Search CVE reports


Toggle filters

1 – 10 of 12 results


CVE-2024-5458

Medium priority

Some fixes available 7 of 8

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Fixed
php7.2 Not in release Not in release Not in release Fixed
php7.4 Not in release Not in release Fixed
php8.1 Not in release Fixed Not in release
php8.2 Not in release Not in release Not in release
php8.3 Fixed Not in release Not in release
Show all 7 packages Show less packages

CVE-2024-4577

Medium priority
Not affected

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected
php7.4 Not in release Not in release Not affected
php8.1 Not in release Not affected Not in release
php8.2 Not in release Not in release Not in release
php8.3 Not affected Not in release Not in release
Show all 7 packages Show less packages

CVE-2024-2408

Medium priority
Ignored

The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected
php7.4 Not in release Not in release Not affected
php8.1 Not in release Not affected Not in release
php8.2 Not in release Not in release Not in release
php8.3 Not affected Not in release Not in release
Show all 7 packages Show less packages

CVE-2024-5585

Medium priority
Not affected

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax,...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected
php7.4 Not in release Not in release Not affected
php8.1 Not in release Not affected Not in release
php8.2 Not in release Not in release Not in release
php8.3 Not affected Not in release Not in release
Show all 7 packages Show less packages

CVE-2024-2757

Medium priority
Fixed

In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected
php7.4 Not in release Not in release Not affected
php8.1 Not in release Not affected Not in release
php8.2 Not in release Not in release Not in release Not in release Not in release
php8.3 Fixed Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2024-1874

Medium priority
Not affected

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected
php7.4 Not in release Not in release Not affected
php8.1 Not in release Not affected Not in release
php8.2 Not in release Not in release Not in release Not in release Not in release
php8.3 Not affected Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2024-3096

Medium priority

Some fixes available 7 of 8

In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Fixed
php7.2 Not in release Not in release Not in release Fixed
php7.4 Not in release Not in release Fixed
php8.1 Not in release Fixed Not in release
php8.2 Not in release Not in release Not in release Not in release Not in release
php8.3 Fixed Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2024-2756

Medium priority

Some fixes available 7 of 8

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure-...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Fixed
php7.2 Not in release Not in release Not in release Fixed
php7.4 Not in release Not in release Fixed
php8.1 Not in release Fixed Not in release
php8.2 Not in release Not in release Not in release Not in release Not in release
php8.3 Fixed Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2022-4900

Low priority

Some fixes available 2 of 3

A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not affected Not in release
php7.4 Not in release Fixed Not in release Not in release
php8.1 Not in release Fixed Not in release Not in release Not in release
php8.2 Not in release Not in release Not in release Not in release Not in release
php8.3 Not affected Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2023-3824

Medium priority

Some fixes available 5 of 6

In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.1, php8.2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not in release Fixed
php7.2 Not in release Not in release Not in release Fixed Not in release
php7.4 Not in release Not in release Fixed Not in release Not in release
php8.1 Not in release Fixed Not in release Not in release Not in release
php8.2 Not in release Not in release Not in release Ignored Ignored
Show less packages