php

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A general-purpose scripting language that is especially suited to web development
Version 8.0.6-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1531 8.0.1-1 8.0.2-1 Medium Fixed
AVG-1415 7.4.13-2 7.4.14-1 Medium Fixed FS#69242
AVG-1052 7.3.10-1 7.3.11-1 Critical Fixed
AVG-152 7.0.9-1 7.0.10-1 High Fixed
AVG-105 7.0.13-1 7.1.1-0 High Fixed
AVG-58 7.0.12-2 7.0.13-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-21702 AVG-1531 Medium Yes Denial of service
A security issue was found in PHP before versions 8.0.2, 7.4.15 and 7.3.27. PHP will crash with a SIGSEGV via null-pointer dereference whenever an XML is...
CVE-2020-7071 AVG-1415 Medium No Insufficient validation
A security issue was found in the php_url_parse_ex() function in PHP, which leads to FILTER_VALIDATE_URL accepting URLs with invalid userinfo. It is fixed...
CVE-2019-11043 AVG-1052 Critical Yes Arbitrary code execution
A buffer underflow issue has been found in the php-fpm component of php before 7.3.11, 7.2.24 and 7.1.33, leading to remote code execution in certain nginx...
CVE-2017-5340 AVG-105 High Yes Arbitrary code execution
It was found that PHP uses uninitialized memory during calls to `unserialize()`. The payload supplied to `unserialize()` may control this uninitialized...
CVE-2016-9936 AVG-105 High Yes Arbitrary code execution
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use- after-free) or...
CVE-2016-9935 AVG-105 Medium Yes Denial of service
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service...
CVE-2016-9934 AVG-58 Medium Yes Denial of service
It has been discovered that ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer...
CVE-2016-9933 AVG-58 Medium Yes Denial of service
Stack consumption vulnerability has been discovered in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used...
CVE-2016-9138 AVG-58 High Yes Arbitrary code execution
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing while unserializing, which allows remote attackers to...
CVE-2016-8670 AVG-58 High Yes Arbitrary code execution
A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf() was incorrectly handled, leading in some circumstances to an out of...
CVE-2016-7568 AVG-58 High Yes Arbitrary code execution
An integer overflow flaw, leading to a heap-based buffer overflow, was found in gd. A specially crafted image, when converted to webp, could cause the...
CVE-2016-7478 AVG-58 Medium Yes Denial of service
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a...
CVE-2016-7125 AVG-152 High Yes Access restriction bypass
It has been discovered that ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect...
CVE-2016-6911 AVG-58 Medium Yes Denial of service
A vulnerability was found in gd as used in php. The function dynamicGetbuf() failed to check for out of bounds reads. An attacker could create a crafted...

Advisories

Date Advisory Group Severity Type
07 Feb 2021 ASA-202102-15 AVG-1531 Medium denial of service
12 Jan 2021 ASA-202101-9 AVG-1415 Medium insufficient validation
25 Oct 2019 ASA-201910-14 AVG-1052 Critical arbitrary code execution
19 Jan 2017 ASA-201701-28 AVG-105 High multiple issues
18 Nov 2016 ASA-201611-19 AVG-58 High multiple issues