Search CVE reports

Toggle filters

1 – 10 of 24 results

CVE-2025-1861

Medium priority

Some fixes available 4 of 7

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Needs evaluation
php7.2 Not in release Not in release Not in release Needs evaluation
php7.4 Not in release Not in release Fixed
php8.1 Not in release Fixed Not in release
php8.3 Fixed Not in release Not in release
php8.4 Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2025-1736

Medium priority

Some fixes available 4 of 7

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Needs evaluation
php7.2 Not in release Not in release Not in release Needs evaluation
php7.4 Not in release Not in release Fixed
php8.1 Not in release Fixed Not in release
php8.3 Fixed Not in release Not in release
php8.4 Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2025-1734

Medium priority

Some fixes available 4 of 7

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Needs evaluation
php7.2 Not in release Not in release Not in release Needs evaluation
php7.4 Not in release Not in release Fixed
php8.1 Not in release Fixed Not in release
php8.3 Fixed Not in release Not in release
php8.4 Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2025-1219

Medium priority

Some fixes available 4 of 7

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Needs evaluation
php7.2 Not in release Not in release Not in release Needs evaluation
php7.4 Not in release Not in release Fixed
php8.1 Not in release Fixed Not in release
php8.3 Fixed Not in release Not in release
php8.4 Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2025-1217

Medium priority

Some fixes available 4 of 7

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Needs evaluation
php7.2 Not in release Not in release Not in release Needs evaluation
php7.4 Not in release Not in release Fixed
php8.1 Not in release Fixed Not in release
php8.3 Fixed Not in release Not in release
php8.4 Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2024-11235

Medium priority

Some fixes available 4 of 7

Exception handler frees variables via cleanup_live_vars for termination. However, the subsequent php_request_shutdown performs reference counting on these variables using zend_gc_refcount(read) and zend_gc_delref(write), resulting...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Needs evaluation
php7.2 Not in release Not in release Not in release Needs evaluation
php7.4 Not in release Not in release Fixed
php8.1 Not in release Fixed Not in release
php8.3 Fixed Not in release Not in release
php8.4 Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2024-11233

Medium priority

Some fixes available 5 of 7

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.1, php8.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Fixed
php7.2 Not in release Not in release Not in release Needs evaluation
php7.4 Not in release Not in release Fixed
php8.1 Not in release Fixed Not in release
php8.3 Fixed Not in release Not in release
Show less packages

CVE-2024-11236

Medium priority

Some fixes available 6 of 7

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

6 affected packages

php5, php7.0, php7.2, php7.4, php8.1, php8.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Fixed
php7.2 Not in release Not in release Not in release Fixed
php7.4 Not in release Not in release Fixed
php8.1 Not in release Fixed Not in release
php8.3 Fixed Not in release Not in release
Show less packages

CVE-2024-11234

Medium priority

Some fixes available 5 of 7

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.1, php8.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Fixed
php7.2 Not in release Not in release Not in release Needs evaluation
php7.4 Not in release Not in release Fixed
php8.1 Not in release Fixed Not in release
php8.3 Fixed Not in release Not in release
Show less packages

CVE-2024-8929

Medium priority

Some fixes available 5 of 7

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.1, php8.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Fixed
php7.2 Not in release Not in release Not in release Needs evaluation
php7.4 Not in release Not in release Fixed
php8.1 Not in release Fixed Not in release
php8.3 Fixed Not in release Not in release
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. Next page
Export to JSON