Search CVE reports

Toggle filters

41 – 50 of 650 results

CVE-2021-21703

High priority
Fixed

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release
php7.2 Not in release Not in release Fixed
php7.4 Not in release Fixed Not in release
php8.0 Not in release Not in release Not in release
php8.1 Not affected Not in release Not in release
Show less packages

CVE-2021-21706

Negligible priority
Not affected

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release
php7.2 Not in release Not in release Not affected
php7.4 Not in release Not affected Not in release
php8.0 Not in release Not in release Not in release
php8.1 Not affected Not in release Not in release
Show less packages

CVE-2021-40812

Low priority

Some fixes available 4 of 10

The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libgd2 Not affected Fixed Fixed Fixed
php5 Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release
php7.2 Not in release Not in release Not in release Not affected
php7.3 Not in release Not in release Not in release Not in release
Show less packages

CVE-2021-40145

Medium priority
Fixed

** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as...

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libgd2 Fixed Fixed Fixed
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release
php7.2 Not in release Not in release Not affected
php7.3 Not in release Not in release Not in release
Show less packages

CVE-2021-38115

Low priority
Fixed

read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
libgd2 Fixed Fixed Fixed
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release
php7.2 Not in release Not in release Not affected
php7.3 Not in release Not in release Not in release
Show less packages

CVE-2021-21705

Medium priority
Fixed

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release
php7.2 Not in release Not in release Fixed
php7.4 Not in release Fixed Not in release
php8.0 Not in release Not in release Not in release
php8.1 Not affected Not in release Not in release
Show less packages

CVE-2021-21704

Medium priority
Fixed

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(),...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release
php7.2 Not in release Not in release Fixed
php7.4 Not in release Fixed Not in release
php8.0 Not in release Not in release Not in release
php8.1 Not affected Not in release Not in release
Show less packages

CVE-2021-21702

Low priority
Fixed

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release
php7.2 Not in release Not in release Fixed
php7.4 Not in release Fixed Not in release
php8.0 Not in release Not in release Not in release
php8.1 Not affected Not in release Not in release
Show less packages

CVE-2020-7071

Low priority
Fixed

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release
php7.2 Not in release Not in release Fixed
php7.4 Not in release Fixed Not in release
php8.0 Not in release Not in release Not in release
php8.1 Not affected Not in release Not in release
Show less packages

CVE-2020-7070

Medium priority
Fixed

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with...

4 affected packages

php5, php7.0, php7.2, php7.4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
php5 Not in release Not in release
php7.0 Not in release Not in release
php7.2 Not in release Fixed
php7.4 Fixed Not in release
Show less packages
  1. Previous page
  2. 3
  3. 4
  4. 5
  5. 6
  6. 7
  7. Next page
Export to JSON