Search CVE reports

1 – 10 of 18 results

Detailed view

Sort by:

CVE-2022-31627

Medium priority

Fixed

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Not affected
php7.2	—	Not in release	Not in release	Not affected	Not in release
php7.4	—	Not in release	Not affected	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Fixed	Not in release	Not in release	Not in release

CVE-2022-31626

Medium priority

Some fixes available 7 of 8

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	Not in release	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release	Fixed
php7.2	Not in release	Not in release	Not in release	Fixed	Not in release
php7.4	Not in release	Not in release	Fixed	Not in release	Not in release
php8.0	Not in release	Not in release	Not in release	Not in release	Not in release
php8.1	Not in release	Fixed	Not in release	Not in release	Not in release

CVE-2022-31625

Medium priority

Some fixes available 7 of 8

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	Not in release	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release	Fixed
php7.2	Not in release	Not in release	Not in release	Fixed	Not in release
php7.4	Not in release	Not in release	Fixed	Not in release	Not in release
php8.0	Not in release	Not in release	Not in release	Not in release	Not in release
php8.1	Not in release	Fixed	Not in release	Not in release	Not in release

CVE-2021-21708

Medium priority

Fixed

In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Not affected
php7.2	—	Not in release	Not in release	Not affected	Not in release
php7.4	—	Not in release	Fixed	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Fixed	Not in release	Not in release	Not in release

CVE-2021-21707

Low priority

Some fixes available 4 of 6

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character,...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	Not in release	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release	Fixed
php7.2	Not in release	Not in release	Not in release	Fixed	Not in release
php7.4	Not in release	Not in release	Fixed	Not in release	Not in release
php8.0	Not in release	Not in release	Not in release	Not in release	Not in release
php8.1	Not in release	Not affected	Not in release	Not in release	Not in release

CVE-2021-21703

High priority

Fixed

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Fixed
php7.2	—	Not in release	Not in release	Fixed	Not in release
php7.4	—	Not in release	Fixed	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Not affected	Not in release	Not in release	Not in release

CVE-2021-21706

Negligible priority

Not affected

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Not affected
php7.2	—	Not in release	Not in release	Not affected	Not in release
php7.4	—	Not in release	Not affected	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Not affected	Not in release	Not in release	Not in release

CVE-2021-21705

Medium priority

Fixed

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Fixed
php7.2	—	Not in release	Not in release	Fixed	Not in release
php7.4	—	Not in release	Fixed	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Not affected	Not in release	Not in release	Not in release

CVE-2021-21704

Medium priority

Fixed

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(),...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Fixed
php7.2	—	Not in release	Not in release	Fixed	Not in release
php7.4	—	Not in release	Fixed	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Not affected	Not in release	Not in release	Not in release

CVE-2021-21702

Low priority

Fixed

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Fixed
php7.2	—	Not in release	Not in release	Fixed	Not in release
php7.4	—	Not in release	Fixed	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Not affected	Not in release	Not in release	Not in release

Export to JSON

Results by page: