cmotta2016/apache
Region: eastus
Scan Summary
High vulnerabilities
17Malicious files
0Last scan
1 year, 9 months ago
Type of scan
Prevasio CSPMScan duration
2 minutes and 7 secondsImage Details
Image URI
prevasio.azurecr.io/cmotta2016/apacheImage tags
latestDigest
sha256:35515496c8dccf6314da656a216fa35e44cddf08001705af274ae3d2a779a501Created
7 years ago
Compressed size
115.11 MBUncompressed size
255.55 MBOS/architecture
linux/amd64OS distribution
ubuntu 14.04 (reached end of life)Working directory
—ENTRYPOINT
—CMD
/usr/bin/supervisordUser
—Ports
443/tcp80/tcp
Volumes
—Environment variables
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Overview
Critical
0High
17Medium
925Low
481Informational
0Vulnerabilities (1,000)
Severity | Name | Package | Version | Fixed in | Description | Package:version |
---|---|---|---|---|---|---|
High | CVE-2016-1252 | apt | 1.0.1ubuntu2.14 | 1.0.1ubuntu2.17 | The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable ... | apt:1.0.1ubuntu2.14 |
High | CVE-2019-3462 | apt | 1.0.1ubuntu2.14 | 1.0.1ubuntu2.19 | Incorrect sanitation of the 302 redirect field in HTTP transport metho ... | apt:1.0.1ubuntu2.14 |
High | CVE-2016-1252 | apt-utils | 1.0.1ubuntu2.14 | 1.0.1ubuntu2.17 | The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable ... | apt-utils:1.0.1ubuntu2.14 |
High | CVE-2019-3462 | apt-utils | 1.0.1ubuntu2.14 | 1.0.1ubuntu2.19 | Incorrect sanitation of the 302 redirect field in HTTP transport metho ... | apt-utils:1.0.1ubuntu2.14 |
High | CVE-2016-6313 | gnupg | 1.4.16-1ubuntu2.3 | 1.4.16-1ubuntu2.4 | libgcrypt: PRNG output is predictable | gnupg:1.4.16-1ubuntu2.3 |
High | CVE-2016-6313 | gpgv | 1.4.16-1ubuntu2.3 | 1.4.16-1ubuntu2.4 | libgcrypt: PRNG output is predictable | gpgv:1.4.16-1ubuntu2.3 |
High | CVE-2016-1252 | libapt-inst1.5 | 1.0.1ubuntu2.14 | 1.0.1ubuntu2.17 | The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable ... | libapt-inst1.5:1.0.1ubuntu2.14 |
High | CVE-2019-3462 | libapt-inst1.5 | 1.0.1ubuntu2.14 | 1.0.1ubuntu2.19 | Incorrect sanitation of the 302 redirect field in HTTP transport metho ... | libapt-inst1.5:1.0.1ubuntu2.14 |
High | CVE-2016-1252 | libapt-pkg4.12 | 1.0.1ubuntu2.14 | 1.0.1ubuntu2.17 | The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable ... | libapt-pkg4.12:1.0.1ubuntu2.14 |
High | CVE-2019-3462 | libapt-pkg4.12 | 1.0.1ubuntu2.14 | 1.0.1ubuntu2.19 | Incorrect sanitation of the 302 redirect field in HTTP transport metho ... | libapt-pkg4.12:1.0.1ubuntu2.14 |
High | CVE-2018-1000001 | libc-bin | 2.19-0ubuntu6.9 | 2.19-0ubuntu6.14 | glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation | libc-bin:2.19-0ubuntu6.9 |
High | CVE-2018-1000001 | libc6 | 2.19-0ubuntu6.9 | 2.19-0ubuntu6.14 | glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation | libc6:2.19-0ubuntu6.9 |
High | CVE-2016-6313 | libgcrypt11 | 1.5.3-2ubuntu4.3 | 1.5.3-2ubuntu4.4 | libgcrypt: PRNG output is predictable | libgcrypt11:1.5.3-2ubuntu4.3 |
High | CVE-2016-6304 | libssl1.0.0 | 1.0.1f-1ubuntu2.19 | 1.0.1f-1ubuntu2.20 | openssl: OCSP Status Request extension unbounded memory growth | libssl1.0.0:1.0.1f-1ubuntu2.19 |
High | CVE-2018-1000001 | multiarch-support | 2.19-0ubuntu6.9 | 2.19-0ubuntu6.14 | glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation | multiarch-support:2.19-0ubuntu6.9 |
High | CVE-2016-6304 | openssl | 1.0.1f-1ubuntu2.19 | 1.0.1f-1ubuntu2.20 | openssl: OCSP Status Request extension unbounded memory growth | openssl:1.0.1f-1ubuntu2.19 |
High | CVE-2017-1000367 | sudo | 1.8.9p5-1ubuntu1.2 | 1.8.9p5-1ubuntu1.4 | sudo: Privilege escalation in via improper get_process_ttyname() parsing | sudo:1.8.9p5-1ubuntu1.2 |
Medium | CVE-2016-0736 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.14 | httpd: Padding Oracle in Apache mod_session_crypto | apache2:2.4.7-1ubuntu4.9 |
Medium | CVE-2016-5387 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.13 | Apache HTTPD: sets environmental variable based on user supplied Proxy request header | apache2:2.4.7-1ubuntu4.9 |
Medium | CVE-2016-8743 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.14 | httpd: Apache HTTP Request Parsing Whitespace Defects | apache2:2.4.7-1ubuntu4.9 |
Medium | CVE-2017-3167 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.16 | httpd: ap_get_basic_auth_pw() authentication bypass | apache2:2.4.7-1ubuntu4.9 |
Medium | CVE-2017-3169 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.16 | httpd: mod_ssl NULL pointer dereference | apache2:2.4.7-1ubuntu4.9 |
Medium | CVE-2017-7668 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.16 | httpd: ap_find_token() buffer overread | apache2:2.4.7-1ubuntu4.9 |
Medium | CVE-2017-9788 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.17 | httpd: Uninitialized memory reflection in mod_auth_digest | apache2:2.4.7-1ubuntu4.9 |
Medium | CVE-2017-9798 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.18 | httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed) | apache2:2.4.7-1ubuntu4.9 |
Medium | CVE-2019-0217 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.22 | httpd: mod_auth_digest: access control bypass due to race condition | apache2:2.4.7-1ubuntu4.9 |
Medium | CVE-2016-0736 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.14 | httpd: Padding Oracle in Apache mod_session_crypto | apache2-bin:2.4.7-1ubuntu4.9 |
Medium | CVE-2016-5387 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.13 | Apache HTTPD: sets environmental variable based on user supplied Proxy request header | apache2-bin:2.4.7-1ubuntu4.9 |
Medium | CVE-2016-8743 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.14 | httpd: Apache HTTP Request Parsing Whitespace Defects | apache2-bin:2.4.7-1ubuntu4.9 |
Medium | CVE-2017-3167 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.16 | httpd: ap_get_basic_auth_pw() authentication bypass | apache2-bin:2.4.7-1ubuntu4.9 |
Medium | CVE-2017-3169 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.16 | httpd: mod_ssl NULL pointer dereference | apache2-bin:2.4.7-1ubuntu4.9 |
Medium | CVE-2017-7668 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.16 | httpd: ap_find_token() buffer overread | apache2-bin:2.4.7-1ubuntu4.9 |
Medium | CVE-2017-9788 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.17 | httpd: Uninitialized memory reflection in mod_auth_digest | apache2-bin:2.4.7-1ubuntu4.9 |
Medium | CVE-2017-9798 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.18 | httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed) | apache2-bin:2.4.7-1ubuntu4.9 |
Medium | CVE-2019-0217 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.22 | httpd: mod_auth_digest: access control bypass due to race condition | apache2-bin:2.4.7-1ubuntu4.9 |
Medium | CVE-2016-0736 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.14 | httpd: Padding Oracle in Apache mod_session_crypto | apache2-data:2.4.7-1ubuntu4.9 |
Medium | CVE-2016-5387 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.13 | Apache HTTPD: sets environmental variable based on user supplied Proxy request header | apache2-data:2.4.7-1ubuntu4.9 |
Medium | CVE-2016-8743 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.14 | httpd: Apache HTTP Request Parsing Whitespace Defects | apache2-data:2.4.7-1ubuntu4.9 |
Medium | CVE-2017-3167 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.16 | httpd: ap_get_basic_auth_pw() authentication bypass | apache2-data:2.4.7-1ubuntu4.9 |
Medium | CVE-2017-3169 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.16 | httpd: mod_ssl NULL pointer dereference | apache2-data:2.4.7-1ubuntu4.9 |
Medium | CVE-2017-7668 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.16 | httpd: ap_find_token() buffer overread | apache2-data:2.4.7-1ubuntu4.9 |
Medium | CVE-2017-9788 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.17 | httpd: Uninitialized memory reflection in mod_auth_digest | apache2-data:2.4.7-1ubuntu4.9 |
Medium | CVE-2017-9798 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.18 | httpd: Use-after-free by limiting unregistered HTTP method (Optionsbleed) | apache2-data:2.4.7-1ubuntu4.9 |
Medium | CVE-2019-0217 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.22 | httpd: mod_auth_digest: access control bypass due to race condition | apache2-data:2.4.7-1ubuntu4.9 |
Medium | CVE-2016-7543 | bash | 4.3-7ubuntu1.5 | 4.3-7ubuntu1.7 | bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution | bash:4.3-7ubuntu1.5 |
Medium | CVE-2015-9261 | busybox-initramfs | 1:1.21.0-1ubuntu1 | 1:1.21.0-1ubuntu1.4 | busybox: Segmentation fault when unzipping specially crafted zip file | busybox-initramfs:1:1.21.0-1ubuntu1 |
Medium | CVE-2017-16544 | busybox-initramfs | 1:1.21.0-1ubuntu1 | 1:1.21.0-1ubuntu1.4 | busybox: Insufficient sanitization of filenames when autocompleting | busybox-initramfs:1:1.21.0-1ubuntu1 |
Medium | CVE-2018-1000517 | busybox-initramfs | 1:1.21.0-1ubuntu1 | 1:1.21.0-1ubuntu1.4 | busybox: wget: Heap-based buffer overflow in the retrieve_file_data() function | busybox-initramfs:1:1.21.0-1ubuntu1 |
Medium | CVE-2019-5747 | busybox-initramfs | 1:1.21.0-1ubuntu1 | 1:1.21.0-1ubuntu1.4 | busybox: Out of bounds read in udhcp components resulting in information disclosure | busybox-initramfs:1:1.21.0-1ubuntu1 |
Medium | CVE-2017-6964 | eject | 2.1.5+deb1+cvs20081104-13.1 | 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 | dmcrypt-get-device, as shipped in the eject package of Debian and Ubun ... | eject:2.1.5+deb1+cvs20081104-13.1 |
Medium | CVE-2016-5384 | fontconfig-config | 2.11.0-0ubuntu4.1 | 2.11.0-0ubuntu4.2 | fontconfig: Possible double free due to insufficiently validated cache files | fontconfig-config:2.11.0-0ubuntu4.1 |
Medium | CVE-2017-7526 | gnupg | 1.4.16-1ubuntu2.3 | 1.4.16-1ubuntu2.6 | libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery | gnupg:1.4.16-1ubuntu2.3 |
Medium | CVE-2018-12020 | gnupg | 1.4.16-1ubuntu2.3 | 1.4.16-1ubuntu2.5 | gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification | gnupg:1.4.16-1ubuntu2.3 |
Medium | CVE-2017-7526 | gpgv | 1.4.16-1ubuntu2.3 | 1.4.16-1ubuntu2.6 | libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery | gpgv:1.4.16-1ubuntu2.3 |
Medium | CVE-2018-12020 | gpgv | 1.4.16-1ubuntu2.3 | 1.4.16-1ubuntu2.5 | gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification | gpgv:1.4.16-1ubuntu2.3 |
Medium | CVE-2018-5732 | isc-dhcp-client | 4.2.4-7ubuntu12.4 | 4.2.4-7ubuntu12.12 | dhcp: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server | isc-dhcp-client:4.2.4-7ubuntu12.4 |
Medium | CVE-2018-5733 | isc-dhcp-client | 4.2.4-7ubuntu12.4 | 4.2.4-7ubuntu12.12 | dhcp: Reference count overflow in dhcpd allows denial of service | isc-dhcp-client:4.2.4-7ubuntu12.4 |
Medium | CVE-2018-5732 | isc-dhcp-common | 4.2.4-7ubuntu12.4 | 4.2.4-7ubuntu12.12 | dhcp: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server | isc-dhcp-common:4.2.4-7ubuntu12.4 |
Medium | CVE-2018-5733 | isc-dhcp-common | 4.2.4-7ubuntu12.4 | 4.2.4-7ubuntu12.12 | dhcp: Reference count overflow in dhcpd allows denial of service | isc-dhcp-common:4.2.4-7ubuntu12.4 |
Medium | CVE-2015-8629 | krb5-locales | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: xdr_nullstring() doesn't check for terminating null character | krb5-locales:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2015-8630 | krb5-locales | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask | krb5-locales:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2015-8631 | krb5-locales | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: Memory leak caused by supplying a null principal name in request | krb5-locales:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2016-3119 | krb5-locales | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: null pointer dereference in kadmin | krb5-locales:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2016-3120 | krb5-locales | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: S4U2Self KDC crash when anon is restricted | krb5-locales:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2017-11368 | krb5-locales | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure | krb5-locales:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2015-8876 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Zend/zend_exceptions.c does not validate certain Exception objects | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2015-8935 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: HTTP response splitting in header() function | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-10160 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-10397 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect handling of URI components in URL parser | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5385 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | PHP: sets environmental variable based on user supplied Proxy request header | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5399 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Improper error handling in bzread() | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5768 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Double free in _php_mb_regex_ereg_replace_exec | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5769 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5772 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Double Free Corruption in wddx_deserialize | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6288 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Buffer over-read in php_url_parse_ex | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6289 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Integer overflow leads to buffer overflow in virtual_file_ex | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6290 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Use after free in unserialize() with Unexpected Session Deserialization | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6291 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6292 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Null pointer dereference in exif_process_user_comment | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6294 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Out-of-bounds access in locale_accept_from_http | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6295 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Use after free in SNMP with GC and unserialize() | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6296 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6297 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Stack-based buffer overflow vulnerability in php_stream_zip_opener | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7127 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: imagegammacorrect allows arbitrary write access | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7129 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize allows illegal memory access | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7130 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7131 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference with invalid xml | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7132 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference in php_wddx_pop_element | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7411 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Memory corruption when destructing deserialized object | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7412 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7413 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Use after free in wddx_deserialize | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7414 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7417 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Missing type check when unserializing SplArray | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7478 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Unserialize Exception object can lead to infinite loop | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7479 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-9934 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-9935 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Invalid read when wddx decodes empty boolean element | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11143 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect WDDX deserialization of boolean parameters leads to DoS | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11144 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect return value check of OpenSSL sealing function leads to crash | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11145 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: wddx_deserialize() heap out-of-bound read via php_parse_date() | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11147 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Out-of-bounds read in phar_parse_pharfile | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11628 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9224 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds stack read in match_at() during regular expression searching | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9226 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9227 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9228 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds heap write in bitset_set_range() | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9229 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Invalid pointer dereference in left_adjust_char_head() | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10545 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Dumpable FPM child processes allow bypassing opcache access controls | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10546 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10547 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Reflected XSS vulnerability on PHAR 403 and 404 error pages | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10548 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-14883 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.26 | php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract() | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-17082 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.26 | php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-5712 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.23 | php: Reflected XSS on PHAR 404 page | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-7584 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.24 | php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9020 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Invalid memory access in function xmlrpc_decode() | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9021 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Heap-based buffer over-read in PHAR reading functions | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9022 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: memcpy with negative length via crafted DNS response | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9023 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Heap-based buffer over-read in mbstring regular expression functions | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9024 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9638 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_MAKERNOTE | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9639 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_MAKERNOTE | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9640 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Invalid read in exif_process_SOFn() | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9641 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_TIFF | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11103 | libasn1-8-heimdal | 1.6~git20131207+dfsg-1ubuntu1.1 | 1.6~git20131207+dfsg-1ubuntu1.2 | krb5: Metadata taken from the unauthenticated plaintext | libasn1-8-heimdal:1.6~git20131207+dfsg-1ubuntu1.1 |
Medium | CVE-2015-8982 | libc-bin | 2.19-0ubuntu6.9 | 2.19-0ubuntu6.10 | glibc: multiple overflows in strxfrm() | libc-bin:2.19-0ubuntu6.9 |
Medium | CVE-2015-8983 | libc-bin | 2.19-0ubuntu6.9 | 2.19-0ubuntu6.10 | glibc: _IO_wstr_overflow integer overflow | libc-bin:2.19-0ubuntu6.9 |
Medium | CVE-2015-8984 | libc-bin | 2.19-0ubuntu6.9 | 2.19-0ubuntu6.10 | glibc: potential denial of service in internal_fnmatch() | libc-bin:2.19-0ubuntu6.9 |
Medium | CVE-2017-1000366 | libc-bin | 2.19-0ubuntu6.9 | 2.19-0ubuntu6.13 | glibc: heap/stack gap jumping via unbounded stack allocations | libc-bin:2.19-0ubuntu6.9 |
Medium | CVE-2015-8982 | libc6 | 2.19-0ubuntu6.9 | 2.19-0ubuntu6.10 | glibc: multiple overflows in strxfrm() | libc6:2.19-0ubuntu6.9 |
Medium | CVE-2015-8983 | libc6 | 2.19-0ubuntu6.9 | 2.19-0ubuntu6.10 | glibc: _IO_wstr_overflow integer overflow | libc6:2.19-0ubuntu6.9 |
Medium | CVE-2015-8984 | libc6 | 2.19-0ubuntu6.9 | 2.19-0ubuntu6.10 | glibc: potential denial of service in internal_fnmatch() | libc6:2.19-0ubuntu6.9 |
Medium | CVE-2017-1000366 | libc6 | 2.19-0ubuntu6.9 | 2.19-0ubuntu6.13 | glibc: heap/stack gap jumping via unbounded stack allocations | libc6:2.19-0ubuntu6.9 |
Medium | CVE-2017-10140 | libdb5.3 | 5.3.28-3ubuntu3 | 5.3.28-3ubuntu3.1 | libdb: Reads DB_CONFIG from the current working directory | libdb5.3:5.3.28-3ubuntu3 |
Medium | CVE-2015-0245 | libdbus-1-3 | 1.6.18-0ubuntu4.3 | 1.6.18-0ubuntu4.4 | dbus: denial of service in dbus systemd activation | libdbus-1-3:1.6.18-0ubuntu4.3 |
Medium | CVE-2012-6702 | libexpat1 | 2.1.0-4ubuntu1.2 | 2.1.0-4ubuntu1.3 | expat: Using XML_Parse before rand() results into non-random output | libexpat1:2.1.0-4ubuntu1.2 |
Medium | CVE-2016-5300 | libexpat1 | 2.1.0-4ubuntu1.2 | 2.1.0-4ubuntu1.3 | expat: Little entropy used for hash initialization | libexpat1:2.1.0-4ubuntu1.2 |
Medium | CVE-2017-9233 | libexpat1 | 2.1.0-4ubuntu1.2 | 2.1.0-4ubuntu1.4 | expat: Inifinite loop due to invalid XML in external entity | libexpat1:2.1.0-4ubuntu1.2 |
Medium | CVE-2017-1000376 | libffi6 | 3.1~rc1+r3.0.13-12ubuntu0.1 | 3.1~rc1+r3.0.13-12ubuntu0.2 | libffi requests an executable stack allowing attackers to more easily ... | libffi6:3.1~rc1+r3.0.13-12ubuntu0.1 |
Medium | CVE-2016-5384 | libfontconfig1 | 2.11.0-0ubuntu4.1 | 2.11.0-0ubuntu4.2 | fontconfig: Possible double free due to insufficiently validated cache files | libfontconfig1:2.11.0-0ubuntu4.1 |
Medium | CVE-2016-10244 | libfreetype6 | 2.5.2-1ubuntu2.5 | 2.5.2-1ubuntu2.6 | freetype: parse_charstrings function in type1/t1load.c does not ensure that a font contains a glyph name | libfreetype6:2.5.2-1ubuntu2.5 |
Medium | CVE-2016-10328 | libfreetype6 | 2.5.2-1ubuntu2.5 | 2.5.2-1ubuntu2.7 | freetype: heap-based buffer overflow related to the cff_parser_run function | libfreetype6:2.5.2-1ubuntu2.5 |
Medium | CVE-2017-8105 | libfreetype6 | 2.5.2-1ubuntu2.5 | 2.5.2-1ubuntu2.8 | freetype: heap-based buffer overflow related to the t1_decoder_parse_charstrings | libfreetype6:2.5.2-1ubuntu2.5 |
Medium | CVE-2017-8287 | libfreetype6 | 2.5.2-1ubuntu2.5 | 2.5.2-1ubuntu2.8 | freetype: heap-based buffer overflow related to the t1_builder_close_contour function | libfreetype6:2.5.2-1ubuntu2.5 |
Medium | CVE-2017-7526 | libgcrypt11 | 1.5.3-2ubuntu4.3 | 1.5.3-2ubuntu4.5 | libgcrypt: Use of left-to-right sliding window method allows full RSA key recovery | libgcrypt11:1.5.3-2ubuntu4.3 |
Medium | CVE-2016-10166 | libgd3 | 2.1.0-3ubuntu0.1 | 2.1.0-3ubuntu0.6 | gd: Unsigned integer underflow _gdContributionsAlloc() | libgd3:2.1.0-3ubuntu0.1 |
Medium | CVE-2016-10167 | libgd3 | 2.1.0-3ubuntu0.1 | 2.1.0-3ubuntu0.6 | gd: DoS vulnerability in gdImageCreateFromGd2Ctx() | libgd3:2.1.0-3ubuntu0.1 |
Medium | CVE-2016-10168 | libgd3 | 2.1.0-3ubuntu0.1 | 2.1.0-3ubuntu0.6 | gd: Integer overflow in gd_io.c | libgd3:2.1.0-3ubuntu0.1 |
Medium | CVE-2016-5766 | libgd3 | 2.1.0-3ubuntu0.1 | 2.1.0-3ubuntu0.2 | gd: Integer overflow in _gd2GetHeader() resulting in heap overflow | libgd3:2.1.0-3ubuntu0.1 |
Medium | CVE-2016-6128 | libgd3 | 2.1.0-3ubuntu0.1 | 2.1.0-3ubuntu0.2 | gd: Invalid color index not properly handled | libgd3:2.1.0-3ubuntu0.1 |
Medium | CVE-2016-6207 | libgd3 | 2.1.0-3ubuntu0.1 | 2.1.0-3ubuntu0.3 | php,gd: Integer overflow error within _gdContributionsAlloc() | libgd3:2.1.0-3ubuntu0.1 |
Medium | CVE-2016-6905 | libgd3 | 2.1.0-3ubuntu0.1 | 2.1.0-3ubuntu0.3 | gd: Out-of-bounds read in function read_image_tga in gd_tga.c | libgd3:2.1.0-3ubuntu0.1 |
Medium | CVE-2016-6911 | libgd3 | 2.1.0-3ubuntu0.1 | 2.1.0-3ubuntu0.5 | gd, php: Missing check for OOB read in dynamicGetbuf() | libgd3:2.1.0-3ubuntu0.1 |
Medium | CVE-2016-6912 | libgd3 | 2.1.0-3ubuntu0.1 | 2.1.0-3ubuntu0.6 | gd, php: Double free in gdImageWebpPtr() | libgd3:2.1.0-3ubuntu0.1 |
Medium | CVE-2016-7568 | libgd3 | 2.1.0-3ubuntu0.1 | 2.1.0-3ubuntu0.5 | gd, php: Integer overflow in gdImageWebpCtx | libgd3:2.1.0-3ubuntu0.1 |
Medium | CVE-2016-8670 | libgd3 | 2.1.0-3ubuntu0.1 | 2.1.0-3ubuntu0.5 | gd, php: Stack based buffer overflow in dynamicGetbuf | libgd3:2.1.0-3ubuntu0.1 |
Medium | CVE-2017-6362 | libgd3 | 2.1.0-3ubuntu0.1 | 2.1.0-3ubuntu0.8 | gd: Double free in the gdImagePngPtr function | libgd3:2.1.0-3ubuntu0.1 |
Medium | CVE-2017-7890 | libgd3 | 2.1.0-3ubuntu0.1 | 2.1.0-3ubuntu0.7 | php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function | libgd3:2.1.0-3ubuntu0.1 |
Medium | CVE-2018-1000222 | libgd3 | 2.1.0-3ubuntu0.1 | 2.1.0-3ubuntu0.10 | gd: Double free in src/gd_bump.c:gdImageBmpPtr() via crafted JPEG | libgd3:2.1.0-3ubuntu0.1 |
Medium | CVE-2019-6977 | libgd3 | 2.1.0-3ubuntu0.1 | 2.1.0-3ubuntu0.11 | gd: Heap-based buffer overflow in gdImageColorMatch() in gd_color_match.c | libgd3:2.1.0-3ubuntu0.1 |
Medium | CVE-2017-5335 | libgnutls-openssl27 | 2.12.23-12ubuntu2.5 | 2.12.23-12ubuntu2.6 | gnutls: Out of memory while parsing crafted OpenPGP certificate | libgnutls-openssl27:2.12.23-12ubuntu2.5 |
Medium | CVE-2017-5336 | libgnutls-openssl27 | 2.12.23-12ubuntu2.5 | 2.12.23-12ubuntu2.6 | gnutls: Stack overflow in cdk_pk_get_keyid | libgnutls-openssl27:2.12.23-12ubuntu2.5 |
Medium | CVE-2017-5337 | libgnutls-openssl27 | 2.12.23-12ubuntu2.5 | 2.12.23-12ubuntu2.6 | gnutls: Heap read overflow in read-packet.c | libgnutls-openssl27:2.12.23-12ubuntu2.5 |
Medium | CVE-2017-5335 | libgnutls26 | 2.12.23-12ubuntu2.5 | 2.12.23-12ubuntu2.6 | gnutls: Out of memory while parsing crafted OpenPGP certificate | libgnutls26:2.12.23-12ubuntu2.5 |
Medium | CVE-2017-5336 | libgnutls26 | 2.12.23-12ubuntu2.5 | 2.12.23-12ubuntu2.6 | gnutls: Stack overflow in cdk_pk_get_keyid | libgnutls26:2.12.23-12ubuntu2.5 |
Medium | CVE-2017-5337 | libgnutls26 | 2.12.23-12ubuntu2.5 | 2.12.23-12ubuntu2.6 | gnutls: Heap read overflow in read-packet.c | libgnutls26:2.12.23-12ubuntu2.5 |
Medium | CVE-2015-8629 | libgssapi-krb5-2 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: xdr_nullstring() doesn't check for terminating null character | libgssapi-krb5-2:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2015-8630 | libgssapi-krb5-2 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask | libgssapi-krb5-2:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2015-8631 | libgssapi-krb5-2 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: Memory leak caused by supplying a null principal name in request | libgssapi-krb5-2:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2016-3119 | libgssapi-krb5-2 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: null pointer dereference in kadmin | libgssapi-krb5-2:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2016-3120 | libgssapi-krb5-2 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: S4U2Self KDC crash when anon is restricted | libgssapi-krb5-2:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2017-11368 | libgssapi-krb5-2 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure | libgssapi-krb5-2:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2017-11103 | libgssapi3-heimdal | 1.6~git20131207+dfsg-1ubuntu1.1 | 1.6~git20131207+dfsg-1ubuntu1.2 | krb5: Metadata taken from the unauthenticated plaintext | libgssapi3-heimdal:1.6~git20131207+dfsg-1ubuntu1.1 |
Medium | CVE-2017-11103 | libhcrypto4-heimdal | 1.6~git20131207+dfsg-1ubuntu1.1 | 1.6~git20131207+dfsg-1ubuntu1.2 | krb5: Metadata taken from the unauthenticated plaintext | libhcrypto4-heimdal:1.6~git20131207+dfsg-1ubuntu1.1 |
Medium | CVE-2017-11103 | libheimbase1-heimdal | 1.6~git20131207+dfsg-1ubuntu1.1 | 1.6~git20131207+dfsg-1ubuntu1.2 | krb5: Metadata taken from the unauthenticated plaintext | libheimbase1-heimdal:1.6~git20131207+dfsg-1ubuntu1.1 |
Medium | CVE-2017-11103 | libheimntlm0-heimdal | 1.6~git20131207+dfsg-1ubuntu1.1 | 1.6~git20131207+dfsg-1ubuntu1.2 | krb5: Metadata taken from the unauthenticated plaintext | libheimntlm0-heimdal:1.6~git20131207+dfsg-1ubuntu1.1 |
Medium | CVE-2017-11103 | libhx509-5-heimdal | 1.6~git20131207+dfsg-1ubuntu1.1 | 1.6~git20131207+dfsg-1ubuntu1.2 | krb5: Metadata taken from the unauthenticated plaintext | libhx509-5-heimdal:1.6~git20131207+dfsg-1ubuntu1.1 |
Medium | CVE-2016-6261 | libidn11 | 1.28-1ubuntu2 | 1.28-1ubuntu2.1 | libidn: Out of bounds stack read in idna_to_ascii_4i | libidn11:1.28-1ubuntu2 |
Medium | CVE-2016-6262 | libidn11 | 1.28-1ubuntu2 | 1.28-1ubuntu2.1 | libidn: Out-of-bounds read when reading zero byte as input | libidn11:1.28-1ubuntu2 |
Medium | CVE-2016-6263 | libidn11 | 1.28-1ubuntu2 | 1.28-1ubuntu2.1 | libidn: Crash when given invalid UTF-8 data on input | libidn11:1.28-1ubuntu2 |
Medium | CVE-2017-14062 | libidn11 | 1.28-1ubuntu2 | 1.28-1ubuntu2.2 | libidn2: Integer overflow in puny_decode.c/decode_digit | libidn11:1.28-1ubuntu2 |
Medium | CVE-2015-8629 | libk5crypto3 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: xdr_nullstring() doesn't check for terminating null character | libk5crypto3:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2015-8630 | libk5crypto3 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask | libk5crypto3:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2015-8631 | libk5crypto3 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: Memory leak caused by supplying a null principal name in request | libk5crypto3:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2016-3119 | libk5crypto3 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: null pointer dereference in kadmin | libk5crypto3:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2016-3120 | libk5crypto3 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: S4U2Self KDC crash when anon is restricted | libk5crypto3:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2017-11368 | libk5crypto3 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure | libk5crypto3:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2017-11103 | libkrb5-26-heimdal | 1.6~git20131207+dfsg-1ubuntu1.1 | 1.6~git20131207+dfsg-1ubuntu1.2 | krb5: Metadata taken from the unauthenticated plaintext | libkrb5-26-heimdal:1.6~git20131207+dfsg-1ubuntu1.1 |
Medium | CVE-2015-8629 | libkrb5-3 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: xdr_nullstring() doesn't check for terminating null character | libkrb5-3:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2015-8630 | libkrb5-3 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask | libkrb5-3:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2015-8631 | libkrb5-3 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: Memory leak caused by supplying a null principal name in request | libkrb5-3:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2016-3119 | libkrb5-3 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: null pointer dereference in kadmin | libkrb5-3:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2016-3120 | libkrb5-3 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: S4U2Self KDC crash when anon is restricted | libkrb5-3:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2017-11368 | libkrb5-3 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure | libkrb5-3:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2015-8629 | libkrb5support0 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: xdr_nullstring() doesn't check for terminating null character | libkrb5support0:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2015-8630 | libkrb5support0 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask | libkrb5support0:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2015-8631 | libkrb5support0 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: Memory leak caused by supplying a null principal name in request | libkrb5support0:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2016-3119 | libkrb5support0 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: null pointer dereference in kadmin | libkrb5support0:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2016-3120 | libkrb5support0 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: S4U2Self KDC crash when anon is restricted | libkrb5support0:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2017-11368 | libkrb5support0 | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure | libkrb5support0:1.12+dfsg-2ubuntu5.2 |
Medium | CVE-2017-9287 | libldap-2.4-2 | 2.4.31-1+nmu2ubuntu8.2 | 2.4.31-1+nmu2ubuntu8.4 | openldap: Double free vulnerability in servers/slapd/back-mdb/search.c | libldap-2.4-2:2.4.31-1+nmu2ubuntu8.2 |
Medium | CVE-2016-3477 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.50-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-3492 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.52-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU October 2016) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-3521 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.50-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: Types (CPU July 2016) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-3615 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.50-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: DML (CPU July 2016) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-5440 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.50-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: RBR (CPU July 2016) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-5584 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.53-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU October 2016) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-5612 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.52-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-5624 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.52-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-5626 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.52-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: GIS (CPU October 2016) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-5629 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.52-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: Federated (CPU October 2016) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-6662 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.52-0ubuntu0.14.04.1 | mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-6663 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.52-0ubuntu0.14.04.1 | CVE-2016-5616 CVE-2016-6663 mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-6664 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.52-0ubuntu0.14.04.1 | CVE-2016-5617 mysql: insecure error log file handling in mysqld_safe (CPU Oct 2016) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-7440 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.53-0ubuntu0.14.04.1 | yaSSL: AES key leak via cache-bank timing side channel attack | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-8283 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.52-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: Types (CPU October 2016) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-10268 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.58-0ubuntu0.14.04.1 | mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-10378 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.58-0ubuntu0.14.04.1 | mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-10379 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.58-0ubuntu0.14.04.1 | mysql: Client programs unspecified vulnerability (CPU Oct 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-10384 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.58-0ubuntu0.14.04.1 | mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3238 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3243 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: Server: Charsets unspecified vulnerability (CPU Jan 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3244 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: Server: DML unspecified vulnerability (CPU Jan 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3258 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: Server: DDL unspecified vulnerability (CPU Jan 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3265 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: unsafe chmod/chown use in init script (CPU Jan 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3291 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: unrestricted mysqld_safe's ledir (CPU Jan 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3305 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: incorrect enforcement of ssl-mode=REQUIRED in MySQL 5.5 and 5.6 | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3308 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: Server: DML unspecified vulnerability (CPU Apr 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3309 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3312 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 fix (CPU Jan 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3313 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: Server: MyISAM unspecified vulnerability (CPU Jan 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3317 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: Logging unspecified vulnerability (CPU Jan 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3318 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: Server: Error Handling unspecified vulnerability (CPU Jan 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3329 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: Server: Thread Pooling unspecified vulnerability (CPU Apr 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3453 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3456 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: Server: DML unspecified vulnerability (CPU Apr 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3461 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3462 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3463 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3464 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: Server: DDL unspecified vulnerability (CPU Apr 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3600 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mariadb, mysql: Incorrect input validation allowing code execution via mysqldump | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3635 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.57-0ubuntu0.14.04.1 | mysql: C API unspecified vulnerability (CPU Jul 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3636 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.57-0ubuntu0.14.04.1 | mysql: Client programs unspecified vulnerability (CPU Jul 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3641 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.57-0ubuntu0.14.04.1 | mysql: Server: DML unspecified vulnerability (CPU Jul 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3648 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.57-0ubuntu0.14.04.1 | mysql: Server: Charsets unspecified vulnerability (CPU Jul 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3651 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.57-0ubuntu0.14.04.1 | mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3652 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.57-0ubuntu0.14.04.1 | mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3653 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.57-0ubuntu0.14.04.1 | mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2562 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.59-0ubuntu0.14.04.1 | mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2622 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.59-0ubuntu0.14.04.1 | mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2640 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.59-0ubuntu0.14.04.1 | mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2665 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.59-0ubuntu0.14.04.1 | mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2668 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.59-0ubuntu0.14.04.1 | mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2755 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.60-0ubuntu0.14.04.1 | mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2761 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.60-0ubuntu0.14.04.1 | mysql: Client programs unspecified vulnerability (CPU Apr 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2767 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.61-0ubuntu0.14.04.1 | mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2771 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.60-0ubuntu0.14.04.1 | mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2773 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.60-0ubuntu0.14.04.1 | mysql: pid file can be created in a world-writeable directory (CPU Apr 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2781 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.60-0ubuntu0.14.04.1 | mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2813 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.60-0ubuntu0.14.04.1 | mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2817 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.60-0ubuntu0.14.04.1 | mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2818 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.60-0ubuntu0.14.04.1 | mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2819 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.60-0ubuntu0.14.04.1 | mysql: InnoDB unspecified vulnerability (CPU Apr 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-3058 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.61-0ubuntu0.14.04.1 | mysql: MyISAM unspecified vulnerability (CPU Jul 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-3063 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.61-0ubuntu0.14.04.1 | mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-3066 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.61-0ubuntu0.14.04.1 | mysql: Server: Options unspecified vulnerability (CPU Jul 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-3070 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.61-0ubuntu0.14.04.1 | mysql: Client mysqldump unspecified vulnerability (CPU Jul 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-3081 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.61-0ubuntu0.14.04.1 | mysql: Client programs unspecified vulnerability (CPU Jul 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-3133 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.62-0ubuntu0.14.04.1 | mysql: Server: Parser unspecified vulnerability (CPU Oct 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-3174 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.62-0ubuntu0.14.04.1 | mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-3282 | libmysqlclient18 | 5.5.49-0ubuntu0.14.04.1 | 5.5.62-0ubuntu0.14.04.1 | mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) | libmysqlclient18:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-1122 | libprocps3 | 1:3.3.9-1ubuntu2.2 | 1:3.3.9-1ubuntu2.3 | procps-ng, procps: Local privilege escalation in top | libprocps3:1:3.3.9-1ubuntu2.2 |
Medium | CVE-2018-1123 | libprocps3 | 1:3.3.9-1ubuntu2.2 | 1:3.3.9-1ubuntu2.3 | procps-ng, procps: denial of service in ps via mmap buffer overflow | libprocps3:1:3.3.9-1ubuntu2.2 |
Medium | CVE-2018-1124 | libprocps3 | 1:3.3.9-1ubuntu2.2 | 1:3.3.9-1ubuntu2.3 | procps-ng, procps: Integer overflows leading to heap overflow in file2strvec | libprocps3:1:3.3.9-1ubuntu2.2 |
Medium | CVE-2018-1125 | libprocps3 | 1:3.3.9-1ubuntu2.2 | 1:3.3.9-1ubuntu2.3 | procps-ng, procps: stack buffer overflow in pgrep | libprocps3:1:3.3.9-1ubuntu2.2 |
Medium | CVE-2018-1126 | libprocps3 | 1:3.3.9-1ubuntu2.2 | 1:3.3.9-1ubuntu2.3 | procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues | libprocps3:1:3.3.9-1ubuntu2.2 |
Medium | CVE-2016-0772 | libpython2.7-minimal | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.3 | python: smtplib StartTLS stripping attack | libpython2.7-minimal:2.7.6-8ubuntu0.2 |
Medium | CVE-2016-1000110 | libpython2.7-minimal | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.3 | Python CGIHandler: sets environmental variable based on user supplied Proxy request header | libpython2.7-minimal:2.7.6-8ubuntu0.2 |
Medium | CVE-2016-5636 | libpython2.7-minimal | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.3 | python: Heap overflow in zipimporter module | libpython2.7-minimal:2.7.6-8ubuntu0.2 |
Medium | CVE-2016-5699 | libpython2.7-minimal | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.3 | python: http protocol steam injection attack | libpython2.7-minimal:2.7.6-8ubuntu0.2 |
Medium | CVE-2017-1000158 | libpython2.7-minimal | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.4 | python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow | libpython2.7-minimal:2.7.6-8ubuntu0.2 |
Medium | CVE-2018-1000802 | libpython2.7-minimal | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.5 | python: Command injection in the shutil module | libpython2.7-minimal:2.7.6-8ubuntu0.2 |
Medium | CVE-2018-14647 | libpython2.7-minimal | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.5 | python: Missing salt initialization in _elementtree.c module | libpython2.7-minimal:2.7.6-8ubuntu0.2 |
Medium | CVE-2016-0772 | libpython2.7-stdlib | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.3 | python: smtplib StartTLS stripping attack | libpython2.7-stdlib:2.7.6-8ubuntu0.2 |
Medium | CVE-2016-1000110 | libpython2.7-stdlib | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.3 | Python CGIHandler: sets environmental variable based on user supplied Proxy request header | libpython2.7-stdlib:2.7.6-8ubuntu0.2 |
Medium | CVE-2016-5636 | libpython2.7-stdlib | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.3 | python: Heap overflow in zipimporter module | libpython2.7-stdlib:2.7.6-8ubuntu0.2 |
Medium | CVE-2016-5699 | libpython2.7-stdlib | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.3 | python: http protocol steam injection attack | libpython2.7-stdlib:2.7.6-8ubuntu0.2 |
Medium | CVE-2017-1000158 | libpython2.7-stdlib | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.4 | python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow | libpython2.7-stdlib:2.7.6-8ubuntu0.2 |
Medium | CVE-2018-1000802 | libpython2.7-stdlib | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.5 | python: Command injection in the shutil module | libpython2.7-stdlib:2.7.6-8ubuntu0.2 |
Medium | CVE-2018-14647 | libpython2.7-stdlib | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.5 | python: Missing salt initialization in _elementtree.c module | libpython2.7-stdlib:2.7.6-8ubuntu0.2 |
Medium | CVE-2016-0772 | libpython3.4-minimal | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.5 | python: smtplib StartTLS stripping attack | libpython3.4-minimal:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2016-1000110 | libpython3.4-minimal | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.5 | Python CGIHandler: sets environmental variable based on user supplied Proxy request header | libpython3.4-minimal:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2016-5636 | libpython3.4-minimal | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.5 | python: Heap overflow in zipimporter module | libpython3.4-minimal:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2016-5699 | libpython3.4-minimal | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.5 | python: http protocol steam injection attack | libpython3.4-minimal:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2017-1000158 | libpython3.4-minimal | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.6 | python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow | libpython3.4-minimal:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2018-1000802 | libpython3.4-minimal | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.7 | python: Command injection in the shutil module | libpython3.4-minimal:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2018-14647 | libpython3.4-minimal | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.7 | python: Missing salt initialization in _elementtree.c module | libpython3.4-minimal:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2016-0772 | libpython3.4-stdlib | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.5 | python: smtplib StartTLS stripping attack | libpython3.4-stdlib:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2016-1000110 | libpython3.4-stdlib | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.5 | Python CGIHandler: sets environmental variable based on user supplied Proxy request header | libpython3.4-stdlib:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2016-5636 | libpython3.4-stdlib | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.5 | python: Heap overflow in zipimporter module | libpython3.4-stdlib:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2016-5699 | libpython3.4-stdlib | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.5 | python: http protocol steam injection attack | libpython3.4-stdlib:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2017-1000158 | libpython3.4-stdlib | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.6 | python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow | libpython3.4-stdlib:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2018-1000802 | libpython3.4-stdlib | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.7 | python: Command injection in the shutil module | libpython3.4-stdlib:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2018-14647 | libpython3.4-stdlib | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.7 | python: Missing salt initialization in _elementtree.c module | libpython3.4-stdlib:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2017-11103 | libroken18-heimdal | 1.6~git20131207+dfsg-1ubuntu1.1 | 1.6~git20131207+dfsg-1ubuntu1.2 | krb5: Metadata taken from the unauthenticated plaintext | libroken18-heimdal:1.6~git20131207+dfsg-1ubuntu1.1 |
Medium | CVE-2016-6303 | libssl1.0.0 | 1.0.1f-1ubuntu2.19 | 1.0.1f-1ubuntu2.20 | openssl: Integer overflow in MDC2_Update() | libssl1.0.0:1.0.1f-1ubuntu2.19 |
Medium | CVE-2016-6306 | libssl1.0.0 | 1.0.1f-1ubuntu2.19 | 1.0.1f-1ubuntu2.20 | openssl: certificate message OOB reads | libssl1.0.0:1.0.1f-1ubuntu2.19 |
Medium | CVE-2016-7056 | libssl1.0.0 | 1.0.1f-1ubuntu2.19 | 1.0.1f-1ubuntu2.22 | openssl: ECDSA P-256 timing attack key recovery | libssl1.0.0:1.0.1f-1ubuntu2.19 |
Medium | CVE-2017-3731 | libssl1.0.0 | 1.0.1f-1ubuntu2.19 | 1.0.1f-1ubuntu2.22 | openssl: Truncated packet could crash via OOB read | libssl1.0.0:1.0.1f-1ubuntu2.19 |
Medium | CVE-2018-0739 | libssl1.0.0 | 1.0.1f-1ubuntu2.19 | 1.0.1f-1ubuntu2.24 | openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service | libssl1.0.0:1.0.1f-1ubuntu2.19 |
Medium | CVE-2017-6891 | libtasn1-6 | 3.4-3ubuntu0.4 | 3.4-3ubuntu0.5 | libtasn1: Stack-based buffer overflow in asn1_find_node() | libtasn1-6:3.4-3ubuntu0.4 |
Medium | CVE-2015-7554 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: Invalid-write in _TIFFVGetField() when parsing some extension tags | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-10092 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: Heap-based buffer overflow in _TIFFFax3fillruns | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-10093 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: Integer overflow in DECLAREreadFunc | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-10094 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: Off-by-one error in t2p_readwrite_pdf_image_tile() causing heap buffer overflow | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-10271 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: Heap-based buffer overflow in tif_fax3.c | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-3186 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.9 | libtiff: buffer overflow in gif2tiff | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-3624 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: out of bounds write in the rgb2ycybr tool | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-3632 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: out-of-bounds write in _TIFFVGetField function | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-3945 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: out-of-bounds write in the tiff2rgba tool | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-3990 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: out-of-bounds write in horizontalDifference8() | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-5314 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: Out-of-bounds write in PixarLogDecode() function | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-5315 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: Out-of-bounds read in setByteArray() function in tif_dir.c | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-5316 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: Out-of-bounds read in PixarLogCleanup() function in tif_pixarlog.c | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-5317 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: Out-of-bounds write in PixarLogDecode() function in libtiff.so | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-5321 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: tiffcrop readSeparateTilesIntoBuffer() memory corruption | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-5322 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: Out-of-bounds read in extractContigSamplesBytes() function | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-8331 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: FAX IFD Entry Parsing Type Confusion | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-9453 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: Out-of-bounds access in t2p_readwrite_pdf_image_tile() | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-9533 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: PixarLog horizontalDifference heap-buffer-overflow | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-9534 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: TIFFFlushData1 heap-buffer-overflow | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2016-9535 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: Predictor heap-buffer-overflow | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2017-5225 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.6 | libtiff: Heap-buffer overflow in tools/tiffcp via crafted BitsPerSample value | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2017-7592 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.8 | libtiff: Left shift of unsigned char without a cast | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2017-7593 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.8 | libtiff: tif_rawdata not properly initialized in tif_read.c | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2017-7594 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.8 | libtiff: Memory leak in OJPEGReadHeaderInfoSecTablesDcTable function | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2017-7595 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.8 | libtiff: Divide-by-zero in JPEGSetupEncode (tiff_jpeg.c) | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2017-7596 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.8 | libtiff: Float out of range issue in tif_dir.c | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2017-7597 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.8 | libtiff: Float out of range issue in tif_dirread.c | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2017-7598 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.8 | libtiff: Divide-by-zero in tif_dirread.c | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2017-7599 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.8 | libtiff: Unsigned short out of range in tif_dirwrite.c | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2017-7600 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.8 | libtiff: Unsigned char out of range in tif_dirwrite.c | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2017-7601 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.8 | libtiff: Signed integer overflow in tif_jpeg.c | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2017-7602 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.8 | libtiff: Signed integer overflow in tif_read.c | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2017-9935 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.9 | libtiff: Heap-based buffer overflow in t2p_write_pdf function | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2017-9936 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.8 | libtiff: memory leak in tif_jbig.c | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2018-16335 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.9 | libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2018-17100 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.10 | libtiff: Integer overflow in multiply_ms in tools/ppm2tiff.c | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2018-17101 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.10 | libtiff: Two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2018-17795 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.9 | libtiff: Heap-based buffer overflow in tiff2pdf.c:t2p_write_pdf() | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2018-18557 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.10 | libtiff: Out-of-bounds write in tif_jbig.c | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2019-7663 | libtiff5 | 4.0.3-7ubuntu0.4 | 4.0.3-7ubuntu0.11 | libtiff: integer overflow in libtiff/tif_dirwrite.c resulting in an invalid pointer dereference | libtiff5:4.0.3-7ubuntu0.4 |
Medium | CVE-2018-1049 | libudev1 | 204-5ubuntu20.19 | 204-5ubuntu20.26 | systemd: automount: access to automounted volumes can lock up | libudev1:204-5ubuntu20.19 |
Medium | CVE-2019-3842 | libudev1 | 204-5ubuntu20.19 | 204-5ubuntu20.31 | systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" | libudev1:204-5ubuntu20.19 |
Medium | CVE-2017-11103 | libwind0-heimdal | 1.6~git20131207+dfsg-1ubuntu1.1 | 1.6~git20131207+dfsg-1ubuntu1.2 | krb5: Metadata taken from the unauthenticated plaintext | libwind0-heimdal:1.6~git20131207+dfsg-1ubuntu1.1 |
Medium | CVE-2018-14598 | libx11-6 | 2:1.6.2-1ubuntu2 | 2:1.6.2-1ubuntu2.1 | libX11: Crash on invalid reply in XListExtensions in ListExt.c | libx11-6:2:1.6.2-1ubuntu2 |
Medium | CVE-2018-14599 | libx11-6 | 2:1.6.2-1ubuntu2 | 2:1.6.2-1ubuntu2.1 | libX11: Off-by-one error in XListExtensions in ListExt.c | libx11-6:2:1.6.2-1ubuntu2 |
Medium | CVE-2018-14600 | libx11-6 | 2:1.6.2-1ubuntu2 | 2:1.6.2-1ubuntu2.1 | libX11: Out of Bounds write in XListExtensions in ListExt.c | libx11-6:2:1.6.2-1ubuntu2 |
Medium | CVE-2018-14598 | libx11-data | 2:1.6.2-1ubuntu2 | 2:1.6.2-1ubuntu2.1 | libX11: Crash on invalid reply in XListExtensions in ListExt.c | libx11-data:2:1.6.2-1ubuntu2 |
Medium | CVE-2018-14599 | libx11-data | 2:1.6.2-1ubuntu2 | 2:1.6.2-1ubuntu2.1 | libX11: Off-by-one error in XListExtensions in ListExt.c | libx11-data:2:1.6.2-1ubuntu2 |
Medium | CVE-2018-14600 | libx11-data | 2:1.6.2-1ubuntu2 | 2:1.6.2-1ubuntu2.1 | libX11: Out of Bounds write in XListExtensions in ListExt.c | libx11-data:2:1.6.2-1ubuntu2 |
Medium | CVE-2016-4658 | libxml2 | 2.9.1+dfsg1-3ubuntu4.8 | 2.9.1+dfsg1-3ubuntu4.9 | libxml2: Use after free via namespace node in XPointer ranges | libxml2:2.9.1+dfsg1-3ubuntu4.8 |
Medium | CVE-2016-5131 | libxml2 | 2.9.1+dfsg1-3ubuntu4.8 | 2.9.1+dfsg1-3ubuntu4.9 | libxml2: Use after free triggered by XPointer paths beginning with range-to | libxml2:2.9.1+dfsg1-3ubuntu4.8 |
Medium | CVE-2017-0663 | libxml2 | 2.9.1+dfsg1-3ubuntu4.8 | 2.9.1+dfsg1-3ubuntu4.10 | libxml2: Heap buffer overflow in xmlAddID | libxml2:2.9.1+dfsg1-3ubuntu4.8 |
Medium | CVE-2017-15412 | libxml2 | 2.9.1+dfsg1-3ubuntu4.8 | 2.9.1+dfsg1-3ubuntu4.12 | libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c | libxml2:2.9.1+dfsg1-3ubuntu4.8 |
Medium | CVE-2017-7375 | libxml2 | 2.9.1+dfsg1-3ubuntu4.8 | 2.9.1+dfsg1-3ubuntu4.10 | libxml2: Missing validation for external entities in xmlParsePEReference | libxml2:2.9.1+dfsg1-3ubuntu4.8 |
Medium | CVE-2017-7376 | libxml2 | 2.9.1+dfsg1-3ubuntu4.8 | 2.9.1+dfsg1-3ubuntu4.10 | libxml2: Incorrect limit used for port values | libxml2:2.9.1+dfsg1-3ubuntu4.8 |
Medium | CVE-2017-9047 | libxml2 | 2.9.1+dfsg1-3ubuntu4.8 | 2.9.1+dfsg1-3ubuntu4.10 | libxml2: Buffer overflow in function xmlSnprintfElementContent | libxml2:2.9.1+dfsg1-3ubuntu4.8 |
Medium | CVE-2017-9048 | libxml2 | 2.9.1+dfsg1-3ubuntu4.8 | 2.9.1+dfsg1-3ubuntu4.10 | libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent | libxml2:2.9.1+dfsg1-3ubuntu4.8 |
Medium | CVE-2017-9049 | libxml2 | 2.9.1+dfsg1-3ubuntu4.8 | 2.9.1+dfsg1-3ubuntu4.10 | libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey | libxml2:2.9.1+dfsg1-3ubuntu4.8 |
Medium | CVE-2017-9050 | libxml2 | 2.9.1+dfsg1-3ubuntu4.8 | 2.9.1+dfsg1-3ubuntu4.10 | libxml2: Heap-based buffer over-read in function xmlDictAddString | libxml2:2.9.1+dfsg1-3ubuntu4.8 |
Medium | CVE-2018-14404 | libxml2 | 2.9.1+dfsg1-3ubuntu4.8 | 2.9.1+dfsg1-3ubuntu4.13 | libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c | libxml2:2.9.1+dfsg1-3ubuntu4.8 |
Medium | CVE-2018-14567 | libxml2 | 2.9.1+dfsg1-3ubuntu4.8 | 2.9.1+dfsg1-3ubuntu4.13 | libxml2: Infinite loop caused by incorrect error detection during LZMA decompression | libxml2:2.9.1+dfsg1-3ubuntu4.8 |
Medium | CVE-2016-10164 | libxpm4 | 1:3.5.10-1 | 1:3.5.10-1ubuntu0.1 | libXpm: Out-of-bounds write in XPM extension parsing | libxpm4:1:3.5.10-1 |
Medium | CVE-2016-6252 | login | 1:4.1.5.1-1ubuntu9.2 | 1:4.1.5.1-1ubuntu9.4 | shadow-utils: Incorrect integer handling results in LPE | login:1:4.1.5.1-1ubuntu9.2 |
Medium | CVE-2017-2616 | login | 1:4.1.5.1-1ubuntu9.2 | 1:4.1.5.1-1ubuntu9.4 | util-linux: Sending SIGKILL to other processes with root privileges via su | login:1:4.1.5.1-1ubuntu9.2 |
Medium | CVE-2015-8982 | multiarch-support | 2.19-0ubuntu6.9 | 2.19-0ubuntu6.10 | glibc: multiple overflows in strxfrm() | multiarch-support:2.19-0ubuntu6.9 |
Medium | CVE-2015-8983 | multiarch-support | 2.19-0ubuntu6.9 | 2.19-0ubuntu6.10 | glibc: _IO_wstr_overflow integer overflow | multiarch-support:2.19-0ubuntu6.9 |
Medium | CVE-2015-8984 | multiarch-support | 2.19-0ubuntu6.9 | 2.19-0ubuntu6.10 | glibc: potential denial of service in internal_fnmatch() | multiarch-support:2.19-0ubuntu6.9 |
Medium | CVE-2017-1000366 | multiarch-support | 2.19-0ubuntu6.9 | 2.19-0ubuntu6.13 | glibc: heap/stack gap jumping via unbounded stack allocations | multiarch-support:2.19-0ubuntu6.9 |
Medium | CVE-2016-3477 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.50-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-3492 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.52-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: Optimizer (CPU October 2016) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-3521 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.50-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: Types (CPU July 2016) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-3615 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.50-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: DML (CPU July 2016) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-5440 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.50-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: RBR (CPU July 2016) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-5584 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.53-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: Security: Encryption (CPU October 2016) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-5612 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.52-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-5624 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.52-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: DML (CPU October 2016) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-5626 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.52-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: GIS (CPU October 2016) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-5629 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.52-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: Federated (CPU October 2016) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-6662 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.52-0ubuntu0.14.04.1 | mysql: general_log can write to configuration files, leading to privilege escalation (CPU Oct 2016) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-6663 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.52-0ubuntu0.14.04.1 | CVE-2016-5616 CVE-2016-6663 mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-6664 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.52-0ubuntu0.14.04.1 | CVE-2016-5617 mysql: insecure error log file handling in mysqld_safe (CPU Oct 2016) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-7440 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.53-0ubuntu0.14.04.1 | yaSSL: AES key leak via cache-bank timing side channel attack | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2016-8283 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.52-0ubuntu0.14.04.1 | mysql: unspecified vulnerability in subcomponent: Server: Types (CPU October 2016) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-10268 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.58-0ubuntu0.14.04.1 | mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-10378 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.58-0ubuntu0.14.04.1 | mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-10379 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.58-0ubuntu0.14.04.1 | mysql: Client programs unspecified vulnerability (CPU Oct 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-10384 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.58-0ubuntu0.14.04.1 | mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3238 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3243 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: Server: Charsets unspecified vulnerability (CPU Jan 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3244 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: Server: DML unspecified vulnerability (CPU Jan 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3258 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: Server: DDL unspecified vulnerability (CPU Jan 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3265 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: unsafe chmod/chown use in init script (CPU Jan 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3291 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: unrestricted mysqld_safe's ledir (CPU Jan 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3305 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: incorrect enforcement of ssl-mode=REQUIRED in MySQL 5.5 and 5.6 | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3308 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: Server: DML unspecified vulnerability (CPU Apr 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3309 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3312 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 fix (CPU Jan 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3313 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: Server: MyISAM unspecified vulnerability (CPU Jan 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3317 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: Logging unspecified vulnerability (CPU Jan 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3318 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.54-0ubuntu0.14.04.1 | mysql: Server: Error Handling unspecified vulnerability (CPU Jan 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3329 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: Server: Thread Pooling unspecified vulnerability (CPU Apr 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3453 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3456 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: Server: DML unspecified vulnerability (CPU Apr 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3461 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3462 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3463 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3464 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mysql: Server: DDL unspecified vulnerability (CPU Apr 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3600 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.55-0ubuntu0.14.04.1 | mariadb, mysql: Incorrect input validation allowing code execution via mysqldump | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3635 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.57-0ubuntu0.14.04.1 | mysql: C API unspecified vulnerability (CPU Jul 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3636 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.57-0ubuntu0.14.04.1 | mysql: Client programs unspecified vulnerability (CPU Jul 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3641 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.57-0ubuntu0.14.04.1 | mysql: Server: DML unspecified vulnerability (CPU Jul 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3648 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.57-0ubuntu0.14.04.1 | mysql: Server: Charsets unspecified vulnerability (CPU Jul 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3651 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.57-0ubuntu0.14.04.1 | mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3652 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.57-0ubuntu0.14.04.1 | mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2017-3653 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.57-0ubuntu0.14.04.1 | mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2562 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.59-0ubuntu0.14.04.1 | mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2622 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.59-0ubuntu0.14.04.1 | mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2640 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.59-0ubuntu0.14.04.1 | mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2665 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.59-0ubuntu0.14.04.1 | mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2668 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.59-0ubuntu0.14.04.1 | mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2755 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.60-0ubuntu0.14.04.1 | mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2761 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.60-0ubuntu0.14.04.1 | mysql: Client programs unspecified vulnerability (CPU Apr 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2767 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.61-0ubuntu0.14.04.1 | mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2771 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.60-0ubuntu0.14.04.1 | mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2773 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.60-0ubuntu0.14.04.1 | mysql: pid file can be created in a world-writeable directory (CPU Apr 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2781 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.60-0ubuntu0.14.04.1 | mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2813 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.60-0ubuntu0.14.04.1 | mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2817 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.60-0ubuntu0.14.04.1 | mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2818 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.60-0ubuntu0.14.04.1 | mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-2819 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.60-0ubuntu0.14.04.1 | mysql: InnoDB unspecified vulnerability (CPU Apr 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-3058 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.61-0ubuntu0.14.04.1 | mysql: MyISAM unspecified vulnerability (CPU Jul 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-3063 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.61-0ubuntu0.14.04.1 | mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-3066 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.61-0ubuntu0.14.04.1 | mysql: Server: Options unspecified vulnerability (CPU Jul 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-3070 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.61-0ubuntu0.14.04.1 | mysql: Client mysqldump unspecified vulnerability (CPU Jul 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-3081 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.61-0ubuntu0.14.04.1 | mysql: Client programs unspecified vulnerability (CPU Jul 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-3133 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.62-0ubuntu0.14.04.1 | mysql: Server: Parser unspecified vulnerability (CPU Oct 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-3174 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.62-0ubuntu0.14.04.1 | mysql: Init script calling kill with root privileges using pid from pidfile owned by mysql user (CPU Oct 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2018-3282 | mysql-common | 5.5.49-0ubuntu0.14.04.1 | 5.5.62-0ubuntu0.14.04.1 | mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) | mysql-common:5.5.49-0ubuntu0.14.04.1 |
Medium | CVE-2015-7977 | ntpdate | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.8 | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 | ntp: restriction list NULL pointer dereference | ntpdate:1:4.2.6.p5+dfsg-3ubuntu2.14.04.8 |
Medium | CVE-2015-7978 | ntpdate | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.8 | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 | ntp: stack exhaustion in recursive traversal of restriction list | ntpdate:1:4.2.6.p5+dfsg-3ubuntu2.14.04.8 |
Medium | CVE-2015-8138 | ntpdate | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.8 | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 | ntp: missing check for zero originate timestamp | ntpdate:1:4.2.6.p5+dfsg-3ubuntu2.14.04.8 |
Medium | CVE-2016-1547 | ntpdate | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.8 | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 | ntp: crypto-NAK preemptable association denial of service | ntpdate:1:4.2.6.p5+dfsg-3ubuntu2.14.04.8 |
Medium | CVE-2016-1548 | ntpdate | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.8 | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 | ntp: ntpd switching to interleaved mode with spoofed packets | ntpdate:1:4.2.6.p5+dfsg-3ubuntu2.14.04.8 |
Medium | CVE-2016-1550 | ntpdate | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.8 | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 | ntp: libntp message digest disclosure | ntpdate:1:4.2.6.p5+dfsg-3ubuntu2.14.04.8 |
Medium | CVE-2016-2516 | ntpdate | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.8 | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 | ntp: assertion failure in ntpd on duplicate IPs on unconfig directives | ntpdate:1:4.2.6.p5+dfsg-3ubuntu2.14.04.8 |
Medium | CVE-2018-7183 | ntpdate | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.8 | 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13 | ntp: decodearr() can write beyond its buffer limit | ntpdate:1:4.2.6.p5+dfsg-3ubuntu2.14.04.8 |
Medium | CVE-2016-6303 | openssl | 1.0.1f-1ubuntu2.19 | 1.0.1f-1ubuntu2.20 | openssl: Integer overflow in MDC2_Update() | openssl:1.0.1f-1ubuntu2.19 |
Medium | CVE-2016-6306 | openssl | 1.0.1f-1ubuntu2.19 | 1.0.1f-1ubuntu2.20 | openssl: certificate message OOB reads | openssl:1.0.1f-1ubuntu2.19 |
Medium | CVE-2016-7056 | openssl | 1.0.1f-1ubuntu2.19 | 1.0.1f-1ubuntu2.22 | openssl: ECDSA P-256 timing attack key recovery | openssl:1.0.1f-1ubuntu2.19 |
Medium | CVE-2017-3731 | openssl | 1.0.1f-1ubuntu2.19 | 1.0.1f-1ubuntu2.22 | openssl: Truncated packet could crash via OOB read | openssl:1.0.1f-1ubuntu2.19 |
Medium | CVE-2018-0739 | openssl | 1.0.1f-1ubuntu2.19 | 1.0.1f-1ubuntu2.24 | openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service | openssl:1.0.1f-1ubuntu2.19 |
Medium | CVE-2016-6252 | passwd | 1:4.1.5.1-1ubuntu9.2 | 1:4.1.5.1-1ubuntu9.4 | shadow-utils: Incorrect integer handling results in LPE | passwd:1:4.1.5.1-1ubuntu9.2 |
Medium | CVE-2017-2616 | passwd | 1:4.1.5.1-1ubuntu9.2 | 1:4.1.5.1-1ubuntu9.4 | util-linux: Sending SIGKILL to other processes with root privileges via su | passwd:1:4.1.5.1-1ubuntu9.2 |
Medium | CVE-2017-12837 | perl | 5.18.2-2ubuntu1.1 | 5.18.2-2ubuntu1.3 | perl: Heap buffer overflow in regular expression compiler | perl:5.18.2-2ubuntu1.1 |
Medium | CVE-2017-12883 | perl | 5.18.2-2ubuntu1.1 | 5.18.2-2ubuntu1.3 | perl: Buffer over-read in regular expression parser | perl:5.18.2-2ubuntu1.1 |
Medium | CVE-2018-12015 | perl | 5.18.2-2ubuntu1.1 | 5.18.2-2ubuntu1.6 | perl: Directory traversal in Archive::Tar | perl:5.18.2-2ubuntu1.1 |
Medium | CVE-2018-18311 | perl | 5.18.2-2ubuntu1.1 | 5.18.2-2ubuntu1.7 | perl: Integer overflow leading to buffer overflow in Perl_my_setenv() | perl:5.18.2-2ubuntu1.1 |
Medium | CVE-2018-18313 | perl | 5.18.2-2ubuntu1.1 | 5.18.2-2ubuntu1.7 | perl: Heap-based buffer read overflow in S_grok_bslash_N() | perl:5.18.2-2ubuntu1.1 |
Medium | CVE-2018-6913 | perl | 5.18.2-2ubuntu1.1 | 5.18.2-2ubuntu1.4 | perl: heap buffer overflow in pp_pack.c | perl:5.18.2-2ubuntu1.1 |
Medium | CVE-2017-12837 | perl-base | 5.18.2-2ubuntu1.1 | 5.18.2-2ubuntu1.3 | perl: Heap buffer overflow in regular expression compiler | perl-base:5.18.2-2ubuntu1.1 |
Medium | CVE-2017-12883 | perl-base | 5.18.2-2ubuntu1.1 | 5.18.2-2ubuntu1.3 | perl: Buffer over-read in regular expression parser | perl-base:5.18.2-2ubuntu1.1 |
Medium | CVE-2018-12015 | perl-base | 5.18.2-2ubuntu1.1 | 5.18.2-2ubuntu1.6 | perl: Directory traversal in Archive::Tar | perl-base:5.18.2-2ubuntu1.1 |
Medium | CVE-2018-18311 | perl-base | 5.18.2-2ubuntu1.1 | 5.18.2-2ubuntu1.7 | perl: Integer overflow leading to buffer overflow in Perl_my_setenv() | perl-base:5.18.2-2ubuntu1.1 |
Medium | CVE-2018-18313 | perl-base | 5.18.2-2ubuntu1.1 | 5.18.2-2ubuntu1.7 | perl: Heap-based buffer read overflow in S_grok_bslash_N() | perl-base:5.18.2-2ubuntu1.1 |
Medium | CVE-2018-6913 | perl-base | 5.18.2-2ubuntu1.1 | 5.18.2-2ubuntu1.4 | perl: heap buffer overflow in pp_pack.c | perl-base:5.18.2-2ubuntu1.1 |
Medium | CVE-2017-12837 | perl-modules | 5.18.2-2ubuntu1.1 | 5.18.2-2ubuntu1.3 | perl: Heap buffer overflow in regular expression compiler | perl-modules:5.18.2-2ubuntu1.1 |
Medium | CVE-2017-12883 | perl-modules | 5.18.2-2ubuntu1.1 | 5.18.2-2ubuntu1.3 | perl: Buffer over-read in regular expression parser | perl-modules:5.18.2-2ubuntu1.1 |
Medium | CVE-2018-12015 | perl-modules | 5.18.2-2ubuntu1.1 | 5.18.2-2ubuntu1.6 | perl: Directory traversal in Archive::Tar | perl-modules:5.18.2-2ubuntu1.1 |
Medium | CVE-2018-18311 | perl-modules | 5.18.2-2ubuntu1.1 | 5.18.2-2ubuntu1.7 | perl: Integer overflow leading to buffer overflow in Perl_my_setenv() | perl-modules:5.18.2-2ubuntu1.1 |
Medium | CVE-2018-18313 | perl-modules | 5.18.2-2ubuntu1.1 | 5.18.2-2ubuntu1.7 | perl: Heap-based buffer read overflow in S_grok_bslash_N() | perl-modules:5.18.2-2ubuntu1.1 |
Medium | CVE-2018-6913 | perl-modules | 5.18.2-2ubuntu1.1 | 5.18.2-2ubuntu1.4 | perl: heap buffer overflow in pp_pack.c | perl-modules:5.18.2-2ubuntu1.1 |
Medium | CVE-2015-8876 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Zend/zend_exceptions.c does not validate certain Exception objects | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2015-8935 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: HTTP response splitting in header() function | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-10160 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-10397 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect handling of URI components in URL parser | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5385 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | PHP: sets environmental variable based on user supplied Proxy request header | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5399 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Improper error handling in bzread() | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5768 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Double free in _php_mb_regex_ereg_replace_exec | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5769 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5772 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Double Free Corruption in wddx_deserialize | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6288 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Buffer over-read in php_url_parse_ex | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6289 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Integer overflow leads to buffer overflow in virtual_file_ex | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6290 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Use after free in unserialize() with Unexpected Session Deserialization | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6291 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6292 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Null pointer dereference in exif_process_user_comment | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6294 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Out-of-bounds access in locale_accept_from_http | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6295 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Use after free in SNMP with GC and unserialize() | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6296 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6297 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Stack-based buffer overflow vulnerability in php_stream_zip_opener | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7127 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: imagegammacorrect allows arbitrary write access | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7129 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize allows illegal memory access | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7130 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7131 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference with invalid xml | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7132 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference in php_wddx_pop_element | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7411 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Memory corruption when destructing deserialized object | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7412 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7413 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Use after free in wddx_deserialize | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7414 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7417 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Missing type check when unserializing SplArray | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7478 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Unserialize Exception object can lead to infinite loop | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7479 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-9934 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-9935 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Invalid read when wddx decodes empty boolean element | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11143 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect WDDX deserialization of boolean parameters leads to DoS | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11144 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect return value check of OpenSSL sealing function leads to crash | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11145 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: wddx_deserialize() heap out-of-bound read via php_parse_date() | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11147 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Out-of-bounds read in phar_parse_pharfile | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11628 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9224 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds stack read in match_at() during regular expression searching | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9226 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9227 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9228 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds heap write in bitset_set_range() | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9229 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Invalid pointer dereference in left_adjust_char_head() | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10545 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Dumpable FPM child processes allow bypassing opcache access controls | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10546 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10547 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Reflected XSS vulnerability on PHAR 403 and 404 error pages | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10548 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-14883 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.26 | php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract() | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-17082 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.26 | php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-5712 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.23 | php: Reflected XSS on PHAR 404 page | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-7584 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.24 | php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9020 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Invalid memory access in function xmlrpc_decode() | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9021 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Heap-based buffer over-read in PHAR reading functions | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9022 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: memcpy with negative length via crafted DNS response | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9023 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Heap-based buffer over-read in mbstring regular expression functions | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9024 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9638 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_MAKERNOTE | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9639 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_MAKERNOTE | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9640 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Invalid read in exif_process_SOFn() | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9641 | php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_TIFF | php5:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2015-8876 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Zend/zend_exceptions.c does not validate certain Exception objects | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2015-8935 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: HTTP response splitting in header() function | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-10160 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-10397 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect handling of URI components in URL parser | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5385 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | PHP: sets environmental variable based on user supplied Proxy request header | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5399 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Improper error handling in bzread() | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5768 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Double free in _php_mb_regex_ereg_replace_exec | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5769 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5772 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Double Free Corruption in wddx_deserialize | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6288 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Buffer over-read in php_url_parse_ex | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6289 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Integer overflow leads to buffer overflow in virtual_file_ex | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6290 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Use after free in unserialize() with Unexpected Session Deserialization | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6291 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6292 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Null pointer dereference in exif_process_user_comment | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6294 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Out-of-bounds access in locale_accept_from_http | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6295 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Use after free in SNMP with GC and unserialize() | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6296 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6297 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Stack-based buffer overflow vulnerability in php_stream_zip_opener | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7127 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: imagegammacorrect allows arbitrary write access | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7129 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize allows illegal memory access | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7130 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7131 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference with invalid xml | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7132 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference in php_wddx_pop_element | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7411 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Memory corruption when destructing deserialized object | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7412 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7413 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Use after free in wddx_deserialize | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7414 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7417 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Missing type check when unserializing SplArray | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7478 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Unserialize Exception object can lead to infinite loop | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7479 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-9934 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-9935 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Invalid read when wddx decodes empty boolean element | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11143 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect WDDX deserialization of boolean parameters leads to DoS | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11144 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect return value check of OpenSSL sealing function leads to crash | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11145 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: wddx_deserialize() heap out-of-bound read via php_parse_date() | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11147 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Out-of-bounds read in phar_parse_pharfile | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11628 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9224 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds stack read in match_at() during regular expression searching | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9226 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9227 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9228 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds heap write in bitset_set_range() | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9229 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Invalid pointer dereference in left_adjust_char_head() | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10545 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Dumpable FPM child processes allow bypassing opcache access controls | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10546 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10547 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Reflected XSS vulnerability on PHAR 403 and 404 error pages | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10548 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-14883 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.26 | php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract() | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-17082 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.26 | php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-5712 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.23 | php: Reflected XSS on PHAR 404 page | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-7584 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.24 | php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9020 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Invalid memory access in function xmlrpc_decode() | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9021 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Heap-based buffer over-read in PHAR reading functions | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9022 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: memcpy with negative length via crafted DNS response | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9023 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Heap-based buffer over-read in mbstring regular expression functions | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9024 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9638 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_MAKERNOTE | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9639 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_MAKERNOTE | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9640 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Invalid read in exif_process_SOFn() | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9641 | php5-cli | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_TIFF | php5-cli:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2015-8876 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Zend/zend_exceptions.c does not validate certain Exception objects | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2015-8935 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: HTTP response splitting in header() function | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-10160 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-10397 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect handling of URI components in URL parser | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5385 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | PHP: sets environmental variable based on user supplied Proxy request header | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5399 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Improper error handling in bzread() | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5768 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Double free in _php_mb_regex_ereg_replace_exec | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5769 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5772 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Double Free Corruption in wddx_deserialize | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6288 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Buffer over-read in php_url_parse_ex | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6289 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Integer overflow leads to buffer overflow in virtual_file_ex | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6290 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Use after free in unserialize() with Unexpected Session Deserialization | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6291 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6292 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Null pointer dereference in exif_process_user_comment | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6294 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Out-of-bounds access in locale_accept_from_http | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6295 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Use after free in SNMP with GC and unserialize() | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6296 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6297 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Stack-based buffer overflow vulnerability in php_stream_zip_opener | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7127 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: imagegammacorrect allows arbitrary write access | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7129 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize allows illegal memory access | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7130 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7131 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference with invalid xml | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7132 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference in php_wddx_pop_element | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7411 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Memory corruption when destructing deserialized object | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7412 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7413 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Use after free in wddx_deserialize | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7414 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7417 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Missing type check when unserializing SplArray | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7478 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Unserialize Exception object can lead to infinite loop | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7479 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-9934 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-9935 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Invalid read when wddx decodes empty boolean element | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11143 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect WDDX deserialization of boolean parameters leads to DoS | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11144 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect return value check of OpenSSL sealing function leads to crash | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11145 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: wddx_deserialize() heap out-of-bound read via php_parse_date() | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11147 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Out-of-bounds read in phar_parse_pharfile | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11628 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9224 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds stack read in match_at() during regular expression searching | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9226 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9227 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9228 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds heap write in bitset_set_range() | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9229 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Invalid pointer dereference in left_adjust_char_head() | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10545 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Dumpable FPM child processes allow bypassing opcache access controls | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10546 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10547 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Reflected XSS vulnerability on PHAR 403 and 404 error pages | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10548 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-14883 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.26 | php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract() | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-17082 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.26 | php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-5712 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.23 | php: Reflected XSS on PHAR 404 page | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-7584 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.24 | php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9020 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Invalid memory access in function xmlrpc_decode() | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9021 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Heap-based buffer over-read in PHAR reading functions | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9022 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: memcpy with negative length via crafted DNS response | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9023 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Heap-based buffer over-read in mbstring regular expression functions | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9024 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9638 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_MAKERNOTE | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9639 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_MAKERNOTE | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9640 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Invalid read in exif_process_SOFn() | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9641 | php5-common | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_TIFF | php5-common:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2015-8876 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Zend/zend_exceptions.c does not validate certain Exception objects | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2015-8935 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: HTTP response splitting in header() function | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-10160 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-10397 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect handling of URI components in URL parser | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5385 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | PHP: sets environmental variable based on user supplied Proxy request header | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5399 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Improper error handling in bzread() | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5768 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Double free in _php_mb_regex_ereg_replace_exec | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5769 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5772 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Double Free Corruption in wddx_deserialize | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6288 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Buffer over-read in php_url_parse_ex | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6289 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Integer overflow leads to buffer overflow in virtual_file_ex | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6290 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Use after free in unserialize() with Unexpected Session Deserialization | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6291 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6292 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Null pointer dereference in exif_process_user_comment | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6294 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Out-of-bounds access in locale_accept_from_http | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6295 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Use after free in SNMP with GC and unserialize() | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6296 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6297 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Stack-based buffer overflow vulnerability in php_stream_zip_opener | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7127 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: imagegammacorrect allows arbitrary write access | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7129 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize allows illegal memory access | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7130 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7131 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference with invalid xml | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7132 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference in php_wddx_pop_element | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7411 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Memory corruption when destructing deserialized object | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7412 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7413 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Use after free in wddx_deserialize | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7414 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7417 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Missing type check when unserializing SplArray | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7478 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Unserialize Exception object can lead to infinite loop | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7479 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-9934 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-9935 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Invalid read when wddx decodes empty boolean element | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11143 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect WDDX deserialization of boolean parameters leads to DoS | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11144 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect return value check of OpenSSL sealing function leads to crash | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11145 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: wddx_deserialize() heap out-of-bound read via php_parse_date() | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11147 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Out-of-bounds read in phar_parse_pharfile | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11628 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9224 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds stack read in match_at() during regular expression searching | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9226 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9227 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9228 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds heap write in bitset_set_range() | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9229 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Invalid pointer dereference in left_adjust_char_head() | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10545 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Dumpable FPM child processes allow bypassing opcache access controls | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10546 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10547 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Reflected XSS vulnerability on PHAR 403 and 404 error pages | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10548 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-14883 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.26 | php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract() | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-17082 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.26 | php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-5712 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.23 | php: Reflected XSS on PHAR 404 page | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-7584 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.24 | php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9020 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Invalid memory access in function xmlrpc_decode() | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9021 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Heap-based buffer over-read in PHAR reading functions | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9022 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: memcpy with negative length via crafted DNS response | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9023 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Heap-based buffer over-read in mbstring regular expression functions | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9024 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9638 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_MAKERNOTE | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9639 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_MAKERNOTE | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9640 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Invalid read in exif_process_SOFn() | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9641 | php5-gd | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_TIFF | php5-gd:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-19518 | php5-imap | 5.4.6-0ubuntu5 | 5.4.6-0ubuntu5.1 | php: imap_open() allows running arbitrary shell commands via mailbox parameter | php5-imap:5.4.6-0ubuntu5 |
Medium | CVE-2018-19935 | php5-imap | 5.4.6-0ubuntu5 | 5.4.6-0ubuntu5.1 | php: NULL pointer dereference in ext/imap/php_imap.c resulting in a denial of service | php5-imap:5.4.6-0ubuntu5 |
Medium | CVE-2015-8876 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Zend/zend_exceptions.c does not validate certain Exception objects | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2015-8935 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: HTTP response splitting in header() function | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-10160 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-10397 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect handling of URI components in URL parser | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5385 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | PHP: sets environmental variable based on user supplied Proxy request header | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5399 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Improper error handling in bzread() | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5768 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Double free in _php_mb_regex_ereg_replace_exec | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5769 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5772 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Double Free Corruption in wddx_deserialize | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6288 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Buffer over-read in php_url_parse_ex | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6289 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Integer overflow leads to buffer overflow in virtual_file_ex | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6290 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Use after free in unserialize() with Unexpected Session Deserialization | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6291 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6292 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Null pointer dereference in exif_process_user_comment | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6294 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Out-of-bounds access in locale_accept_from_http | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6295 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Use after free in SNMP with GC and unserialize() | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6296 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6297 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Stack-based buffer overflow vulnerability in php_stream_zip_opener | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7127 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: imagegammacorrect allows arbitrary write access | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7129 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize allows illegal memory access | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7130 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7131 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference with invalid xml | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7132 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference in php_wddx_pop_element | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7411 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Memory corruption when destructing deserialized object | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7412 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7413 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Use after free in wddx_deserialize | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7414 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7417 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Missing type check when unserializing SplArray | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7478 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Unserialize Exception object can lead to infinite loop | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7479 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-9934 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-9935 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Invalid read when wddx decodes empty boolean element | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11143 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect WDDX deserialization of boolean parameters leads to DoS | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11144 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect return value check of OpenSSL sealing function leads to crash | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11145 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: wddx_deserialize() heap out-of-bound read via php_parse_date() | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11147 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Out-of-bounds read in phar_parse_pharfile | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11628 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9224 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds stack read in match_at() during regular expression searching | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9226 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9227 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9228 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds heap write in bitset_set_range() | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9229 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Invalid pointer dereference in left_adjust_char_head() | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10545 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Dumpable FPM child processes allow bypassing opcache access controls | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10546 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10547 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Reflected XSS vulnerability on PHAR 403 and 404 error pages | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10548 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-14883 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.26 | php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract() | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-17082 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.26 | php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-5712 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.23 | php: Reflected XSS on PHAR 404 page | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-7584 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.24 | php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9020 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Invalid memory access in function xmlrpc_decode() | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9021 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Heap-based buffer over-read in PHAR reading functions | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9022 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: memcpy with negative length via crafted DNS response | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9023 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Heap-based buffer over-read in mbstring regular expression functions | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9024 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9638 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_MAKERNOTE | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9639 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_MAKERNOTE | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9640 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Invalid read in exif_process_SOFn() | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9641 | php5-ldap | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_TIFF | php5-ldap:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2015-8876 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Zend/zend_exceptions.c does not validate certain Exception objects | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2015-8935 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: HTTP response splitting in header() function | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-10160 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-10397 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect handling of URI components in URL parser | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5385 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | PHP: sets environmental variable based on user supplied Proxy request header | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5399 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Improper error handling in bzread() | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5768 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Double free in _php_mb_regex_ereg_replace_exec | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5769 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5772 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Double Free Corruption in wddx_deserialize | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6288 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Buffer over-read in php_url_parse_ex | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6289 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Integer overflow leads to buffer overflow in virtual_file_ex | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6290 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Use after free in unserialize() with Unexpected Session Deserialization | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6291 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6292 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Null pointer dereference in exif_process_user_comment | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6294 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Out-of-bounds access in locale_accept_from_http | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6295 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Use after free in SNMP with GC and unserialize() | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6296 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6297 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Stack-based buffer overflow vulnerability in php_stream_zip_opener | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7127 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: imagegammacorrect allows arbitrary write access | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7129 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize allows illegal memory access | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7130 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7131 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference with invalid xml | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7132 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference in php_wddx_pop_element | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7411 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Memory corruption when destructing deserialized object | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7412 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7413 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Use after free in wddx_deserialize | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7414 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7417 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Missing type check when unserializing SplArray | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7478 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Unserialize Exception object can lead to infinite loop | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7479 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-9934 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-9935 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Invalid read when wddx decodes empty boolean element | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11143 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect WDDX deserialization of boolean parameters leads to DoS | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11144 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect return value check of OpenSSL sealing function leads to crash | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11145 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: wddx_deserialize() heap out-of-bound read via php_parse_date() | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11147 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Out-of-bounds read in phar_parse_pharfile | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11628 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9224 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds stack read in match_at() during regular expression searching | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9226 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9227 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9228 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds heap write in bitset_set_range() | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9229 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Invalid pointer dereference in left_adjust_char_head() | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10545 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Dumpable FPM child processes allow bypassing opcache access controls | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10546 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10547 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Reflected XSS vulnerability on PHAR 403 and 404 error pages | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10548 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-14883 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.26 | php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract() | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-17082 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.26 | php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-5712 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.23 | php: Reflected XSS on PHAR 404 page | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-7584 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.24 | php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9020 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Invalid memory access in function xmlrpc_decode() | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9021 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Heap-based buffer over-read in PHAR reading functions | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9022 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: memcpy with negative length via crafted DNS response | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9023 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Heap-based buffer over-read in mbstring regular expression functions | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9024 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9638 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_MAKERNOTE | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9639 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_MAKERNOTE | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9640 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Invalid read in exif_process_SOFn() | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9641 | php5-mysql | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_TIFF | php5-mysql:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2015-8876 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Zend/zend_exceptions.c does not validate certain Exception objects | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2015-8935 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: HTTP response splitting in header() function | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-10160 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-10397 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect handling of URI components in URL parser | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5385 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | PHP: sets environmental variable based on user supplied Proxy request header | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5399 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Improper error handling in bzread() | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5768 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Double free in _php_mb_regex_ereg_replace_exec | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5769 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-5772 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Double Free Corruption in wddx_deserialize | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6288 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Buffer over-read in php_url_parse_ex | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6289 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Integer overflow leads to buffer overflow in virtual_file_ex | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6290 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Use after free in unserialize() with Unexpected Session Deserialization | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6291 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Out-of-bounds access in exif_process_IFD_in_MAKERNOTE | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6292 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Null pointer dereference in exif_process_user_comment | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6294 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Out-of-bounds access in locale_accept_from_http | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6295 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Use after free in SNMP with GC and unserialize() | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6296 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-6297 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Stack-based buffer overflow vulnerability in php_stream_zip_opener | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7127 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: imagegammacorrect allows arbitrary write access | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7129 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize allows illegal memory access | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7130 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7131 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference with invalid xml | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7132 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: wddx_deserialize null dereference in php_wddx_pop_element | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7411 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Memory corruption when destructing deserialized object | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7412 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7413 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Use after free in wddx_deserialize | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7414 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7417 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.20 | php: Missing type check when unserializing SplArray | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7478 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Unserialize Exception object can lead to infinite loop | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-7479 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-9934 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2016-9935 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Invalid read when wddx decodes empty boolean element | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11143 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect WDDX deserialization of boolean parameters leads to DoS | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11144 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Incorrect return value check of OpenSSL sealing function leads to crash | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11145 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: wddx_deserialize() heap out-of-bound read via php_parse_date() | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11147 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Out-of-bounds read in phar_parse_pharfile | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-11628 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Stack based 1-byte buffer over-write in zend_ini_do_op() function Zend/zend_ini_parser.c | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9224 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds stack read in match_at() during regular expression searching | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9226 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Heap buffer overflow in next_state_val() during regular expression compilation | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9227 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds stack read in mbc_enc_len() during regular expression searching | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9228 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Out-of-bounds heap write in bitset_set_range() | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2017-9229 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | oniguruma: Invalid pointer dereference in left_adjust_char_head() | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10545 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Dumpable FPM child processes allow bypassing opcache access controls | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10546 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Infinite loop in ext/iconv/iconv.c when using stream filter with convert.incov on invalid sequence leads to denial-of-service | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10547 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: Reflected XSS vulnerability on PHAR 403 and 404 error pages | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-10548 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.25 | php: NULL pointer dereference due to mishandling of ldap_get_dn return value allows DoS via malicious LDAP server reply | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-14883 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.26 | php: exif: integer overflow leading to out-of-bound buffer read in exif_thumbnail_extract() | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-17082 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.26 | php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-5712 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.23 | php: Reflected XSS on PHAR 404 page | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-7584 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.24 | php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9020 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Invalid memory access in function xmlrpc_decode() | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9021 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Heap-based buffer over-read in PHAR reading functions | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9022 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: memcpy with negative length via crafted DNS response | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9023 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Heap-based buffer over-read in mbstring regular expression functions | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9024 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.27 | php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9638 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_MAKERNOTE | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9639 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_MAKERNOTE | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9640 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Invalid read in exif_process_SOFn() | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2019-9641 | php5-readline | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.29 | php: Uninitialized read in exif_process_IFD_in_TIFF | php5-readline:5.5.9+dfsg-1ubuntu4.17 |
Medium | CVE-2018-1122 | procps | 1:3.3.9-1ubuntu2.2 | 1:3.3.9-1ubuntu2.3 | procps-ng, procps: Local privilege escalation in top | procps:1:3.3.9-1ubuntu2.2 |
Medium | CVE-2018-1123 | procps | 1:3.3.9-1ubuntu2.2 | 1:3.3.9-1ubuntu2.3 | procps-ng, procps: denial of service in ps via mmap buffer overflow | procps:1:3.3.9-1ubuntu2.2 |
Medium | CVE-2018-1124 | procps | 1:3.3.9-1ubuntu2.2 | 1:3.3.9-1ubuntu2.3 | procps-ng, procps: Integer overflows leading to heap overflow in file2strvec | procps:1:3.3.9-1ubuntu2.2 |
Medium | CVE-2018-1125 | procps | 1:3.3.9-1ubuntu2.2 | 1:3.3.9-1ubuntu2.3 | procps-ng, procps: stack buffer overflow in pgrep | procps:1:3.3.9-1ubuntu2.2 |
Medium | CVE-2018-1126 | procps | 1:3.3.9-1ubuntu2.2 | 1:3.3.9-1ubuntu2.3 | procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues | procps:1:3.3.9-1ubuntu2.2 |
Medium | CVE-2016-0772 | python2.7 | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.3 | python: smtplib StartTLS stripping attack | python2.7:2.7.6-8ubuntu0.2 |
Medium | CVE-2016-1000110 | python2.7 | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.3 | Python CGIHandler: sets environmental variable based on user supplied Proxy request header | python2.7:2.7.6-8ubuntu0.2 |
Medium | CVE-2016-5636 | python2.7 | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.3 | python: Heap overflow in zipimporter module | python2.7:2.7.6-8ubuntu0.2 |
Medium | CVE-2016-5699 | python2.7 | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.3 | python: http protocol steam injection attack | python2.7:2.7.6-8ubuntu0.2 |
Medium | CVE-2017-1000158 | python2.7 | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.4 | python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow | python2.7:2.7.6-8ubuntu0.2 |
Medium | CVE-2018-1000802 | python2.7 | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.5 | python: Command injection in the shutil module | python2.7:2.7.6-8ubuntu0.2 |
Medium | CVE-2018-14647 | python2.7 | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.5 | python: Missing salt initialization in _elementtree.c module | python2.7:2.7.6-8ubuntu0.2 |
Medium | CVE-2016-0772 | python2.7-minimal | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.3 | python: smtplib StartTLS stripping attack | python2.7-minimal:2.7.6-8ubuntu0.2 |
Medium | CVE-2016-1000110 | python2.7-minimal | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.3 | Python CGIHandler: sets environmental variable based on user supplied Proxy request header | python2.7-minimal:2.7.6-8ubuntu0.2 |
Medium | CVE-2016-5636 | python2.7-minimal | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.3 | python: Heap overflow in zipimporter module | python2.7-minimal:2.7.6-8ubuntu0.2 |
Medium | CVE-2016-5699 | python2.7-minimal | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.3 | python: http protocol steam injection attack | python2.7-minimal:2.7.6-8ubuntu0.2 |
Medium | CVE-2017-1000158 | python2.7-minimal | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.4 | python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow | python2.7-minimal:2.7.6-8ubuntu0.2 |
Medium | CVE-2018-1000802 | python2.7-minimal | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.5 | python: Command injection in the shutil module | python2.7-minimal:2.7.6-8ubuntu0.2 |
Medium | CVE-2018-14647 | python2.7-minimal | 2.7.6-8ubuntu0.2 | 2.7.6-8ubuntu0.5 | python: Missing salt initialization in _elementtree.c module | python2.7-minimal:2.7.6-8ubuntu0.2 |
Medium | CVE-2016-0772 | python3.4 | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.5 | python: smtplib StartTLS stripping attack | python3.4:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2016-1000110 | python3.4 | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.5 | Python CGIHandler: sets environmental variable based on user supplied Proxy request header | python3.4:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2016-5636 | python3.4 | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.5 | python: Heap overflow in zipimporter module | python3.4:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2016-5699 | python3.4 | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.5 | python: http protocol steam injection attack | python3.4:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2017-1000158 | python3.4 | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.6 | python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow | python3.4:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2018-1000802 | python3.4 | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.7 | python: Command injection in the shutil module | python3.4:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2018-14647 | python3.4 | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.7 | python: Missing salt initialization in _elementtree.c module | python3.4:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2016-0772 | python3.4-minimal | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.5 | python: smtplib StartTLS stripping attack | python3.4-minimal:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2016-1000110 | python3.4-minimal | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.5 | Python CGIHandler: sets environmental variable based on user supplied Proxy request header | python3.4-minimal:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2016-5636 | python3.4-minimal | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.5 | python: Heap overflow in zipimporter module | python3.4-minimal:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2016-5699 | python3.4-minimal | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.5 | python: http protocol steam injection attack | python3.4-minimal:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2017-1000158 | python3.4-minimal | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.6 | python: Integer overflow in PyString_DecodeEscape results in heap-base buffer overflow | python3.4-minimal:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2018-1000802 | python3.4-minimal | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.7 | python: Command injection in the shutil module | python3.4-minimal:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2018-14647 | python3.4-minimal | 3.4.3-1ubuntu1~14.04.3 | 3.4.3-1ubuntu1~14.04.7 | python: Missing salt initialization in _elementtree.c module | python3.4-minimal:3.4.3-1ubuntu1~14.04.3 |
Medium | CVE-2017-17512 | sensible-utils | 0.0.9 | 0.0.9ubuntu0.14.04.1 | sensible-browser in sensible-utils before 0.0.11 does not validate str ... | sensible-utils:0.0.9 |
Medium | CVE-2017-11610 | supervisor | 3.0b2-1 | 3.0b2-1ubuntu0.1 | supervisor: Command injection via malicious XML-RPC request | supervisor:3.0b2-1 |
Medium | CVE-2016-6321 | tar | 1.27.1-1 | 1.27.1-1ubuntu0.1 | tar: Bypassing the extract path name | tar:1.27.1-1 |
Medium | CVE-2018-1049 | udev | 204-5ubuntu20.19 | 204-5ubuntu20.26 | systemd: automount: access to automounted volumes can lock up | udev:204-5ubuntu20.19 |
Medium | CVE-2019-3842 | udev | 204-5ubuntu20.19 | 204-5ubuntu20.31 | systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" | udev:204-5ubuntu20.19 |
Medium | CVE-2016-1248 | vim-common | 2:7.4.052-1ubuntu3 | 2:7.4.052-1ubuntu3.1 | vim: Lack of validation of values for few options results in code exection | vim-common:2:7.4.052-1ubuntu3 |
Medium | CVE-2016-1248 | vim-tiny | 2:7.4.052-1ubuntu3 | 2:7.4.052-1ubuntu3.1 | vim: Lack of validation of values for few options results in code exection | vim-tiny:2:7.4.052-1ubuntu3 |
Medium | CVE-2017-13089 | wget | 1.15-1ubuntu1.14.04.2 | 1.15-1ubuntu1.14.04.3 | wget: Stack-based buffer overflow in HTTP protocol handling | wget:1.15-1ubuntu1.14.04.2 |
Medium | CVE-2017-13090 | wget | 1.15-1ubuntu1.14.04.2 | 1.15-1ubuntu1.14.04.3 | wget: Heap-based buffer overflow in HTTP protocol handling | wget:1.15-1ubuntu1.14.04.2 |
Medium | CVE-2018-0494 | wget | 1.15-1ubuntu1.14.04.2 | 1.15-1ubuntu1.14.04.4 | wget: Cookie injection allows malicious website to write arbitrary cookie entries into cookie jar | wget:1.15-1ubuntu1.14.04.2 |
Medium | CVE-2019-5953 | wget | 1.15-1ubuntu1.14.04.2 | 1.15-1ubuntu1.14.04.5 | wget: do_conversion() heap-based buffer overflow vulnerability | wget:1.15-1ubuntu1.14.04.2 |
Low | CVE-2016-2161 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.14 | httpd: DoS vulnerability in mod_auth_digest | apache2:2.4.7-1ubuntu4.9 |
Low | CVE-2016-4975 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.14 | httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir | apache2:2.4.7-1ubuntu4.9 |
Low | CVE-2017-15710 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.20 | httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values | apache2:2.4.7-1ubuntu4.9 |
Low | CVE-2017-15715 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.20 | httpd: <FilesMatch> bypass with a trailing newline in the file name | apache2:2.4.7-1ubuntu4.9 |
Low | CVE-2017-7679 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.16 | httpd: mod_mime buffer overread | apache2:2.4.7-1ubuntu4.9 |
Low | CVE-2018-1283 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.20 | httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications | apache2:2.4.7-1ubuntu4.9 |
Low | CVE-2018-1301 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.20 | httpd: Out of bounds access after failure in reading the HTTP request | apache2:2.4.7-1ubuntu4.9 |
Low | CVE-2018-1303 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.20 | httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS | apache2:2.4.7-1ubuntu4.9 |
Low | CVE-2018-1312 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.20 | httpd: Weak Digest auth nonce generation in mod_auth_digest | apache2:2.4.7-1ubuntu4.9 |
Low | CVE-2018-17199 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.22 | httpd: mod_session_cookie does not respect expiry time | apache2:2.4.7-1ubuntu4.9 |
Low | CVE-2019-0220 | apache2 | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.22 | httpd: URL normalization inconsistency | apache2:2.4.7-1ubuntu4.9 |
Low | CVE-2016-2161 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.14 | httpd: DoS vulnerability in mod_auth_digest | apache2-bin:2.4.7-1ubuntu4.9 |
Low | CVE-2016-4975 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.14 | httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir | apache2-bin:2.4.7-1ubuntu4.9 |
Low | CVE-2017-15710 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.20 | httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values | apache2-bin:2.4.7-1ubuntu4.9 |
Low | CVE-2017-15715 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.20 | httpd: <FilesMatch> bypass with a trailing newline in the file name | apache2-bin:2.4.7-1ubuntu4.9 |
Low | CVE-2017-7679 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.16 | httpd: mod_mime buffer overread | apache2-bin:2.4.7-1ubuntu4.9 |
Low | CVE-2018-1283 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.20 | httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications | apache2-bin:2.4.7-1ubuntu4.9 |
Low | CVE-2018-1301 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.20 | httpd: Out of bounds access after failure in reading the HTTP request | apache2-bin:2.4.7-1ubuntu4.9 |
Low | CVE-2018-1303 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.20 | httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS | apache2-bin:2.4.7-1ubuntu4.9 |
Low | CVE-2018-1312 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.20 | httpd: Weak Digest auth nonce generation in mod_auth_digest | apache2-bin:2.4.7-1ubuntu4.9 |
Low | CVE-2018-17199 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.22 | httpd: mod_session_cookie does not respect expiry time | apache2-bin:2.4.7-1ubuntu4.9 |
Low | CVE-2019-0220 | apache2-bin | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.22 | httpd: URL normalization inconsistency | apache2-bin:2.4.7-1ubuntu4.9 |
Low | CVE-2016-2161 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.14 | httpd: DoS vulnerability in mod_auth_digest | apache2-data:2.4.7-1ubuntu4.9 |
Low | CVE-2016-4975 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.14 | httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir | apache2-data:2.4.7-1ubuntu4.9 |
Low | CVE-2017-15710 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.20 | httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values | apache2-data:2.4.7-1ubuntu4.9 |
Low | CVE-2017-15715 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.20 | httpd: <FilesMatch> bypass with a trailing newline in the file name | apache2-data:2.4.7-1ubuntu4.9 |
Low | CVE-2017-7679 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.16 | httpd: mod_mime buffer overread | apache2-data:2.4.7-1ubuntu4.9 |
Low | CVE-2018-1283 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.20 | httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications | apache2-data:2.4.7-1ubuntu4.9 |
Low | CVE-2018-1301 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.20 | httpd: Out of bounds access after failure in reading the HTTP request | apache2-data:2.4.7-1ubuntu4.9 |
Low | CVE-2018-1303 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.20 | httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS | apache2-data:2.4.7-1ubuntu4.9 |
Low | CVE-2018-1312 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.20 | httpd: Weak Digest auth nonce generation in mod_auth_digest | apache2-data:2.4.7-1ubuntu4.9 |
Low | CVE-2018-17199 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.22 | httpd: mod_session_cookie does not respect expiry time | apache2-data:2.4.7-1ubuntu4.9 |
Low | CVE-2019-0220 | apache2-data | 2.4.7-1ubuntu4.9 | 2.4.7-1ubuntu4.22 | httpd: URL normalization inconsistency | apache2-data:2.4.7-1ubuntu4.9 |
Low | CVE-2016-0634 | bash | 4.3-7ubuntu1.5 | 4.3-7ubuntu1.7 | bash: Arbitrary code execution via malicious hostname | bash:4.3-7ubuntu1.5 |
Low | CVE-2016-9401 | bash | 4.3-7ubuntu1.5 | 4.3-7ubuntu1.7 | bash: popd controlled free | bash:4.3-7ubuntu1.5 |
Low | CVE-2011-5325 | busybox-initramfs | 1:1.21.0-1ubuntu1 | 1:1.21.0-1ubuntu1.4 | busybox: Path traversal via crafted tar file containing symlink | busybox-initramfs:1:1.21.0-1ubuntu1 |
Low | CVE-2014-9645 | busybox-initramfs | 1:1.21.0-1ubuntu1 | 1:1.21.0-1ubuntu1.4 | busybox: unprivileged arbitrary module load via basename abuse | busybox-initramfs:1:1.21.0-1ubuntu1 |
Low | CVE-2016-2147 | busybox-initramfs | 1:1.21.0-1ubuntu1 | 1:1.21.0-1ubuntu1.4 | busybox: out of bounds write (heap) due to integer underflow in udhcpc | busybox-initramfs:1:1.21.0-1ubuntu1 |
Low | CVE-2016-2148 | busybox-initramfs | 1:1.21.0-1ubuntu1 | 1:1.21.0-1ubuntu1.4 | busybox: heap-based buffer overflow in OPTION_6RD parsing | busybox-initramfs:1:1.21.0-1ubuntu1 |
Low | CVE-2017-15873 | busybox-initramfs | 1:1.21.0-1ubuntu1 | 1:1.21.0-1ubuntu1.4 | busybox: Integer overflow in the get_next_block function | busybox-initramfs:1:1.21.0-1ubuntu1 |
Low | CVE-2018-20679 | busybox-initramfs | 1:1.21.0-1ubuntu1 | 1:1.21.0-1ubuntu1.4 | busybox: Out of bounds read in udhcp components resulting in information disclosure | busybox-initramfs:1:1.21.0-1ubuntu1 |
Low | CVE-2014-9620 | file | 1:5.14-2ubuntu3.3 | 1:5.14-2ubuntu3.4 | file: limit the number of ELF notes processed | file:1:5.14-2ubuntu3.3 |
Low | CVE-2014-9621 | file | 1:5.14-2ubuntu3.3 | 1:5.14-2ubuntu3.4 | file: limit string printing to 100 chars | file:1:5.14-2ubuntu3.3 |
Low | CVE-2014-9653 | file | 1:5.14-2ubuntu3.3 | 1:5.14-2ubuntu3.4 | file: malformed elf file causes access to uninitialized memory | file:1:5.14-2ubuntu3.3 |
Low | CVE-2015-8865 | file | 1:5.14-2ubuntu3.3 | 1:5.14-2ubuntu3.4 | file: Buffer over-write in finfo_open with malformed magic file | file:1:5.14-2ubuntu3.3 |
Low | CVE-2018-10360 | file | 1:5.14-2ubuntu3.3 | 1:5.14-2ubuntu3.4 | file: out-of-bounds read via a crafted ELF file | file:1:5.14-2ubuntu3.3 |
Low | CVE-2016-2774 | isc-dhcp-client | 4.2.4-7ubuntu12.4 | 4.2.4-7ubuntu12.12 | dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS | isc-dhcp-client:4.2.4-7ubuntu12.4 |
Low | CVE-2017-3144 | isc-dhcp-client | 4.2.4-7ubuntu12.4 | 4.2.4-7ubuntu12.12 | dhcp: omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service | isc-dhcp-client:4.2.4-7ubuntu12.4 |
Low | CVE-2016-2774 | isc-dhcp-common | 4.2.4-7ubuntu12.4 | 4.2.4-7ubuntu12.12 | dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS | isc-dhcp-common:4.2.4-7ubuntu12.4 |
Low | CVE-2017-3144 | isc-dhcp-common | 4.2.4-7ubuntu12.4 | 4.2.4-7ubuntu12.12 | dhcp: omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service | isc-dhcp-common:4.2.4-7ubuntu12.4 |
Low | CVE-2017-11462 | krb5-locales | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: Automatic sec context deletion could lead to double-free | krb5-locales:1.12+dfsg-2ubuntu5.2 |
Low | CVE-2018-5729 | krb5-locales | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data | krb5-locales:1.12+dfsg-2ubuntu5.2 |
Low | CVE-2018-5730 | krb5-locales | 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.4 | krb5: DN container check bypass by supplying special crafted data | krb5-locales:1.12+dfsg-2ubuntu5.2 |
Low | CVE-2014-9912 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: stack buffer overflow in locale_get_display_name | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Low | CVE-2015-4116 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Use-after-free vulnerability in the spl_ptr_heap_insert function | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Low | CVE-2015-8873 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.19 | php: Stack consumption vulnerability in Zend/zend_exceptions.c | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Low | CVE-2015-8994 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.22 | php: Zend OPCache code permission/sensitive data protection issues | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Low | CVE-2016-10158 | libapache2-mod-php5 | 5.5.9+dfsg-1ubuntu4.17 | 5.5.9+dfsg-1ubuntu4.21 | php: Wrong calculation in exif_convert_any_to_int function | libapache2-mod-php5:5.5.9+dfsg-1ubuntu4.17 |
Command
ADD file:aca501360d0937bc49db603ee7e5b4f28865957690eb86cef8d769fdcec5c027 in /
Vulnerable packages, installed in this layer 7 years ago
Command
RUN set -xe &&
echo '#!/bin/sh' > /usr/sbin/policy-rc.d &&
echo 'exit 101' >> /usr/sbin/policy-rc.d &&
chmod +x /usr/sbin/policy-rc.d &&
dpkg-divert --local --rename --add /sbin/initctl &&
cp -a /usr/sbin/policy-rc.d /sbin/initctl &&
sed -i 's/^exit.*/exit 0/' /sbin/initctl &&
echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup &&
echo 'DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' > /etc/apt/apt.conf.d/docker-clean &&
echo 'APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' >> /etc/apt/apt.conf.d/docker-clean &&
echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";' >> /etc/apt/apt.conf.d/docker-clean &&
echo 'Acquire::Languages "none";' > /etc/apt/apt.conf.d/docker-no-languages &&
echo 'Acquire::GzipIndexes "true"; Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/docker-gzip-indexes
Command
RUN rm -rf /var/lib/apt/lists/*
Command
RUN sed -i 's/^#\s*\(deb.*universe\)$/\1/g' /etc/apt/sources.list
Command
CMD ["/bin/bash"]
Command
MAINTAINER Carlos Motta <motta.carlos08@gmail.com>
Command
RUN apt-get update &&
apt-get install apache2 php5 php5-ldap php5-imap php5-gd php5-mysql wget supervisor -y
Vulnerable packages, installed in this layer 7 years ago
Command
RUN mkdir -p /var/lock/apache2 /var/run/apache2 /var/log/supervisor
Command
COPY file:dcf9cb69f3383b40b97283558cba178e72123564a720586467f9a66525d67e62 in /etc/supervisor/conf.d/supervisord.conf
Command
EXPOSE 443/tcp 80/tcp
Command
CMD ["/usr/bin/supervisord"]
Command
MAINTAINER Carlos Motta <motta.carlos08@gmail.com>
Command
RUN apt-get update &&
apt-get install apache2 php5 php5-ldap php5-imap php5-gd php5-mysql wget supervisor -y
Vulnerable package, installed in this layer 7 years ago
Command
RUN mkdir -p /var/lock/apache2 /var/run/apache2 /var/log/supervisor
Command
RUN /usr/sbin/php5enmod imap &&
/usr/sbin/a2enmod ssl &&
/usr/sbin/a2ensite default-ssl
Command
COPY file:21d68f74ed8b726ca444fa821b008211f48a92ad6de4259edb89b50a17bd4329 in /etc/supervisor/conf.d/supervisord.conf
Command
EXPOSE 443/tcp 80/tcp
Command
CMD ["/usr/bin/supervisord"]
Dynamic Analysis Results
The following graph outlines the most important system events generated by the container:
The container made the following DNS requests:
Request | Response |
---|---|
A → www.w3.org | A → 128.30.52.100 |
AAAA → www.w3.org | SOA → ns1.w3.org |
The container attempts to connect to the following remote hosts:
IP address | Domain | Location | Coordinates | ASN organization |
---|---|---|---|---|
128.30.52.100 | www.w3.org | United States | 37.751, -97.822 | MIT-GATEWAYS |
The container starts a service that renders the following contents over port 80:
The container produces the following text output: