 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: Logging unspecified vulnerability (CPU Jan 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3318 mysql-common 5.5.49-0ubuntu0.14.04.15.5.54-0ubuntu0.14.04.1mysql: Server: Error Handling unspecified vulnerability (CPU Jan 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3329 mysql-common 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: Server: Thread Pooling unspecified vulnerability (CPU Apr 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3453 mysql-common 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3456 mysql-common 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: Server: DML unspecified vulnerability (CPU Apr 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3461 mysql-common 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3462 mysql-common 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3463 mysql-common 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3464 mysql-common 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mysql: Server: DDL unspecified vulnerability (CPU Apr 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3600 mysql-common 5.5.49-0ubuntu0.14.04.15.5.55-0ubuntu0.14.04.1mariadb, mysql: Incorrect input validation allowing code execution via mysqldump mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3635 mysql-common 5.5.49-0ubuntu0.14.04.15.5.57-0ubuntu0.14.04.1mysql: C API unspecified vulnerability (CPU Jul 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3636 mysql-common 5.5.49-0ubuntu0.14.04.15.5.57-0ubuntu0.14.04.1mysql: Client programs unspecified vulnerability (CPU Jul 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3641 mysql-common 5.5.49-0ubuntu0.14.04.15.5.57-0ubuntu0.14.04.1mysql: Server: DML unspecified vulnerability (CPU Jul 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3648 mysql-common 5.5.49-0ubuntu0.14.04.15.5.57-0ubuntu0.14.04.1mysql: Server: Charsets unspecified vulnerability (CPU Jul 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3651 mysql-common 5.5.49-0ubuntu0.14.04.15.5.57-0ubuntu0.14.04.1mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3652 mysql-common 5.5.49-0ubuntu0.14.04.15.5.57-0ubuntu0.14.04.1mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2017-3653 mysql-common 5.5.49-0ubuntu0.14.04.15.5.57-0ubuntu0.14.04.1mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2562 mysql-common 5.5.49-0ubuntu0.14.04.15.5.59-0ubuntu0.14.04.1mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2622 mysql-common 5.5.49-0ubuntu0.14.04.15.5.59-0ubuntu0.14.04.1mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2640 mysql-common 5.5.49-0ubuntu0.14.04.15.5.59-0ubuntu0.14.04.1mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2665 mysql-common 5.5.49-0ubuntu0.14.04.15.5.59-0ubuntu0.14.04.1mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2668 mysql-common 5.5.49-0ubuntu0.14.04.15.5.59-0ubuntu0.14.04.1mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2755 mysql-common 5.5.49-0ubuntu0.14.04.15.5.60-0ubuntu0.14.04.1mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2761 mysql-common 5.5.49-0ubuntu0.14.04.15.5.60-0ubuntu0.14.04.1mysql: Client programs unspecified vulnerability (CPU Apr 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2767 mysql-common 5.5.49-0ubuntu0.14.04.15.5.61-0ubuntu0.14.04.1mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2771 mysql-common 5.5.49-0ubuntu0.14.04.15.5.60-0ubuntu0.14.04.1mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2773 mysql-common 5.5.49-0ubuntu0.14.04.15.5.60-0ubuntu0.14.04.1mysql: pid file can be created in a world-writeable directory (CPU Apr 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2781 mysql-common 5.5.49-0ubuntu0.14.04.15.5.60-0ubuntu0.14.04.1mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2813 mysql-common 5.5.49-0ubuntu0.14.04.15.5.60-0ubuntu0.14.04.1mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2817 mysql-common 5.5.49-0ubuntu0.14.04.15.5.60-0ubuntu0.14.04.1mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2818 mysql-common 5.5.49-0ubuntu0.14.04.15.5.60-0ubuntu0.14.04.1mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-2819 mysql-common 5.5.49-0ubuntu0.14.04.15.5.60-0ubuntu0.14.04.1mysql: InnoDB unspecified vulnerability (CPU Apr 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-3058 mysql-common 5.5.49-0ubuntu0.14.04.15.5.61-0ubuntu0.14.04.1mysql: MyISAM unspecified vulnerability (CPU Jul 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-3063 mysql-common 5.5.49-0ubuntu0.14.04.15.5.61-0ubuntu0.14.04.1mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-3066 mysql-common 5.5.49-0ubuntu0.14.04.15.5.61-0ubuntu0.14.04.1mysql: Server: Options unspecified vulnerability (CPU Jul 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-3070 mysql-common 5.5.49-0ubuntu0.14.04.15.5.61-0ubuntu0.14.04.1mysql: Client mysqldump unspecified vulnerability (CPU Jul 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-3081 mysql-common 5.5.49-0ubuntu0.14.04.15.5.61-0ubuntu0.14.04.1mysql: Client programs unspecified vulnerability (CPU Jul 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-3133 mysql-common 5.5.49-0ubuntu0.14.04.15.5.62-0ubuntu0.14.04.1mysql: Server: Parser unspecified vulnerability (CPU Oct 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-3174 mysql-common 5.5.49-0ubuntu0.14.04.15.5.62-0ubuntu0.14.04.1mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2018-3282 mysql-common 5.5.49-0ubuntu0.14.04.15.5.62-0ubuntu0.14.04.1mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) mysql-common:5.5.49-0ubuntu0.14.04.1
Medium CVE-2015-7977 ntpdate 1:4.2.6.p5+dfsg-3ubuntu2.14.04.81:4.2.6.p5+dfsg-3ubuntu2.14.04.10ntp: restriction list NULL pointer dereference ntpdate:1:4.2.6.p5+dfsg-3ubuntu2.14.04.8
Medium CVE-2015-7978 ntpdate 1:4.2.6.p5+dfsg-3ubuntu2.14.04.81:4.2.6.p5+dfsg-3ubuntu2.14.04.10ntp: stack exhaustion in recursive traversal of restriction list ntpdate:1:4.2.6.p5+dfsg-3ubuntu2.14.04.8
Medium CVE-2015-8138 ntpdate 1:4.2.6.p5+dfsg-3ubuntu2.14.04.81:4.2.6.p5+dfsg-3ubuntu2.14.04.10ntp: missing check for zero originate timestamp ntpdate:1:4.2.6.p5+dfsg-3ubuntu2.14.04.8
Medium CVE-2016-1547 ntpdate 1:4.2.6.p5+dfsg-3ubuntu2.14.04.81:4.2.6.p5+dfsg-3ubuntu2.14.04.10ntp: crypto-NAK preemptable association denial of service ntpdate:1:4.2.6.p5+dfsg-3ubuntu2.14.04.8
Medium CVE-2016-1548 ntpdate 1:4.2.6.p5+dfsg-3ubuntu2.14.04.81:4.2.6.p5+dfsg-3ubuntu2.14.04.10ntp: ntpd switching to interleaved mode with spoofed packets ntpdate:1:4.2.6.p5+dfsg-3ubuntu2.14.04.8
Medium CVE-2016-1550 ntpdate 1:4.2.6.p5+dfsg-3ubuntu2.14.04.81:4.2.6.p5+dfsg-3ubuntu2.14.04.10ntp: libntp message digest disclosure ntpdate:1:4.2.6.p5+dfsg-3ubuntu2.14.04.8
Medium CVE-2016-2516 ntpdate 1:4.2.6.p5+dfsg-3ubuntu2.14.04.81:4.2.6.p5+dfsg-3ubuntu2.14.04.10ntp: assertion failure in ntpd on duplicate IPs on unconfig directives ntpdate:1:4.2.6.p5+dfsg-3ubuntu2.14.04.8
Medium CVE-2018-7183 ntpdate 1:4.2.6.p5+dfsg-3ubuntu2.14.04.81:4.2.6.p5+dfsg-3ubuntu2.14.04.13ntp: decodearr() can write beyond its buffer limit ntpdate:1:4.2.6.p5+dfsg-3ubuntu2.14.04.8
Medium CVE-2016-6303 openssl 1.0.1f-1ubuntu2.191.0.1f-1ubuntu2.20openssl: Integer overflow in MDC2_Update() openssl:1.0.1f-1ubuntu2.19
Medium CVE-2016-6306 openssl 1.0.1f-1ubuntu2.191.0.1f-1ubuntu2.20openssl: certificate message OOB reads openssl:1.0.1f-1ubuntu2.19
Medium CVE-2016-7056 openssl 1.0.1f-1ubuntu2.191.0.1f-1ubuntu2.22openssl: ECDSA P-256 timing attack key recovery openssl:1.0.1f-1ubuntu2.19
Medium CVE-2017-3731 openssl 1.0.1f-1ubuntu2.191.0.1f-1ubuntu2.22openssl: Truncated packet could crash via OOB read openssl:1.0.1f-1ubuntu2.19
Medium CVE-2018-0739 openssl 1.0.1f-1ubuntu2.191.0.1f-1ubuntu2.24openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service openssl:1.0.1f-1ubuntu2.19
Medium CVE-2016-6252 passwd 1:4.1.5.1-1ubuntu9.21:4.1.5.1-1ubuntu9.4shadow-utils: Incorrect integer handling results in LPE passwd:1:4.1.5.1-1ubuntu9.2
Medium CVE-2017-2616 passwd 1:4.1.5.1-1ubuntu9.21:4.1.5.1-1ubuntu9.4util-linux: Sending SIGKILL to other processes with root privileges via su passwd:1:4.1.5.1-1ubuntu9.2
Medium CVE-2017-12837 perl 5.18.2-2ubuntu1.15.18.2-2ubuntu1.3perl: Heap buffer overflow in regular expression compiler perl:5.18.2-2ubuntu1.1
Medium CVE-2017-12883 perl 5.18.2-2ubuntu1.15.18.2-2ubuntu1.3perl: Buffer over-read in regular expression parser perl:5.18.2-2ubuntu1.1
Medium CVE-2018-12015 perl 5.18.2-2ubuntu1.15.18.2-2ubuntu1.6perl: Directory traversal in Archive::Tar perl:5.18.2-2ubuntu1.1
Medium CVE-2018-18311 perl 5.18.2-2ubuntu1.15.18.2-2ubuntu1.7perl: Integer overflow leading to buffer overflow in Perl_my_setenv() perl:5.18.2-2ubuntu1.1
Medium CVE-2018-18313 perl 5.18.2-2ubuntu1.15.18.2-2ubuntu1.7perl: Heap-based buffer read overflow in S_grok_bslash_N() perl:5.18.2-2ubuntu1.1
Medium CVE-2018-6913 perl 5.18.2-2ubuntu1.15.18.2-2ubuntu1.4perl: heap buffer overflow in pp_pack.c perl:5.18.2-2ubuntu1.1
Medium CVE-2017-12837 perl-base 5.18.2-2ubuntu1.15.18.2-2ubuntu1.3perl: Heap buffer overflow in regular expression compiler perl-base:5.18.2-2ubuntu1.1
Medium CVE-2017-12883 perl-base 5.18.2-2ubuntu1.15.18.2-2ubuntu1.3perl: Buffer over-read in regular expression parser perl-base:5.18.2-2ubuntu1.1
Medium CVE-2018-12015 perl-base 5.18.2-2ubuntu1.15.18.2-2ubuntu1.6perl: Directory traversal in Archive::Tar perl-base:5.18.2-2ubuntu1.1
Medium CVE-2018-18311 perl-base 5.18.2-2ubuntu1.15.18.2-2ubuntu1.7perl: Integer overflow leading to buffer overflow in Perl_my_setenv() perl-base:5.18.2-2ubuntu1.1
Medium CVE-2018-18313 perl-base 5.18.2-2ubuntu1.15.18.2-2ubuntu1.7perl: Heap-based buffer read overflow in S_grok_bslash_N() perl-base:5.18.2-2ubuntu1.1
Medium CVE-2018-6913 perl-base 5.18.2-2ubuntu1.15.18.2-2ubuntu1.4perl: heap buffer overflow in pp_pack.c perl-base:5.18.2-2ubuntu1.1
Medium CVE-2017-12837 perl-modules 5.18.2-2ubuntu1.15.18.2-2ubuntu1.3perl: Heap buffer overflow in regular expression compiler perl-modules:5.18.2-2ubuntu1.1
Medium CVE-2017-12883 perl-modules 5.18.2-2ubuntu1.15.18.2-2ubuntu1.3perl: Buffer over-read in regular expression parser perl-modules:5.18.2-2ubuntu1.1
Medium CVE-2018-12015 perl-modules 5.18.2-2ubuntu1.15.18.2-2ubuntu1.6perl: Directory traversal in Archive::Tar perl-modules:5.18.2-2ubuntu1.1
Medium CVE-2018-18311 perl-modules 5.18.2-2ubuntu1.15.18.2-2ubuntu1.7perl: Integer overflow leading to buffer overflow in Perl_my_setenv() perl-modules:5.18.2-2ubuntu1.1
Medium CVE-2018-18313 perl-modules 5.18.2-2ubuntu1.15.18.2-2ubuntu1.7perl: Heap-based buffer read overflow in S_grok_bslash_N() perl-modules:5.18.2-2ubuntu1.1
Medium CVE-2018-6913 perl-modules 5.18.2-2ubuntu1.15.18.2-2ubuntu1.4perl: heap buffer overflow in pp_pack.c perl-modules:5.18.2-2ubuntu1.1
Medium CVE-2015-8876 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Zend/zend_exceptions.c does not validate certain Exception objects php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2015-8935 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: HTTP response splitting in header() function php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-10160 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-10397 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect handling of URI components in URL parser php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5385 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19PHP: sets environmental variable based on user supplied Proxy request header php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5399 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Improper error handling in bzread() php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5768 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Double free in _php_mb_regex_ereg_replace_exec php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5769 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5772 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Double Free Corruption in wddx_deserialize php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6288 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Buffer over-read in php_url_parse_ex php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6289 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Integer overflow leads to buffer overflow in virtual_file_ex php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6290 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Use after free in unserialize() with Unexpected Session Deserialization php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6291 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6292 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Null pointer dereference in exif_process_user_comment php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6294 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Out-of-bounds access in locale_accept_from_http php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6295 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Use after free in SNMP with GC and unserialize() php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6296 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6297 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Stack-based buffer overflow vulnerability in php_stream_zip_opener php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7127 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: imagegammacorrect allows arbitrary write access php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7129 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize allows illegal memory access php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7130 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7131 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference with invalid xml php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7132 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference in php_wddx_pop_element php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7411 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Memory corruption when destructing deserialized object php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7412 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7413 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Use after free in wddx_deserialize php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7414 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7417 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Missing type check when unserializing SplArray php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7478 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Unserialize Exception object can lead to infinite loop php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7479 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-9934 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-9935 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Invalid read when wddx decodes empty boolean element php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11143 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect WDDX deserialization of boolean parameters leads to DoS php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11144 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect return value check of OpenSSL sealing function leads to crash php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11145 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: wddx_deserialize() heap out-of-bound read via php_parse_date() php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11147 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Out-of-bounds read in phar_parse_pharfile php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11628 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9224 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds stack read in match_at() during regular expression searching php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9226 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9227 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9228 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds heap write in bitset_set_range() php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9229 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Invalid pointer dereference in left_adjust_char_head() php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10545 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Dumpable FPM child processes allow bypassing opcache access controls php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10546 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10547 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Reflected XSS vulnerability on PHAR 403 and 404 error pages php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10548 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-14883 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.26php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract() php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-17082 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.26php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-5712 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.23php: Reflected XSS on PHAR 404 page php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-7584 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.24php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9020 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Invalid memory access in function xmlrpc_decode() php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9021 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Heap-based buffer over-read in PHAR reading functions php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9022 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: memcpy with negative length via crafted DNS response php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9023 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Heap-based buffer over-read in mbstring regular expression functions php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9024 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9638 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_MAKERNOTE php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9639 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_MAKERNOTE php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9640 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Invalid read in exif_process_SOFn() php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9641 php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_TIFF php5:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2015-8876 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Zend/zend_exceptions.c does not validate certain Exception objects php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2015-8935 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: HTTP response splitting in header() function php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-10160 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-10397 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect handling of URI components in URL parser php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5385 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19PHP: sets environmental variable based on user supplied Proxy request header php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5399 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Improper error handling in bzread() php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5768 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Double free in _php_mb_regex_ereg_replace_exec php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5769 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5772 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Double Free Corruption in wddx_deserialize php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6288 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Buffer over-read in php_url_parse_ex php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6289 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Integer overflow leads to buffer overflow in virtual_file_ex php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6290 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Use after free in unserialize() with Unexpected Session Deserialization php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6291 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6292 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Null pointer dereference in exif_process_user_comment php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6294 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Out-of-bounds access in locale_accept_from_http php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6295 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Use after free in SNMP with GC and unserialize() php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6296 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6297 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Stack-based buffer overflow vulnerability in php_stream_zip_opener php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7127 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: imagegammacorrect allows arbitrary write access php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7129 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize allows illegal memory access php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7130 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7131 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference with invalid xml php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7132 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference in php_wddx_pop_element php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7411 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Memory corruption when destructing deserialized object php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7412 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7413 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Use after free in wddx_deserialize php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7414 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7417 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Missing type check when unserializing SplArray php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7478 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Unserialize Exception object can lead to infinite loop php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7479 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-9934 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-9935 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Invalid read when wddx decodes empty boolean element php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11143 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect WDDX deserialization of boolean parameters leads to DoS php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11144 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect return value check of OpenSSL sealing function leads to crash php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11145 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: wddx_deserialize() heap out-of-bound read via php_parse_date() php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11147 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Out-of-bounds read in phar_parse_pharfile php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11628 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9224 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds stack read in match_at() during regular expression searching php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9226 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9227 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9228 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds heap write in bitset_set_range() php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9229 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Invalid pointer dereference in left_adjust_char_head() php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10545 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Dumpable FPM child processes allow bypassing opcache access controls php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10546 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10547 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Reflected XSS vulnerability on PHAR 403 and 404 error pages php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10548 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-14883 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.26php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract() php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-17082 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.26php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-5712 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.23php: Reflected XSS on PHAR 404 page php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-7584 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.24php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9020 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Invalid memory access in function xmlrpc_decode() php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9021 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Heap-based buffer over-read in PHAR reading functions php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9022 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: memcpy with negative length via crafted DNS response php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9023 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Heap-based buffer over-read in mbstring regular expression functions php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9024 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9638 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_MAKERNOTE php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9639 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_MAKERNOTE php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9640 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Invalid read in exif_process_SOFn() php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9641 php5-cli 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_TIFF php5-cli:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2015-8876 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Zend/zend_exceptions.c does not validate certain Exception objects php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2015-8935 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: HTTP response splitting in header() function php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-10160 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-10397 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect handling of URI components in URL parser php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5385 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19PHP: sets environmental variable based on user supplied Proxy request header php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5399 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Improper error handling in bzread() php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5768 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Double free in _php_mb_regex_ereg_replace_exec php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5769 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5772 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Double Free Corruption in wddx_deserialize php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6288 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Buffer over-read in php_url_parse_ex php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6289 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Integer overflow leads to buffer overflow in virtual_file_ex php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6290 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Use after free in unserialize() with Unexpected Session Deserialization php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6291 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6292 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Null pointer dereference in exif_process_user_comment php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6294 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Out-of-bounds access in locale_accept_from_http php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6295 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Use after free in SNMP with GC and unserialize() php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6296 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6297 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Stack-based buffer overflow vulnerability in php_stream_zip_opener php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7127 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: imagegammacorrect allows arbitrary write access php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7129 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize allows illegal memory access php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7130 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7131 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference with invalid xml php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7132 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference in php_wddx_pop_element php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7411 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Memory corruption when destructing deserialized object php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7412 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7413 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Use after free in wddx_deserialize php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7414 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7417 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Missing type check when unserializing SplArray php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7478 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Unserialize Exception object can lead to infinite loop php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7479 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-9934 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-9935 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Invalid read when wddx decodes empty boolean element php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11143 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect WDDX deserialization of boolean parameters leads to DoS php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11144 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect return value check of OpenSSL sealing function leads to crash php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11145 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: wddx_deserialize() heap out-of-bound read via php_parse_date() php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11147 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Out-of-bounds read in phar_parse_pharfile php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11628 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9224 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds stack read in match_at() during regular expression searching php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9226 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9227 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9228 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds heap write in bitset_set_range() php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9229 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Invalid pointer dereference in left_adjust_char_head() php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10545 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Dumpable FPM child processes allow bypassing opcache access controls php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10546 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10547 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Reflected XSS vulnerability on PHAR 403 and 404 error pages php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10548 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-14883 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.26php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract() php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-17082 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.26php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-5712 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.23php: Reflected XSS on PHAR 404 page php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-7584 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.24php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9020 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Invalid memory access in function xmlrpc_decode() php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9021 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Heap-based buffer over-read in PHAR reading functions php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9022 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: memcpy with negative length via crafted DNS response php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9023 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Heap-based buffer over-read in mbstring regular expression functions php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9024 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9638 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_MAKERNOTE php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9639 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_MAKERNOTE php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9640 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Invalid read in exif_process_SOFn() php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9641 php5-common 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_TIFF php5-common:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2015-8876 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Zend/zend_exceptions.c does not validate certain Exception objects php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2015-8935 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: HTTP response splitting in header() function php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-10160 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-10397 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect handling of URI components in URL parser php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5385 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19PHP: sets environmental variable based on user supplied Proxy request header php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5399 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Improper error handling in bzread() php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5768 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Double free in _php_mb_regex_ereg_replace_exec php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5769 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5772 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Double Free Corruption in wddx_deserialize php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6288 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Buffer over-read in php_url_parse_ex php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6289 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Integer overflow leads to buffer overflow in virtual_file_ex php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6290 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Use after free in unserialize() with Unexpected Session Deserialization php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6291 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6292 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Null pointer dereference in exif_process_user_comment php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6294 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Out-of-bounds access in locale_accept_from_http php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6295 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Use after free in SNMP with GC and unserialize() php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6296 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6297 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Stack-based buffer overflow vulnerability in php_stream_zip_opener php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7127 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: imagegammacorrect allows arbitrary write access php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7129 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize allows illegal memory access php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7130 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7131 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference with invalid xml php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7132 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference in php_wddx_pop_element php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7411 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Memory corruption when destructing deserialized object php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7412 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7413 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Use after free in wddx_deserialize php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7414 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7417 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Missing type check when unserializing SplArray php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7478 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Unserialize Exception object can lead to infinite loop php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7479 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-9934 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-9935 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Invalid read when wddx decodes empty boolean element php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11143 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect WDDX deserialization of boolean parameters leads to DoS php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11144 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect return value check of OpenSSL sealing function leads to crash php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11145 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: wddx_deserialize() heap out-of-bound read via php_parse_date() php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11147 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Out-of-bounds read in phar_parse_pharfile php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11628 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9224 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds stack read in match_at() during regular expression searching php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9226 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9227 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9228 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds heap write in bitset_set_range() php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9229 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Invalid pointer dereference in left_adjust_char_head() php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10545 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Dumpable FPM child processes allow bypassing opcache access controls php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10546 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10547 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Reflected XSS vulnerability on PHAR 403 and 404 error pages php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10548 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-14883 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.26php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract() php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-17082 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.26php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-5712 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.23php: Reflected XSS on PHAR 404 page php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-7584 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.24php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9020 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Invalid memory access in function xmlrpc_decode() php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9021 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Heap-based buffer over-read in PHAR reading functions php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9022 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: memcpy with negative length via crafted DNS response php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9023 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Heap-based buffer over-read in mbstring regular expression functions php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9024 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9638 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_MAKERNOTE php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9639 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_MAKERNOTE php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9640 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Invalid read in exif_process_SOFn() php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9641 php5-gd 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_TIFF php5-gd:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-19518 php5-imap 5.4.6-0ubuntu55.4.6-0ubuntu5.1php: imap_open() allows running arbitrary shell commands via mailbox parameter php5-imap:5.4.6-0ubuntu5
Medium CVE-2018-19935 php5-imap 5.4.6-0ubuntu55.4.6-0ubuntu5.1php: NULL pointer dereference in ext/imap/php_imap.c resulting in a denial of service php5-imap:5.4.6-0ubuntu5
Medium CVE-2015-8876 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Zend/zend_exceptions.c does not validate certain Exception objects php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2015-8935 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: HTTP response splitting in header() function php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-10160 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-10397 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect handling of URI components in URL parser php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5385 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19PHP: sets environmental variable based on user supplied Proxy request header php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5399 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Improper error handling in bzread() php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5768 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Double free in _php_mb_regex_ereg_replace_exec php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5769 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5772 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Double Free Corruption in wddx_deserialize php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6288 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Buffer over-read in php_url_parse_ex php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6289 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Integer overflow leads to buffer overflow in virtual_file_ex php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6290 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Use after free in unserialize() with Unexpected Session Deserialization php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6291 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6292 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Null pointer dereference in exif_process_user_comment php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6294 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Out-of-bounds access in locale_accept_from_http php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6295 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Use after free in SNMP with GC and unserialize() php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6296 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6297 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Stack-based buffer overflow vulnerability in php_stream_zip_opener php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7127 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: imagegammacorrect allows arbitrary write access php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7129 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize allows illegal memory access php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7130 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7131 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference with invalid xml php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7132 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference in php_wddx_pop_element php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7411 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Memory corruption when destructing deserialized object php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7412 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7413 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Use after free in wddx_deserialize php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7414 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7417 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Missing type check when unserializing SplArray php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7478 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Unserialize Exception object can lead to infinite loop php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7479 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-9934 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-9935 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Invalid read when wddx decodes empty boolean element php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11143 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect WDDX deserialization of boolean parameters leads to DoS php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11144 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect return value check of OpenSSL sealing function leads to crash php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11145 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: wddx_deserialize() heap out-of-bound read via php_parse_date() php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11147 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Out-of-bounds read in phar_parse_pharfile php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11628 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9224 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds stack read in match_at() during regular expression searching php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9226 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9227 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9228 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds heap write in bitset_set_range() php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9229 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Invalid pointer dereference in left_adjust_char_head() php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10545 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Dumpable FPM child processes allow bypassing opcache access controls php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10546 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10547 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Reflected XSS vulnerability on PHAR 403 and 404 error pages php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10548 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-14883 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.26php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract() php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-17082 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.26php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-5712 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.23php: Reflected XSS on PHAR 404 page php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-7584 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.24php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9020 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Invalid memory access in function xmlrpc_decode() php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9021 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Heap-based buffer over-read in PHAR reading functions php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9022 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: memcpy with negative length via crafted DNS response php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9023 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Heap-based buffer over-read in mbstring regular expression functions php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9024 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9638 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_MAKERNOTE php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9639 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_MAKERNOTE php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9640 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Invalid read in exif_process_SOFn() php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9641 php5-ldap 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_TIFF php5-ldap:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2015-8876 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Zend/zend_exceptions.c does not validate certain Exception objects php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2015-8935 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: HTTP response splitting in header() function php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-10160 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-10397 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect handling of URI components in URL parser php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5385 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19PHP: sets environmental variable based on user supplied Proxy request header php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5399 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Improper error handling in bzread() php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5768 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Double free in _php_mb_regex_ereg_replace_exec php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5769 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5772 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Double Free Corruption in wddx_deserialize php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6288 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Buffer over-read in php_url_parse_ex php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6289 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Integer overflow leads to buffer overflow in virtual_file_ex php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6290 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Use after free in unserialize() with Unexpected Session Deserialization php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6291 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6292 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Null pointer dereference in exif_process_user_comment php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6294 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Out-of-bounds access in locale_accept_from_http php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6295 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Use after free in SNMP with GC and unserialize() php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6296 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6297 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Stack-based buffer overflow vulnerability in php_stream_zip_opener php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7127 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: imagegammacorrect allows arbitrary write access php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7129 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize allows illegal memory access php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7130 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7131 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference with invalid xml php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7132 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference in php_wddx_pop_element php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7411 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Memory corruption when destructing deserialized object php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7412 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7413 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Use after free in wddx_deserialize php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7414 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7417 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Missing type check when unserializing SplArray php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7478 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Unserialize Exception object can lead to infinite loop php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7479 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-9934 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-9935 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Invalid read when wddx decodes empty boolean element php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11143 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect WDDX deserialization of boolean parameters leads to DoS php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11144 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect return value check of OpenSSL sealing function leads to crash php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11145 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: wddx_deserialize() heap out-of-bound read via php_parse_date() php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11147 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Out-of-bounds read in phar_parse_pharfile php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11628 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9224 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds stack read in match_at() during regular expression searching php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9226 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9227 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9228 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds heap write in bitset_set_range() php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9229 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Invalid pointer dereference in left_adjust_char_head() php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10545 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Dumpable FPM child processes allow bypassing opcache access controls php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10546 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10547 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Reflected XSS vulnerability on PHAR 403 and 404 error pages php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10548 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-14883 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.26php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract() php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-17082 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.26php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-5712 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.23php: Reflected XSS on PHAR 404 page php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-7584 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.24php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9020 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Invalid memory access in function xmlrpc_decode() php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9021 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Heap-based buffer over-read in PHAR reading functions php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9022 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: memcpy with negative length via crafted DNS response php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9023 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Heap-based buffer over-read in mbstring regular expression functions php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9024 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9638 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_MAKERNOTE php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9639 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_MAKERNOTE php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9640 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Invalid read in exif_process_SOFn() php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9641 php5-mysql 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_TIFF php5-mysql:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2015-8876 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Zend/zend_exceptions.c does not validate certain Exception objects php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2015-8935 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: HTTP response splitting in header() function php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-10160 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-10397 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect handling of URI components in URL parser php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5385 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19PHP: sets environmental variable based on user supplied Proxy request header php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5399 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Improper error handling in bzread() php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5768 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Double free in _php_mb_regex_ereg_replace_exec php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5769 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-5772 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Double Free Corruption in wddx_deserialize php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6288 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Buffer over-read in php_url_parse_ex php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6289 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Integer overflow leads to buffer overflow in virtual_file_ex php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6290 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Use after free in unserialize() with Unexpected Session Deserialization php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6291 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6292 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Null pointer dereference in exif_process_user_comment php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6294 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Out-of-bounds access in locale_accept_from_http php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6295 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Use after free in SNMP with GC and unserialize() php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6296 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-6297 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Stack-based buffer overflow vulnerability in php_stream_zip_opener php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7127 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: imagegammacorrect allows arbitrary write access php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7129 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize allows illegal memory access php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7130 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7131 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference with invalid xml php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7132 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: wddx_deserialize null dereference in php_wddx_pop_element php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7411 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Memory corruption when destructing deserialized object php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7412 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7413 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Use after free in wddx_deserialize php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7414 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7417 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.20php: Missing type check when unserializing SplArray php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7478 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Unserialize Exception object can lead to infinite loop php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-7479 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-9934 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2016-9935 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Invalid read when wddx decodes empty boolean element php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11143 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect WDDX deserialization of boolean parameters leads to DoS php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11144 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Incorrect return value check of OpenSSL sealing function leads to crash php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11145 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: wddx_deserialize() heap out-of-bound read via php_parse_date() php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11147 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Out-of-bounds read in phar_parse_pharfile php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-11628 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9224 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds stack read in match_at() during regular expression searching php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9226 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9227 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9228 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Out-of-bounds heap write in bitset_set_range() php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2017-9229 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22oniguruma: Invalid pointer dereference in left_adjust_char_head() php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10545 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Dumpable FPM child processes allow bypassing opcache access controls php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10546 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10547 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: Reflected XSS vulnerability on PHAR 403 and 404 error pages php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-10548 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.25php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-14883 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.26php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract() php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-17082 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.26php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-5712 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.23php: Reflected XSS on PHAR 404 page php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-7584 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.24php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9020 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Invalid memory access in function xmlrpc_decode() php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9021 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Heap-based buffer over-read in PHAR reading functions php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9022 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: memcpy with negative length via crafted DNS response php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9023 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Heap-based buffer over-read in mbstring regular expression functions php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9024 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.27php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9638 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_MAKERNOTE php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9639 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_MAKERNOTE php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9640 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Invalid read in exif_process_SOFn() php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2019-9641 php5-readline 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.29php: Uninitialized read in exif_process_IFD_in_TIFF php5-readline:5.5.9+dfsg-1ubuntu4.17
Medium CVE-2018-1122 procps 1:3.3.9-1ubuntu2.21:3.3.9-1ubuntu2.3procps-ng, procps: Local privilege escalation in top procps:1:3.3.9-1ubuntu2.2
Medium CVE-2018-1123 procps 1:3.3.9-1ubuntu2.21:3.3.9-1ubuntu2.3procps-ng, procps: denial of service in ps via mmap buffer overflow procps:1:3.3.9-1ubuntu2.2
Medium CVE-2018-1124 procps 1:3.3.9-1ubuntu2.21:3.3.9-1ubuntu2.3procps-ng, procps: Integer overflows leading to heap overflow in file2strvec procps:1:3.3.9-1ubuntu2.2
Medium CVE-2018-1125 procps 1:3.3.9-1ubuntu2.21:3.3.9-1ubuntu2.3procps-ng, procps: stack buffer overflow in pgrep procps:1:3.3.9-1ubuntu2.2
Medium CVE-2018-1126 procps 1:3.3.9-1ubuntu2.21:3.3.9-1ubuntu2.3procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues procps:1:3.3.9-1ubuntu2.2
Medium CVE-2016-0772 python2.7 2.7.6-8ubuntu0.22.7.6-8ubuntu0.3python: smtplib StartTLS stripping attack python2.7:2.7.6-8ubuntu0.2
Medium CVE-2016-1000110 python2.7 2.7.6-8ubuntu0.22.7.6-8ubuntu0.3Python CGIHandler: sets environmental variable based on user supplied Proxy request header python2.7:2.7.6-8ubuntu0.2
Medium CVE-2016-5636 python2.7 2.7.6-8ubuntu0.22.7.6-8ubuntu0.3python: Heap overflow in zipimporter module python2.7:2.7.6-8ubuntu0.2
Medium CVE-2016-5699 python2.7 2.7.6-8ubuntu0.22.7.6-8ubuntu0.3python: http protocol steam injection attack python2.7:2.7.6-8ubuntu0.2
Medium CVE-2017-1000158 python2.7 2.7.6-8ubuntu0.22.7.6-8ubuntu0.4python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow python2.7:2.7.6-8ubuntu0.2
Medium CVE-2018-1000802 python2.7 2.7.6-8ubuntu0.22.7.6-8ubuntu0.5python: Command injection in the shutil module python2.7:2.7.6-8ubuntu0.2
Medium CVE-2018-14647 python2.7 2.7.6-8ubuntu0.22.7.6-8ubuntu0.5python: Missing salt initialization in _elementtree.c module python2.7:2.7.6-8ubuntu0.2
Medium CVE-2016-0772 python2.7-minimal 2.7.6-8ubuntu0.22.7.6-8ubuntu0.3python: smtplib StartTLS stripping attack python2.7-minimal:2.7.6-8ubuntu0.2
Medium CVE-2016-1000110 python2.7-minimal 2.7.6-8ubuntu0.22.7.6-8ubuntu0.3Python CGIHandler: sets environmental variable based on user supplied Proxy request header python2.7-minimal:2.7.6-8ubuntu0.2
Medium CVE-2016-5636 python2.7-minimal 2.7.6-8ubuntu0.22.7.6-8ubuntu0.3python: Heap overflow in zipimporter module python2.7-minimal:2.7.6-8ubuntu0.2
Medium CVE-2016-5699 python2.7-minimal 2.7.6-8ubuntu0.22.7.6-8ubuntu0.3python: http protocol steam injection attack python2.7-minimal:2.7.6-8ubuntu0.2
Medium CVE-2017-1000158 python2.7-minimal 2.7.6-8ubuntu0.22.7.6-8ubuntu0.4python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow python2.7-minimal:2.7.6-8ubuntu0.2
Medium CVE-2018-1000802 python2.7-minimal 2.7.6-8ubuntu0.22.7.6-8ubuntu0.5python: Command injection in the shutil module python2.7-minimal:2.7.6-8ubuntu0.2
Medium CVE-2018-14647 python2.7-minimal 2.7.6-8ubuntu0.22.7.6-8ubuntu0.5python: Missing salt initialization in _elementtree.c module python2.7-minimal:2.7.6-8ubuntu0.2
Medium CVE-2016-0772 python3.4 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.5python: smtplib StartTLS stripping attack python3.4:3.4.3-1ubuntu1~14.04.3
Medium CVE-2016-1000110 python3.4 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.5Python CGIHandler: sets environmental variable based on user supplied Proxy request header python3.4:3.4.3-1ubuntu1~14.04.3
Medium CVE-2016-5636 python3.4 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.5python: Heap overflow in zipimporter module python3.4:3.4.3-1ubuntu1~14.04.3
Medium CVE-2016-5699 python3.4 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.5python: http protocol steam injection attack python3.4:3.4.3-1ubuntu1~14.04.3
Medium CVE-2017-1000158 python3.4 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.6python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow python3.4:3.4.3-1ubuntu1~14.04.3
Medium CVE-2018-1000802 python3.4 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.7python: Command injection in the shutil module python3.4:3.4.3-1ubuntu1~14.04.3
Medium CVE-2018-14647 python3.4 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.7python: Missing salt initialization in _elementtree.c module python3.4:3.4.3-1ubuntu1~14.04.3
Medium CVE-2016-0772 python3.4-minimal 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.5python: smtplib StartTLS stripping attack python3.4-minimal:3.4.3-1ubuntu1~14.04.3
Medium CVE-2016-1000110 python3.4-minimal 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.5Python CGIHandler: sets environmental variable based on user supplied Proxy request header python3.4-minimal:3.4.3-1ubuntu1~14.04.3
Medium CVE-2016-5636 python3.4-minimal 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.5python: Heap overflow in zipimporter module python3.4-minimal:3.4.3-1ubuntu1~14.04.3
Medium CVE-2016-5699 python3.4-minimal 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.5python: http protocol steam injection attack python3.4-minimal:3.4.3-1ubuntu1~14.04.3
Medium CVE-2017-1000158 python3.4-minimal 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.6python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow python3.4-minimal:3.4.3-1ubuntu1~14.04.3
Medium CVE-2018-1000802 python3.4-minimal 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.7python: Command injection in the shutil module python3.4-minimal:3.4.3-1ubuntu1~14.04.3
Medium CVE-2018-14647 python3.4-minimal 3.4.3-1ubuntu1~14.04.33.4.3-1ubuntu1~14.04.7python: Missing salt initialization in _elementtree.c module python3.4-minimal:3.4.3-1ubuntu1~14.04.3
Medium CVE-2017-17512 sensible-utils 0.0.90.0.9ubuntu0.14.04.1sensible-browser in sensible-utils before 0.0.11 does not validate str ... sensible-utils:0.0.9
Medium CVE-2017-11610 supervisor 3.0b2-13.0b2-1ubuntu0.1supervisor: Command injection via malicious XML-RPC request supervisor:3.0b2-1
Medium CVE-2016-6321 tar 1.27.1-11.27.1-1ubuntu0.1tar: Bypassing the extract path name tar:1.27.1-1
Medium CVE-2018-1049 udev 204-5ubuntu20.19204-5ubuntu20.26systemd: automount: access to automounted volumes can lock up udev:204-5ubuntu20.19
Medium CVE-2019-3842 udev 204-5ubuntu20.19204-5ubuntu20.31systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" udev:204-5ubuntu20.19
Medium CVE-2016-1248 vim-common 2:7.4.052-1ubuntu32:7.4.052-1ubuntu3.1vim: Lack of validation of values for few options results in code exection vim-common:2:7.4.052-1ubuntu3
Medium CVE-2016-1248 vim-tiny 2:7.4.052-1ubuntu32:7.4.052-1ubuntu3.1vim: Lack of validation of values for few options results in code exection vim-tiny:2:7.4.052-1ubuntu3
Medium CVE-2017-13089 wget 1.15-1ubuntu1.14.04.21.15-1ubuntu1.14.04.3wget: Stack-based buffer overflow in HTTP protocol handling wget:1.15-1ubuntu1.14.04.2
Medium CVE-2017-13090 wget 1.15-1ubuntu1.14.04.21.15-1ubuntu1.14.04.3wget: Heap-based buffer overflow in HTTP protocol handling wget:1.15-1ubuntu1.14.04.2
Medium CVE-2018-0494 wget 1.15-1ubuntu1.14.04.21.15-1ubuntu1.14.04.4wget: Cookie injection allows malicious website to write arbitrary cookie entries into cookie jar wget:1.15-1ubuntu1.14.04.2
Medium CVE-2019-5953 wget 1.15-1ubuntu1.14.04.21.15-1ubuntu1.14.04.5wget: do_conversion() heap-based buffer overflow vulnerability wget:1.15-1ubuntu1.14.04.2
Low CVE-2016-2161 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.14httpd: DoS vulnerability in mod_auth_digest apache2:2.4.7-1ubuntu4.9
Low CVE-2016-4975 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.14httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir apache2:2.4.7-1ubuntu4.9
Low CVE-2017-15710 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.20httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values apache2:2.4.7-1ubuntu4.9
Low CVE-2017-15715 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.20httpd: <FilesMatch> bypass with a trailing newline in the file name apache2:2.4.7-1ubuntu4.9
Low CVE-2017-7679 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.16httpd: mod_mime buffer overread apache2:2.4.7-1ubuntu4.9
Low CVE-2018-1283 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.20httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications apache2:2.4.7-1ubuntu4.9
Low CVE-2018-1301 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.20httpd: Out of bounds access after failure in reading the HTTP request apache2:2.4.7-1ubuntu4.9
Low CVE-2018-1303 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.20httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS apache2:2.4.7-1ubuntu4.9
Low CVE-2018-1312 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.20httpd: Weak Digest auth nonce generation in mod_auth_digest apache2:2.4.7-1ubuntu4.9
Low CVE-2018-17199 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.22httpd: mod_session_cookie does not respect expiry time apache2:2.4.7-1ubuntu4.9
Low CVE-2019-0220 apache2 2.4.7-1ubuntu4.92.4.7-1ubuntu4.22httpd: URL normalization inconsistency apache2:2.4.7-1ubuntu4.9
Low CVE-2016-2161 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.14httpd: DoS vulnerability in mod_auth_digest apache2-bin:2.4.7-1ubuntu4.9
Low CVE-2016-4975 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.14httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir apache2-bin:2.4.7-1ubuntu4.9
Low CVE-2017-15710 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.20httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values apache2-bin:2.4.7-1ubuntu4.9
Low CVE-2017-15715 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.20httpd: <FilesMatch> bypass with a trailing newline in the file name apache2-bin:2.4.7-1ubuntu4.9
Low CVE-2017-7679 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.16httpd: mod_mime buffer overread apache2-bin:2.4.7-1ubuntu4.9
Low CVE-2018-1283 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.20httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications apache2-bin:2.4.7-1ubuntu4.9
Low CVE-2018-1301 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.20httpd: Out of bounds access after failure in reading the HTTP request apache2-bin:2.4.7-1ubuntu4.9
Low CVE-2018-1303 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.20httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS apache2-bin:2.4.7-1ubuntu4.9
Low CVE-2018-1312 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.20httpd: Weak Digest auth nonce generation in mod_auth_digest apache2-bin:2.4.7-1ubuntu4.9
Low CVE-2018-17199 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.22httpd: mod_session_cookie does not respect expiry time apache2-bin:2.4.7-1ubuntu4.9
Low CVE-2019-0220 apache2-bin 2.4.7-1ubuntu4.92.4.7-1ubuntu4.22httpd: URL normalization inconsistency apache2-bin:2.4.7-1ubuntu4.9
Low CVE-2016-2161 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.14httpd: DoS vulnerability in mod_auth_digest apache2-data:2.4.7-1ubuntu4.9
Low CVE-2016-4975 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.14httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir apache2-data:2.4.7-1ubuntu4.9
Low CVE-2017-15710 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.20httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values apache2-data:2.4.7-1ubuntu4.9
Low CVE-2017-15715 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.20httpd: <FilesMatch> bypass with a trailing newline in the file name apache2-data:2.4.7-1ubuntu4.9
Low CVE-2017-7679 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.16httpd: mod_mime buffer overread apache2-data:2.4.7-1ubuntu4.9
Low CVE-2018-1283 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.20httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications apache2-data:2.4.7-1ubuntu4.9
Low CVE-2018-1301 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.20httpd: Out of bounds access after failure in reading the HTTP request apache2-data:2.4.7-1ubuntu4.9
Low CVE-2018-1303 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.20httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS apache2-data:2.4.7-1ubuntu4.9
Low CVE-2018-1312 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.20httpd: Weak Digest auth nonce generation in mod_auth_digest apache2-data:2.4.7-1ubuntu4.9
Low CVE-2018-17199 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.22httpd: mod_session_cookie does not respect expiry time apache2-data:2.4.7-1ubuntu4.9
Low CVE-2019-0220 apache2-data 2.4.7-1ubuntu4.92.4.7-1ubuntu4.22httpd: URL normalization inconsistency apache2-data:2.4.7-1ubuntu4.9
Low CVE-2016-0634 bash 4.3-7ubuntu1.54.3-7ubuntu1.7bash: Arbitrary code execution via malicious hostname bash:4.3-7ubuntu1.5
Low CVE-2016-9401 bash 4.3-7ubuntu1.54.3-7ubuntu1.7bash: popd controlled free bash:4.3-7ubuntu1.5
Low CVE-2011-5325 busybox-initramfs 1:1.21.0-1ubuntu11:1.21.0-1ubuntu1.4busybox: Path traversal via crafted tar file containing symlink busybox-initramfs:1:1.21.0-1ubuntu1
Low CVE-2014-9645 busybox-initramfs 1:1.21.0-1ubuntu11:1.21.0-1ubuntu1.4busybox: unprivileged arbitrary module load via basename abuse busybox-initramfs:1:1.21.0-1ubuntu1
Low CVE-2016-2147 busybox-initramfs 1:1.21.0-1ubuntu11:1.21.0-1ubuntu1.4busybox: out of bounds write (heap) due to integer underflow in udhcpc busybox-initramfs:1:1.21.0-1ubuntu1
Low CVE-2016-2148 busybox-initramfs 1:1.21.0-1ubuntu11:1.21.0-1ubuntu1.4busybox: heap-based buffer overflow in OPTION_6RD parsing busybox-initramfs:1:1.21.0-1ubuntu1
Low CVE-2017-15873 busybox-initramfs 1:1.21.0-1ubuntu11:1.21.0-1ubuntu1.4busybox: Integer overflow in the get_next_block function busybox-initramfs:1:1.21.0-1ubuntu1
Low CVE-2018-20679 busybox-initramfs 1:1.21.0-1ubuntu11:1.21.0-1ubuntu1.4busybox: Out of bounds read in udhcp components resulting in information disclosure busybox-initramfs:1:1.21.0-1ubuntu1
Low CVE-2014-9620 file 1:5.14-2ubuntu3.31:5.14-2ubuntu3.4file: limit the number of ELF notes processed file:1:5.14-2ubuntu3.3
Low CVE-2014-9621 file 1:5.14-2ubuntu3.31:5.14-2ubuntu3.4file: limit string printing to 100 chars file:1:5.14-2ubuntu3.3
Low CVE-2014-9653 file 1:5.14-2ubuntu3.31:5.14-2ubuntu3.4file: malformed elf file causes access to uninitialized memory file:1:5.14-2ubuntu3.3
Low CVE-2015-8865 file 1:5.14-2ubuntu3.31:5.14-2ubuntu3.4file: Buffer over-write in finfo_open with malformed magic file file:1:5.14-2ubuntu3.3
Low CVE-2018-10360 file 1:5.14-2ubuntu3.31:5.14-2ubuntu3.4file: out-of-bounds read via a crafted ELF file file:1:5.14-2ubuntu3.3
Low CVE-2016-2774 isc-dhcp-client 4.2.4-7ubuntu12.44.2.4-7ubuntu12.12dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS isc-dhcp-client:4.2.4-7ubuntu12.4
Low CVE-2017-3144 isc-dhcp-client 4.2.4-7ubuntu12.44.2.4-7ubuntu12.12dhcp: omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service isc-dhcp-client:4.2.4-7ubuntu12.4
Low CVE-2016-2774 isc-dhcp-common 4.2.4-7ubuntu12.44.2.4-7ubuntu12.12dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS isc-dhcp-common:4.2.4-7ubuntu12.4
Low CVE-2017-3144 isc-dhcp-common 4.2.4-7ubuntu12.44.2.4-7ubuntu12.12dhcp: omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service isc-dhcp-common:4.2.4-7ubuntu12.4
Low CVE-2017-11462 krb5-locales 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: Automatic sec context deletion could lead to double-free krb5-locales:1.12+dfsg-2ubuntu5.2
Low CVE-2018-5729 krb5-locales 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data krb5-locales:1.12+dfsg-2ubuntu5.2
Low CVE-2018-5730 krb5-locales 1.12+dfsg-2ubuntu5.21.12+dfsg-2ubuntu5.4krb5: DN container check bypass by supplying special crafted data krb5-locales:1.12+dfsg-2ubuntu5.2
Low CVE-2014-9912 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: stack buffer overflow in locale_get_display_name libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Low CVE-2015-4116 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Use-after-free vulnerability in the spl_ptr_heap_insert function libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Low CVE-2015-8873 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.19php: Stack consumption vulnerability in Zend/zend_exceptions.c libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Low CVE-2015-8994 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.22php: Zend OPCache code permission/sensitive data protection issues libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17
Low CVE-2016-10158 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.175.5.9+dfsg-1ubuntu4.21php: Wrong calculation in exif_convert_any_to_int function libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17

Command

ADD file:aca501360d0937bc49db603ee7e5b4f28865957690eb86cef8d769fdcec5c027 in /
Vulnerable packages, installed in this layer 7 years ago
apt 1.0.1ubuntu2.14 apt-utils 1.0.1ubuntu2.14 gnupg 1.4.16-1ubuntu2.3 gpgv 1.4.16-1ubuntu2.3 libapt-inst1.5 1.0.1ubuntu2.14 libapt-pkg4.12 1.0.1ubuntu2.14 libc-bin 2.19-0ubuntu6.9 libc6 2.19-0ubuntu6.9 libgcrypt11 1.5.3-2ubuntu4.3 libssl1.0.0 1.0.1f-1ubuntu2.19 multiarch-support 2.19-0ubuntu6.9 sudo 1.8.9p5-1ubuntu1.2 bash 4.3-7ubuntu1.5 busybox-initramfs 1:1.21.0-1ubuntu1 eject 2.1.5+deb1+cvs20081104-13.1 isc-dhcp-client 4.2.4-7ubuntu12.4 isc-dhcp-common 4.2.4-7ubuntu12.4 libdb5.3 5.3.28-3ubuntu3 libdbus-1-3 1.6.18-0ubuntu4.3 libexpat1 2.1.0-4ubuntu1.2

Command

RUN set -xe &&
    echo '#!/bin/sh' > /usr/sbin/policy-rc.d &&
    echo 'exit 101' >> /usr/sbin/policy-rc.d &&
    chmod +x /usr/sbin/policy-rc.d &&
    dpkg-divert --local --rename --add /sbin/initctl &&
    cp -a /usr/sbin/policy-rc.d /sbin/initctl &&
    sed -i 's/^exit.*/exit 0/' /sbin/initctl &&
    echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup &&
    echo 'DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' > /etc/apt/apt.conf.d/docker-clean &&
    echo 'APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' >> /etc/apt/apt.conf.d/docker-clean &&
    echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";' >> /etc/apt/apt.conf.d/docker-clean &&
    echo 'Acquire::Languages "none";' > /etc/apt/apt.conf.d/docker-no-languages &&
    echo 'Acquire::GzipIndexes "true"; Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/docker-gzip-indexes

Command

RUN rm -rf /var/lib/apt/lists/*

Command

RUN sed -i 's/^#\s*\(deb.*universe\)$/\1/g' /etc/apt/sources.list

Command

CMD ["/bin/bash"]

Command

MAINTAINER Carlos Motta <motta.carlos08@gmail.com>

Command

RUN apt-get update &&
    apt-get install apache2 php5 php5-ldap php5-imap php5-gd php5-mysql wget supervisor -y
Vulnerable packages, installed in this layer 7 years ago
openssl 1.0.1f-1ubuntu2.19 apache2 2.4.7-1ubuntu4.9 apache2-bin 2.4.7-1ubuntu4.9 apache2-data 2.4.7-1ubuntu4.9 fontconfig-config 2.11.0-0ubuntu4.1 krb5-locales 1.12+dfsg-2ubuntu5.2 libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.17 libasn1-8-heimdal 1.6~git20131207+dfsg-1ubuntu1.1 libfontconfig1 2.11.0-0ubuntu4.1 libfreetype6 2.5.2-1ubuntu2.5 libgd3 2.1.0-3ubuntu0.1 libgssapi-krb5-2 1.12+dfsg-2ubuntu5.2 libgssapi3-heimdal 1.6~git20131207+dfsg-1ubuntu1.1 libhcrypto4-heimdal 1.6~git20131207+dfsg-1ubuntu1.1 libheimbase1-heimdal 1.6~git20131207+dfsg-1ubuntu1.1 libheimntlm0-heimdal 1.6~git20131207+dfsg-1ubuntu1.1 libhx509-5-heimdal 1.6~git20131207+dfsg-1ubuntu1.1 libidn11 1.28-1ubuntu2 libk5crypto3 1.12+dfsg-2ubuntu5.2 libkrb5-26-heimdal 1.6~git20131207+dfsg-1ubuntu1.1

Command

RUN mkdir -p /var/lock/apache2 /var/run/apache2 /var/log/supervisor

Command

COPY file:dcf9cb69f3383b40b97283558cba178e72123564a720586467f9a66525d67e62 in /etc/supervisor/conf.d/supervisord.conf

Command

EXPOSE 443/tcp 80/tcp

Command

CMD ["/usr/bin/supervisord"]

Command

MAINTAINER Carlos Motta <motta.carlos08@gmail.com>

Command

RUN apt-get update &&
    apt-get install apache2 php5 php5-ldap php5-imap php5-gd php5-mysql wget supervisor -y
Vulnerable package, installed in this layer 7 years ago
wget 1.15-1ubuntu1.14.04.2

Command

RUN mkdir -p /var/lock/apache2 /var/run/apache2 /var/log/supervisor

Command

RUN /usr/sbin/php5enmod imap &&
    /usr/sbin/a2enmod ssl &&
    /usr/sbin/a2ensite default-ssl

Command

COPY file:21d68f74ed8b726ca444fa821b008211f48a92ad6de4259edb89b50a17bd4329 in /etc/supervisor/conf.d/supervisord.conf

Command

EXPOSE 443/tcp 80/tcp

Command

CMD ["/usr/bin/supervisord"]
Dynamic Analysis Results
The following graph outlines the most important system events generated by the container:
The container starts a service that renders the following contents over port 80:
The container produces the following text output:
user@host: ~