Search CVE reports
91 – 100 of 39983 results
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, the code incorrectly assumes that...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 20.04 LTS |
|---|---|
| php5 | — |
| php7.0 | — |
| php7.2 | — |
| php7.4 | Needs evaluation |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 20.04 LTS |
|---|---|
| php5 | — |
| php7.0 | — |
| php7.2 | — |
| php7.4 | Needs evaluation |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 20.04 LTS |
|---|---|
| php5 | — |
| php7.0 | — |
| php7.2 | — |
| php7.4 | Needs evaluation |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted across requests via session...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 20.04 LTS |
|---|---|
| php5 | — |
| php7.0 | — |
| php7.2 | — |
| php7.4 | Needs evaluation |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 20.04 LTS |
|---|---|
| php5 | — |
| php7.0 | — |
| php7.2 | — |
| php7.4 | Needs evaluation |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On the systems with default...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 20.04 LTS |
|---|---|
| php5 | — |
| php7.0 | — |
| php7.2 | — |
| php7.4 | Needs evaluation |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 20.04 LTS |
|---|---|
| php5 | — |
| php7.0 | — |
| php7.2 | — |
| php7.4 | Needs evaluation |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 20.04 LTS |
|---|---|
| php5 | — |
| php7.0 | — |
| php7.2 | — |
| php7.4 | Needs evaluation |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 20.04 LTS |
|---|---|
| php5 | — |
| php7.0 | — |
| php7.2 | — |
| php7.4 | Needs evaluation |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based...
1 affected package
gdal
| Package | 20.04 LTS |
|---|---|
| gdal | Needs evaluation |