php

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A general-purpose scripting language that is especially suited to web development
Version 8.3.15-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2768 8.1.6-2 8.1.7-1 Unknown Fixed
AVG-2695 8.1.3-1 8.1.4-1 Critical Not affected
AVG-2566 8.0.12-2 8.0.13-1 Low Fixed
AVG-2486 8.0.11-2 8.0.12-1 Medium Fixed
AVG-2420 8.0.10-1 8.0.11-1 Medium Not affected
AVG-2132 8.0.7-1 8.0.8-1 Medium Fixed
AVG-1531 8.0.1-1 8.0.2-1 Medium Fixed
AVG-1415 7.4.13-2 7.4.14-1 Medium Fixed FS#69242
AVG-1052 7.3.10-1 7.3.11-1 Critical Fixed
AVG-152 7.0.9-1 7.0.10-1 High Fixed
AVG-105 7.0.13-1 7.1.1-0 High Fixed
AVG-58 7.0.12-2 7.0.13-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2022-31626 AVG-2768 Unknown Unknown Unknown Unknown
CVE-2022-31625 AVG-2768 Unknown Unknown Unknown Unknown
CVE-2021-21708 AVG-2695 Critical Yes Arbitrary file upload
A flaw was found in PHP. The vulnerability occurs due to the malformed php_filter_float() function and leads to a use-after-free vulnerability. This flaw...
CVE-2021-21707 AVG-2566 Low Yes Insufficient validation
A security issue has been found in PHP before versions 8.0.13 and 7.4.26 where a libxml-based XML functions accepting a filename actually accept URIs with...
CVE-2021-21706 AVG-2420 Medium Yes Directory traversal
A security issue has been found in PHP on Windows before versions 8.0.11 and 7.4.24. It is possible to construct ZIP archives containing files which are...
CVE-2021-21705 AVG-2132 Medium Yes Insufficient validation
A security issue was found in the php_url_parse_ex() function in PHP before versions 8.0.8 and 7.4.21, which leads to FILTER_VALIDATE_URL accepting URLs...
CVE-2021-21704 AVG-2132 Medium Yes Denial of service
Multiple bugs in the pdo_firebase module allow a malicious firebase server or man-in-the-middle attacker to crash PHP before versions 8.0.8 and 7.4.21.
CVE-2021-21703 AVG-2486 Medium No Privilege escalation
A security issue was found in PHP before versions 8.0.12 and 7.4.25 in the PHP-FPM component. An out-of-bounds read/write in the root FPM at arbitrary...
CVE-2021-21702 AVG-1531 Medium Yes Denial of service
A security issue was found in PHP before versions 8.0.2, 7.4.15 and 7.3.27. PHP will crash with a SIGSEGV via null-pointer dereference whenever an XML is...
CVE-2020-7071 AVG-1415 Medium No Insufficient validation
A security issue was found in the php_url_parse_ex() function in PHP, which leads to FILTER_VALIDATE_URL accepting URLs with invalid userinfo. It is fixed...
CVE-2019-11043 AVG-1052 Critical Yes Arbitrary code execution
A buffer underflow issue has been found in the php-fpm component of php before 7.3.11, 7.2.24 and 7.1.33, leading to remote code execution in certain nginx...
CVE-2017-5340 AVG-105 High Yes Arbitrary code execution
It was found that PHP uses uninitialized memory during calls to `unserialize()`. The payload supplied to `unserialize()` may control this uninitialized...
CVE-2016-9936 AVG-105 High Yes Arbitrary code execution
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use- after-free) or...
CVE-2016-9935 AVG-105 Medium Yes Denial of service
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service...
CVE-2016-9934 AVG-58 Medium Yes Denial of service
It has been discovered that ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer...
CVE-2016-9933 AVG-58 Medium Yes Denial of service
Stack consumption vulnerability has been discovered in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used...
CVE-2016-9138 AVG-58 High Yes Arbitrary code execution
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing while unserializing, which allows remote attackers to...
CVE-2016-8670 AVG-58 High Yes Arbitrary code execution
A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf() was incorrectly handled, leading in some circumstances to an out of...
CVE-2016-7568 AVG-58 High Yes Arbitrary code execution
An integer overflow flaw, leading to a heap-based buffer overflow, was found in gd. A specially crafted image, when converted to webp, could cause the...
CVE-2016-7478 AVG-58 Medium Yes Denial of service
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a...
CVE-2016-7125 AVG-152 High Yes Access restriction bypass
It has been discovered that ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect...
CVE-2016-6911 AVG-58 Medium Yes Denial of service
A vulnerability was found in gd as used in php. The function dynamicGetbuf() failed to check for out of bounds reads. An attacker could create a crafted...

Advisories

Date Advisory Group Severity Type
06 Jul 2021 ASA-202107-15 AVG-2132 Medium multiple issues
07 Feb 2021 ASA-202102-15 AVG-1531 Medium denial of service
12 Jan 2021 ASA-202101-9 AVG-1415 Medium insufficient validation
25 Oct 2019 ASA-201910-14 AVG-1052 Critical arbitrary code execution
19 Jan 2017 ASA-201701-28 AVG-105 High multiple issues
18 Nov 2016 ASA-201611-19 AVG-58 High multiple issues