Lucene search
UbuntuUSN-2126-1HistoryMar 03, 2014 - 12:00 a.m.
PHP vulnerabilities
2014-03-0300:00:00
ubuntu.com
60
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
10
Confidence
High
EPSS
0.048
Percentile
92.9%
Releases
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04
- Ubuntu 10.04
Packages
- php5 - HTML-embedded scripting language interpreter
Details
Bernd Melchers discovered that PHP’s embedded libmagic library incorrectly
handled indirect offset values. An attacker could use this issue to cause
PHP to consume resources or crash, resulting in a denial of service.
(CVE-2014-1943)
It was discovered that PHP incorrectly handled certain values when using
the imagecrop function. An attacker could possibly use this issue to cause
PHP to crash, resulting in a denial of service, obtain sensitive
information, or possibly execute arbitrary code. This issue only affected
Ubuntu 13.10. (CVE-2013-7226, CVE-2013-7327, CVE-2013-7328, CVE-2014-2020)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 13.10 | noarch | php5-cli | < 5.5.3+dfsg-1ubuntu2.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | libapache2-mod-php5 | < 5.5.3+dfsg-1ubuntu2.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | libapache2-mod-php5filter | < 5.5.3+dfsg-1ubuntu2.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | libphp5-embed | < 5.5.3+dfsg-1ubuntu2.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | php5-cgi | < 5.5.3+dfsg-1ubuntu2.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | php5-common | < 5.5.3+dfsg-1ubuntu2.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | php5-curl | < 5.5.3+dfsg-1ubuntu2.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | php5-dbg | < 5.5.3+dfsg-1ubuntu2.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | php5-dev | < 5.5.3+dfsg-1ubuntu2.2 | UNKNOWN |
| Ubuntu | 13.10 | noarch | php5-enchant | < 5.5.3+dfsg-1ubuntu2.2 | UNKNOWN |
Related
securityvulns
securityvulns
USN-2126-1] PHP vulnerabilities
2014-03-13 00:00:00
PHP multiple security vulnerabilities
2014-03-18 00:00:00
[ MDVSA-2014:059 ] php
2014-03-18 00:00:00
nessus
nessus
PHP 5.5.x < 5.5.9 GD Extension Multiple Vulnerabilities
2014-02-14 00:00:00
PHP 5.5.x < 5.5.9 GD Extension Multiple Vulnerabilities
2014-02-14 00:00:00
openvas
openvas
Ubuntu Update for php5 USN-2126-1
2014-03-04 00:00:00
Ubuntu: Security Advisory (USN-2126-1)
2014-03-04 00:00:00
PHP Multiple Vulnerabilities - 01 (May 2014)
2014-05-09 00:00:00
f5
f5
SOL15653 - Multiple PHP vulnerabilities
2014-10-02 00:00:00
K15653 : Multiple PHP vulnerabilities
2014-10-02 00:00:00
SOL15648 - PHP vulnerability CVE-2014-2020
2014-10-02 00:00:00
amazon
amazon
cvelist
cvelist
prion
prion
Integer overflow
2014-02-18 11:55:00
Null pointer dereference
2014-02-18 11:55:00
Design/Logic Flaw
2014-02-18 11:55:00
ubuntucve
ubuntucve
nvd
nvd
cve
cve
seebug
seebug
PHP 'ext/gd/gd.c'信息泄漏漏洞
2014-02-20 00:00:00
PHP 'ext/gd/gd.c' gdImageCrop整数符号错误漏洞
2014-02-20 00:00:00
PHP 'ext/gd/gd.c' gdImageCrop空指针返回拒绝服务漏洞
2014-02-20 00:00:00
hackerone
hackerone
Internet Bug Bounty: PHP Heap Overflow Vulnerability in imagecrop()
2013-12-27 02:57:00
debian
debian
[SECURITY] [DSA 2861-1] file security update
2014-02-16 14:09:45
[SECURITY] [DSA 2861-1] file security update
2014-02-16 14:09:45
[SECURITY] [DSA 2868-1] php5 security update
2014-03-02 19:18:49
checkpoint_advisories
checkpoint_advisories
PHP Fileinfo Call Stack Exhaustion Denial of Service (CVE-2014-1943)
2014-05-18 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:04:17
Denial Of Service (DoS)
2019-05-02 05:04:16
Denial Of Service (DoS)
2019-05-02 05:04:17
freebsd
freebsd
file -- denial of service
2014-02-16 00:00:00
FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3)
2014-06-24 00:00:00
slackware
slackware
[slackware-security] php
2014-03-16 03:31:21
fedora
fedora
[SECURITY] Fedora 19 Update: file-5.11-12.fc19
2014-03-04 06:44:00
[SECURITY] Fedora 20 Update: file-5.14-15.fc20
2014-02-23 08:38:00
[SECURITY] Fedora 19 Update: file-5.11-13.fc19
2014-03-27 04:47:52
mageia
mageia
Updated file package fixes security vulnerability
2014-02-22 23:10:59
Updated php packages fix security vulnerabilities
2014-04-04 21:33:24
Updated php packages fix security vulnerabilities
2014-04-04 16:08:18
osv
osv
php5 - denial of service
2014-03-02 00:00:00
file - denial of service
2014-02-16 00:00:00
gentoo
gentoo
file: Denial of service
2014-03-13 00:00:00
PHP: Multiple vulnerabilities
2014-08-29 00:00:00
debiancve
debiancve
CVE-2014-1943
2014-02-18 19:55:04
ubuntu
ubuntu
file vulnerabilities
2014-02-26 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-14:16.file
2014-06-24 00:00:00
centos
centos
file, python security update
2014-10-20 18:08:44
php, php53 security update
2014-08-06 14:53:37
oraclelinux
oraclelinux
file security and bug fix update
2014-10-15 00:00:00
php53 and php security update
2014-08-06 00:00:00
redhat
redhat
(RHSA-2014:1606) Moderate: file security and bug fix update
2014-10-14 00:00:00
(RHSA-2014:1012) Moderate: php53 and php security update
2014-08-06 00:00:00
(RHSA-2014:1765) Important: php54-php security update
2014-10-30 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
10
Confidence
High
EPSS
0.048
Percentile
92.9%
Related for USN-2126-1