Search CVE reports
31 – 40 of 248 results
CVE-2022-31626
Medium prioritySome fixes available 7 of 8
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
php7.0 | Not in release | Not in release | Not in release | Not in release | Fixed |
php7.2 | Not in release | Not in release | Not in release | Fixed | Not in release |
php7.4 | Not in release | Not in release | Fixed | Not in release | Not in release |
php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
php8.1 | Not in release | Fixed | Not in release | Not in release | Not in release |
CVE-2022-31625
Medium prioritySome fixes available 7 of 8
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
php7.0 | Not in release | Not in release | Not in release | Not in release | Fixed |
php7.2 | Not in release | Not in release | Not in release | Fixed | Not in release |
php7.4 | Not in release | Not in release | Fixed | Not in release | Not in release |
php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
php8.1 | Not in release | Fixed | Not in release | Not in release | Not in release |
CVE-2021-21708
Medium priorityIn PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | Not in release | Not in release | Not in release | Not in release |
php7.0 | — | Not in release | Not in release | Not in release | Not affected |
php7.2 | — | Not in release | Not in release | Not affected | Not in release |
php7.4 | — | Not in release | Fixed | Not in release | Not in release |
php8.0 | — | Not in release | Not in release | Not in release | Not in release |
php8.1 | — | Fixed | Not in release | Not in release | Not in release |
CVE-2021-21707
Low prioritySome fixes available 4 of 6
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character,...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
php7.0 | Not in release | Not in release | Not in release | Not in release | Fixed |
php7.2 | Not in release | Not in release | Not in release | Fixed | Not in release |
php7.4 | Not in release | Not in release | Fixed | Not in release | Not in release |
php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
php8.1 | Not in release | Not affected | Not in release | Not in release | Not in release |
CVE-2021-21703
High priorityIn PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | Not in release | Not in release | Not in release | Not in release |
php7.0 | — | Not in release | Not in release | Not in release | Fixed |
php7.2 | — | Not in release | Not in release | Fixed | Not in release |
php7.4 | — | Not in release | Fixed | Not in release | Not in release |
php8.0 | — | Not in release | Not in release | Not in release | Not in release |
php8.1 | — | Not affected | Not in release | Not in release | Not in release |
CVE-2021-21706
Negligible priorityIn PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | Not in release | Not in release | Not in release | Not in release |
php7.0 | — | Not in release | Not in release | Not in release | Not affected |
php7.2 | — | Not in release | Not in release | Not affected | Not in release |
php7.4 | — | Not in release | Not affected | Not in release | Not in release |
php8.0 | — | Not in release | Not in release | Not in release | Not in release |
php8.1 | — | Not affected | Not in release | Not in release | Not in release |
CVE-2021-40812
Low prioritySome fixes available 4 of 10
The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.
5 affected packages
libgd2, php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgd2 | Not affected | Fixed | Fixed | Fixed | Fixed |
php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
php7.0 | Not in release | Not in release | Not in release | Not in release | Not affected |
php7.2 | Not in release | Not in release | Not in release | Not affected | Not in release |
php7.3 | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2021-40145
Medium priority** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as...
5 affected packages
libgd2, php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgd2 | — | Fixed | Fixed | Fixed | Fixed |
php5 | — | Not in release | Not in release | Not in release | Not in release |
php7.0 | — | Not in release | Not in release | Not in release | Not affected |
php7.2 | — | Not in release | Not in release | Not affected | Not in release |
php7.3 | — | Not in release | Not in release | Not in release | Not in release |
CVE-2021-38115
Low priorityread_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
5 affected packages
libgd2, php5, php7.0, php7.2, php7.3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libgd2 | — | Fixed | Fixed | Fixed | Fixed |
php5 | — | Not in release | Not in release | Not in release | Not in release |
php7.0 | — | Not in release | Not in release | Not in release | Not affected |
php7.2 | — | Not in release | Not in release | Not affected | Not in release |
php7.3 | — | Not in release | Not in release | Not in release | Not in release |
CVE-2021-21705
Medium priorityIn PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
php5 | — | Not in release | Not in release | Not in release | Not in release |
php7.0 | — | Not in release | Not in release | Not in release | Fixed |
php7.2 | — | Not in release | Not in release | Fixed | Not in release |
php7.4 | — | Not in release | Fixed | Not in release | Not in release |
php8.0 | — | Not in release | Not in release | Not in release | Not in release |
php8.1 | — | Not affected | Not in release | Not in release | Not in release |