Search CVE reports

41 – 50 of 64 results

Detailed view

Sort by:

CVE-2021-21703

High priority

Fixed

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Fixed
php7.2	—	Not in release	Not in release	Fixed	Not in release
php7.4	—	Not in release	Fixed	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Not affected	Not in release	Not in release	Not in release

CVE-2021-21706

Negligible priority

Not affected

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Not affected
php7.2	—	Not in release	Not in release	Not affected	Not in release
php7.4	—	Not in release	Not affected	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Not affected	Not in release	Not in release	Not in release

CVE-2021-21705

Medium priority

Fixed

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Fixed
php7.2	—	Not in release	Not in release	Fixed	Not in release
php7.4	—	Not in release	Fixed	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Not affected	Not in release	Not in release	Not in release

CVE-2021-21704

Medium priority

Fixed

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(),...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Fixed
php7.2	—	Not in release	Not in release	Fixed	Not in release
php7.4	—	Not in release	Fixed	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Not affected	Not in release	Not in release	Not in release

CVE-2021-21702

Low priority

Fixed

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Fixed
php7.2	—	Not in release	Not in release	Fixed	Not in release
php7.4	—	Not in release	Fixed	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Not affected	Not in release	Not in release	Not in release

CVE-2020-7071

Low priority

Fixed

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Fixed
php7.2	—	Not in release	Not in release	Fixed	Not in release
php7.4	—	Not in release	Fixed	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Not affected	Not in release	Not in release	Not in release

CVE-2020-7070

Medium priority

Fixed

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with...

4 affected packages

php5, php7.0, php7.2, php7.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	Not in release	Not in release	Not in release
php7.0	—	—	Not in release	Not in release	Fixed
php7.2	—	—	Not in release	Fixed	Not in release
php7.4	—	—	Fixed	Not in release	Not in release

CVE-2020-7069

Medium priority

Fixed

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both...

4 affected packages

php5, php7.0, php7.2, php7.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	Not in release	Not in release	Not in release
php7.0	—	—	Not in release	Not in release	Not affected
php7.2	—	—	Not in release	Fixed	Not in release
php7.4	—	—	Fixed	Not in release	Not in release

CVE-2020-7068

Low priority

Fixed

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Fixed
php7.2	—	Not in release	Not in release	Fixed	Not in release
php7.4	—	Not in release	Fixed	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Not affected	Not in release	Not in release	Not in release

CVE-2019-11048

Medium priority

Fixed

In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage,...

5 affected packages

php5, php7.0, php7.2, php7.3, php7.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	Not in release	Not in release	Not in release
php7.0	—	—	Not in release	Not in release	Fixed
php7.2	—	—	Not in release	Fixed	Not in release
php7.3	—	—	Not in release	Not in release	Not in release
php7.4	—	—	Fixed	Not in release	Not in release

Export to JSON

Results by page: