Search CVE reports

41 – 50 of 119 results

Detailed view

Sort by:

CVE-2021-21703

High priority

Fixed

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Fixed
php7.2	—	Not in release	Not in release	Fixed	Not in release
php7.4	—	Not in release	Fixed	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Not affected	Not in release	Not in release	Not in release

CVE-2021-21706

Negligible priority

Not affected

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Not affected
php7.2	—	Not in release	Not in release	Not affected	Not in release
php7.4	—	Not in release	Not affected	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Not affected	Not in release	Not in release	Not in release

CVE-2021-40812

Low priority

Some fixes available 4 of 10

The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libgd2	Not affected	Fixed	Fixed	Fixed	Fixed
php5	Not in release	Not in release	Not in release	Not in release	Not in release
php7.0	Not in release	Not in release	Not in release	Not in release	Not affected
php7.2	Not in release	Not in release	Not in release	Not affected	Not in release
php7.3	Not in release	Not in release	Not in release	Not in release	Not in release

CVE-2021-40145

Medium priority

Fixed

** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as...

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libgd2	—	Fixed	Fixed	Fixed	Fixed
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Not affected
php7.2	—	Not in release	Not in release	Not affected	Not in release
php7.3	—	Not in release	Not in release	Not in release	Not in release

CVE-2021-38115

Low priority

Fixed

read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

5 affected packages

libgd2, php5, php7.0, php7.2, php7.3

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libgd2	—	Fixed	Fixed	Fixed	Fixed
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Not affected
php7.2	—	Not in release	Not in release	Not affected	Not in release
php7.3	—	Not in release	Not in release	Not in release	Not in release

CVE-2021-21705

Medium priority

Fixed

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Fixed
php7.2	—	Not in release	Not in release	Fixed	Not in release
php7.4	—	Not in release	Fixed	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Not affected	Not in release	Not in release	Not in release

CVE-2021-21704

Medium priority

Fixed

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(),...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Fixed
php7.2	—	Not in release	Not in release	Fixed	Not in release
php7.4	—	Not in release	Fixed	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Not affected	Not in release	Not in release	Not in release

CVE-2021-21702

Low priority

Fixed

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Fixed
php7.2	—	Not in release	Not in release	Fixed	Not in release
php7.4	—	Not in release	Fixed	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Not affected	Not in release	Not in release	Not in release

CVE-2020-7071

Low priority

Fixed

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.0, php8.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	Not in release	Not in release	Not in release	Not in release
php7.0	—	Not in release	Not in release	Not in release	Fixed
php7.2	—	Not in release	Not in release	Fixed	Not in release
php7.4	—	Not in release	Fixed	Not in release	Not in release
php8.0	—	Not in release	Not in release	Not in release	Not in release
php8.1	—	Not affected	Not in release	Not in release	Not in release

CVE-2020-7070

Medium priority

Fixed

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with...

4 affected packages

php5, php7.0, php7.2, php7.4

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
php5	—	—	Not in release	Not in release	Not in release
php7.0	—	—	Not in release	Not in release	Fixed
php7.2	—	—	Not in release	Fixed	Not in release
php7.4	—	—	Fixed	Not in release	Not in release

Export to JSON

Results by page: