Search CVE reports
31 – 40 of 47 results
CVE-2022-31626
Medium prioritySome fixes available 7 of 8
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release | Fixed |
| php7.2 | Not in release | Not in release | Not in release | Fixed | Not in release |
| php7.4 | Not in release | Not in release | Fixed | Not in release | Not in release |
| php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Fixed | Not in release | Not in release | Not in release |
CVE-2022-31625
Medium prioritySome fixes available 7 of 8
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release | Fixed |
| php7.2 | Not in release | Not in release | Not in release | Fixed | Not in release |
| php7.4 | Not in release | Not in release | Fixed | Not in release | Not in release |
| php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Fixed | Not in release | Not in release | Not in release |
CVE-2021-21708
Medium priorityIn PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | Not in release | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release | Not affected |
| php7.2 | — | Not in release | Not in release | Not affected | Not in release |
| php7.4 | — | Not in release | Fixed | Not in release | Not in release |
| php8.0 | — | Not in release | Not in release | Not in release | Not in release |
| php8.1 | — | Fixed | Not in release | Not in release | Not in release |
CVE-2021-21707
Low prioritySome fixes available 4 of 6
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character,...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release | Fixed |
| php7.2 | Not in release | Not in release | Not in release | Fixed | Not in release |
| php7.4 | Not in release | Not in release | Fixed | Not in release | Not in release |
| php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Not affected | Not in release | Not in release | Not in release |
CVE-2021-21703
High priorityIn PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | Not in release | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release | Fixed |
| php7.2 | — | Not in release | Not in release | Fixed | Not in release |
| php7.4 | — | Not in release | Fixed | Not in release | Not in release |
| php8.0 | — | Not in release | Not in release | Not in release | Not in release |
| php8.1 | — | Not affected | Not in release | Not in release | Not in release |
CVE-2021-21706
Negligible priorityIn PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | Not in release | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release | Not affected |
| php7.2 | — | Not in release | Not in release | Not affected | Not in release |
| php7.4 | — | Not in release | Not affected | Not in release | Not in release |
| php8.0 | — | Not in release | Not in release | Not in release | Not in release |
| php8.1 | — | Not affected | Not in release | Not in release | Not in release |
CVE-2021-21705
Medium priorityIn PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | Not in release | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release | Fixed |
| php7.2 | — | Not in release | Not in release | Fixed | Not in release |
| php7.4 | — | Not in release | Fixed | Not in release | Not in release |
| php8.0 | — | Not in release | Not in release | Not in release | Not in release |
| php8.1 | — | Not affected | Not in release | Not in release | Not in release |
CVE-2021-21704
Medium priorityIn PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(),...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | Not in release | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release | Fixed |
| php7.2 | — | Not in release | Not in release | Fixed | Not in release |
| php7.4 | — | Not in release | Fixed | Not in release | Not in release |
| php8.0 | — | Not in release | Not in release | Not in release | Not in release |
| php8.1 | — | Not affected | Not in release | Not in release | Not in release |
CVE-2021-21702
Low priorityIn PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | Not in release | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release | Fixed |
| php7.2 | — | Not in release | Not in release | Fixed | Not in release |
| php7.4 | — | Not in release | Fixed | Not in release | Not in release |
| php8.0 | — | Not in release | Not in release | Not in release | Not in release |
| php8.1 | — | Not affected | Not in release | Not in release | Not in release |
CVE-2020-7071
Low priorityIn PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | Not in release | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release | Fixed |
| php7.2 | — | Not in release | Not in release | Fixed | Not in release |
| php7.4 | — | Not in release | Fixed | Not in release | Not in release |
| php8.0 | — | Not in release | Not in release | Not in release | Not in release |
| php8.1 | — | Not affected | Not in release | Not in release | Not in release |