Search CVE reports
31 – 40 of 42 results
CVE-2021-21706
Negligible priorityIn PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | Not in release | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release | Not affected |
| php7.2 | — | Not in release | Not in release | Not affected | Not in release |
| php7.4 | — | Not in release | Not affected | Not in release | Not in release |
| php8.0 | — | Not in release | Not in release | Not in release | Not in release |
| php8.1 | — | Not affected | Not in release | Not in release | Not in release |
CVE-2021-21705
Medium priorityIn PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | Not in release | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release | Fixed |
| php7.2 | — | Not in release | Not in release | Fixed | Not in release |
| php7.4 | — | Not in release | Fixed | Not in release | Not in release |
| php8.0 | — | Not in release | Not in release | Not in release | Not in release |
| php8.1 | — | Not affected | Not in release | Not in release | Not in release |
CVE-2021-21704
Medium priorityIn PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(),...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | Not in release | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release | Fixed |
| php7.2 | — | Not in release | Not in release | Fixed | Not in release |
| php7.4 | — | Not in release | Fixed | Not in release | Not in release |
| php8.0 | — | Not in release | Not in release | Not in release | Not in release |
| php8.1 | — | Not affected | Not in release | Not in release | Not in release |
CVE-2021-21702
Low priorityIn PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | Not in release | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release | Fixed |
| php7.2 | — | Not in release | Not in release | Fixed | Not in release |
| php7.4 | — | Not in release | Fixed | Not in release | Not in release |
| php8.0 | — | Not in release | Not in release | Not in release | Not in release |
| php8.1 | — | Not affected | Not in release | Not in release | Not in release |
CVE-2020-7071
Low priorityIn PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | Not in release | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release | Fixed |
| php7.2 | — | Not in release | Not in release | Fixed | Not in release |
| php7.4 | — | Not in release | Fixed | Not in release | Not in release |
| php8.0 | — | Not in release | Not in release | Not in release | Not in release |
| php8.1 | — | Not affected | Not in release | Not in release | Not in release |
CVE-2020-7068
Low priorityIn PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | Not in release | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release | Fixed |
| php7.2 | — | Not in release | Not in release | Fixed | Not in release |
| php7.4 | — | Not in release | Fixed | Not in release | Not in release |
| php8.0 | — | Not in release | Not in release | Not in release | Not in release |
| php8.1 | — | Not affected | Not in release | Not in release | Not in release |
CVE-2017-7189
Low prioritymain/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This...
7 affected packages
php5, php7.0, php7.2, php7.3, php7.4...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| php7.2 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| php7.3 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.4 | Not in release | Not in release | Vulnerable | Not in release | Not in release |
| php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Vulnerable | Not in release | Not in release | Not in release |
CVE-2017-9120
Medium prioritySome fixes available 4 of 7
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release | Fixed |
| php7.2 | Not in release | Not in release | Not in release | Fixed | Not in release |
| php7.4 | Not in release | Not in release | Fixed | Not in release | Not in release |
| php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Not affected | Not in release | Not in release | Not in release |
CVE-2017-9118
Medium prioritySome fixes available 7 of 10
PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release | Fixed |
| php7.2 | Not in release | Not in release | Not in release | Fixed | Not in release |
| php7.4 | Not in release | Not in release | Fixed | Not in release | Not in release |
| php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Fixed | Not in release | Not in release | Not in release |
CVE-2017-9119
Low prioritySome fixes available 3 of 8
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations...
6 affected packages
php5, php7.0, php7.2, php7.4, php8.0, php8.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php7.0 | Not in release | Not in release | Not in release | Not in release | Fixed |
| php7.2 | Not in release | Not in release | Not in release | Fixed | Not in release |
| php7.4 | Not in release | Not in release | Fixed | Not in release | Not in release |
| php8.0 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.1 | Not in release | Not affected | Not in release | Not in release | Not in release |