Search CVE reports
1 – 10 of 47 results
CVE-2024-11233
Medium priorityIn PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.1, php8.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | Not in release | Not in release | Not in release | — | — |
php7.0 | Not in release | Not in release | Not in release | — | Needs evaluation |
php7.2 | Not in release | Not in release | Not in release | Needs evaluation | — |
php7.4 | Not in release | Not in release | Needs evaluation | — | — |
php8.1 | Not in release | Needs evaluation | Not in release | — | — |
php8.3 | Needs evaluation | Not in release | Not in release | — | — |
CVE-2024-11236
Medium priorityIn PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
6 affected packages
php5, php7.0, php7.2, php7.4, php8.1, php8.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | Not in release | Not in release | Not in release | — | — |
php7.0 | Not in release | Not in release | Not in release | — | Needs evaluation |
php7.2 | Not in release | Not in release | Not in release | Needs evaluation | — |
php7.4 | Not in release | Not in release | Needs evaluation | — | — |
php8.1 | Not in release | Needs evaluation | Not in release | — | — |
php8.3 | Needs evaluation | Not in release | Not in release | — | — |
CVE-2024-11234
Medium priorityIn PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.1, php8.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | Not in release | Not in release | Not in release | — | — |
php7.0 | Not in release | Not in release | Not in release | — | Needs evaluation |
php7.2 | Not in release | Not in release | Not in release | Needs evaluation | — |
php7.4 | Not in release | Not in release | Needs evaluation | — | — |
php8.1 | Not in release | Needs evaluation | Not in release | — | — |
php8.3 | Needs evaluation | Not in release | Not in release | — | — |
CVE-2024-8929
Medium priorityIn PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.1, php8.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | Not in release | Not in release | Not in release | — | — |
php7.0 | Not in release | Not in release | Not in release | — | Needs evaluation |
php7.2 | Not in release | Not in release | Not in release | Needs evaluation | — |
php7.4 | Not in release | Not in release | Needs evaluation | — | — |
php8.1 | Not in release | Needs evaluation | Not in release | — | — |
php8.3 | Needs evaluation | Not in release | Not in release | — | — |
CVE-2024-8932
Medium priorityIn PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
6 affected packages
php5, php7.0, php7.2, php7.4, php8.1, php8.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | Not in release | Not in release | Not in release | — | — |
php7.0 | Not in release | Not in release | Not in release | — | Needs evaluation |
php7.2 | Not in release | Not in release | Not in release | Needs evaluation | — |
php7.4 | Not in release | Not in release | Needs evaluation | — | — |
php8.1 | Not in release | Needs evaluation | Not in release | — | — |
php8.3 | Needs evaluation | Not in release | Not in release | — | — |
CVE-2024-8926
Medium priorityIn PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.1, php8.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | Not in release | Not in release | Not in release | — | — |
php7.0 | Not in release | Not in release | Not in release | — | Not affected |
php7.2 | Not in release | Not in release | Not in release | Not affected | — |
php7.4 | Not in release | Not in release | Not affected | — | — |
php8.1 | Not in release | Not affected | Not in release | — | — |
php8.3 | Not affected | Not in release | Not in release | — | — |
CVE-2024-9026
Medium priorityIn PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.1, php8.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | Not in release | Not in release | Not in release | — | — |
php7.0 | Not in release | Not in release | Not in release | — | Not affected |
php7.2 | Not in release | Not in release | Not in release | Not affected | — |
php7.4 | Not in release | Not in release | Not affected | — | — |
php8.1 | Not in release | Fixed | Not in release | — | — |
php8.3 | Fixed | Not in release | Not in release | — | — |
CVE-2024-8927
Medium prioritySome fixes available 6 of 7
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.1, php8.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | Not in release | Not in release | Not in release | — | — |
php7.0 | Not in release | Not in release | Not in release | — | Fixed |
php7.2 | Not in release | Not in release | Not in release | Fixed | — |
php7.4 | Not in release | Not in release | Fixed | — | — |
php8.1 | Not in release | Fixed | Not in release | — | — |
php8.3 | Fixed | Not in release | Not in release | — | — |
CVE-2024-8925
Medium prioritySome fixes available 6 of 7
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.1, php8.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | Not in release | Not in release | Not in release | — | — |
php7.0 | Not in release | Not in release | Not in release | — | Fixed |
php7.2 | Not in release | Not in release | Not in release | Fixed | — |
php7.4 | Not in release | Not in release | Fixed | — | — |
php8.1 | Not in release | Fixed | Not in release | — | — |
php8.3 | Fixed | Not in release | Not in release | — | — |
CVE-2024-5458
Medium prioritySome fixes available 7 of 8
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | Not in release | Not in release | Not in release | — | — |
php7.0 | Not in release | Not in release | Not in release | — | Fixed |
php7.2 | Not in release | Not in release | Not in release | Fixed | — |
php7.4 | Not in release | Not in release | Fixed | — | — |
php8.1 | Not in release | Fixed | Not in release | — | — |
php8.2 | Not in release | Not in release | Not in release | — | — |
php8.3 | Fixed | Not in release | Not in release | — | — |