Search CVE reports


Toggle filters

1 – 10 of 47 results


CVE-2024-11233

Medium priority
Needs evaluation

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.1, php8.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Needs evaluation
php7.2 Not in release Not in release Not in release Needs evaluation
php7.4 Not in release Not in release Needs evaluation
php8.1 Not in release Needs evaluation Not in release
php8.3 Needs evaluation Not in release Not in release
Show less packages

CVE-2024-11236

Medium priority
Needs evaluation

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

6 affected packages

php5, php7.0, php7.2, php7.4, php8.1, php8.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Needs evaluation
php7.2 Not in release Not in release Not in release Needs evaluation
php7.4 Not in release Not in release Needs evaluation
php8.1 Not in release Needs evaluation Not in release
php8.3 Needs evaluation Not in release Not in release
Show less packages

CVE-2024-11234

Medium priority
Needs evaluation

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.1, php8.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Needs evaluation
php7.2 Not in release Not in release Not in release Needs evaluation
php7.4 Not in release Not in release Needs evaluation
php8.1 Not in release Needs evaluation Not in release
php8.3 Needs evaluation Not in release Not in release
Show less packages

CVE-2024-8929

Medium priority
Needs evaluation

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.1, php8.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Needs evaluation
php7.2 Not in release Not in release Not in release Needs evaluation
php7.4 Not in release Not in release Needs evaluation
php8.1 Not in release Needs evaluation Not in release
php8.3 Needs evaluation Not in release Not in release
Show less packages

CVE-2024-8932

Medium priority
Needs evaluation

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

6 affected packages

php5, php7.0, php7.2, php7.4, php8.1, php8.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Needs evaluation
php7.2 Not in release Not in release Not in release Needs evaluation
php7.4 Not in release Not in release Needs evaluation
php8.1 Not in release Needs evaluation Not in release
php8.3 Needs evaluation Not in release Not in release
Show less packages

CVE-2024-8926

Medium priority
Not affected

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.1, php8.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected
php7.4 Not in release Not in release Not affected
php8.1 Not in release Not affected Not in release
php8.3 Not affected Not in release Not in release
Show less packages

CVE-2024-9026

Medium priority
Fixed

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.1, php8.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected
php7.4 Not in release Not in release Not affected
php8.1 Not in release Fixed Not in release
php8.3 Fixed Not in release Not in release
Show less packages

CVE-2024-8927

Medium priority

Some fixes available 6 of 7

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.1, php8.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Fixed
php7.2 Not in release Not in release Not in release Fixed
php7.4 Not in release Not in release Fixed
php8.1 Not in release Fixed Not in release
php8.3 Fixed Not in release Not in release
Show less packages

CVE-2024-8925

Medium priority

Some fixes available 6 of 7

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.1, php8.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Fixed
php7.2 Not in release Not in release Not in release Fixed
php7.4 Not in release Not in release Fixed
php8.1 Not in release Fixed Not in release
php8.3 Fixed Not in release Not in release
Show less packages

CVE-2024-5458

Medium priority

Some fixes available 7 of 8

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Fixed
php7.2 Not in release Not in release Not in release Fixed
php7.4 Not in release Not in release Fixed
php8.1 Not in release Fixed Not in release
php8.2 Not in release Not in release Not in release
php8.3 Fixed Not in release Not in release
Show all 7 packages Show less packages