Search CVE reports
1 – 10 of 669 results
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | — | — |
| php7.0 | Not in release | Not in release | Not in release | — | — |
| php7.2 | Not in release | Not in release | Not in release | — | Needs evaluation |
| php7.4 | Not in release | Not in release | Not in release | Needs evaluation | — |
| php8.1 | Not in release | Not in release | Needs evaluation | — | — |
| php8.3 | Not in release | Needs evaluation | Not in release | — | — |
| php8.4 | Not in release | Not in release | Not in release | — | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | — | — |
| php7.0 | Not in release | Not in release | Not in release | — | — |
| php7.2 | Not in release | Not in release | Not in release | — | Needs evaluation |
| php7.4 | Not in release | Not in release | Not in release | Needs evaluation | — |
| php8.1 | Not in release | Not in release | Needs evaluation | — | — |
| php8.3 | Not in release | Needs evaluation | Not in release | — | — |
| php8.4 | Not in release | Not in release | Not in release | — | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On the systems with default...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | — | — |
| php7.0 | Not in release | Not in release | Not in release | — | — |
| php7.2 | Not in release | Not in release | Not in release | — | Needs evaluation |
| php7.4 | Not in release | Not in release | Not in release | Needs evaluation | — |
| php8.1 | Not in release | Not in release | Needs evaluation | — | — |
| php8.3 | Not in release | Needs evaluation | Not in release | — | — |
| php8.4 | Not in release | Not in release | Not in release | — | — |
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, the code incorrectly assumes that...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | — | — |
| php7.0 | Not in release | Not in release | Not in release | — | — |
| php7.2 | Not in release | Not in release | Not in release | — | Needs evaluation |
| php7.4 | Not in release | Not in release | Not in release | Needs evaluation | — |
| php8.1 | Not in release | Not in release | Needs evaluation | — | — |
| php8.3 | Not in release | Needs evaluation | Not in release | — | — |
| php8.4 | Not in release | Not in release | Not in release | — | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | — | — |
| php7.0 | Not in release | Not in release | Not in release | — | — |
| php7.2 | Not in release | Not in release | Not in release | — | Needs evaluation |
| php7.4 | Not in release | Not in release | Not in release | Needs evaluation | — |
| php8.1 | Not in release | Not in release | Needs evaluation | — | — |
| php8.3 | Not in release | Needs evaluation | Not in release | — | — |
| php8.4 | Not in release | Not in release | Not in release | — | — |
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | — | — |
| php7.0 | Not in release | Not in release | Not in release | — | — |
| php7.2 | Not in release | Not in release | Not in release | — | Needs evaluation |
| php7.4 | Not in release | Not in release | Not in release | Needs evaluation | — |
| php8.1 | Not in release | Not in release | Needs evaluation | — | — |
| php8.3 | Not in release | Needs evaluation | Not in release | — | — |
| php8.4 | Not in release | Not in release | Not in release | — | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | — | — |
| php7.0 | Not in release | Not in release | Not in release | — | — |
| php7.2 | Not in release | Not in release | Not in release | — | Needs evaluation |
| php7.4 | Not in release | Not in release | Not in release | Needs evaluation | — |
| php8.1 | Not in release | Not in release | Needs evaluation | — | — |
| php8.3 | Not in release | Needs evaluation | Not in release | — | — |
| php8.4 | Not in release | Not in release | Not in release | — | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted across requests via session...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | — | — |
| php7.0 | Not in release | Not in release | Not in release | — | — |
| php7.2 | Not in release | Not in release | Not in release | — | Needs evaluation |
| php7.4 | Not in release | Not in release | Not in release | Needs evaluation | — |
| php8.1 | Not in release | Not in release | Needs evaluation | — | — |
| php8.3 | Not in release | Needs evaluation | Not in release | — | — |
| php8.4 | Not in release | Not in release | Not in release | — | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | — | — |
| php7.0 | Not in release | Not in release | Not in release | — | — |
| php7.2 | Not in release | Not in release | Not in release | — | Needs evaluation |
| php7.4 | Not in release | Not in release | Not in release | Needs evaluation | — |
| php8.1 | Not in release | Not in release | Needs evaluation | — | — |
| php8.3 | Not in release | Needs evaluation | Not in release | — | — |
| php8.4 | Not in release | Not in release | Not in release | — | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | — | — |
| php7.0 | Not in release | Not in release | Not in release | — | — |
| php7.2 | Not in release | Not in release | Not in release | — | Needs evaluation |
| php7.4 | Not in release | Not in release | Not in release | Needs evaluation | — |
| php8.1 | Not in release | Not in release | Needs evaluation | — | — |
| php8.3 | Not in release | Needs evaluation | Not in release | — | — |
| php8.4 | Not in release | Not in release | Not in release | — | — |