| CVE-2022-31626 |
AVG-2768 |
Unknown |
Unknown |
Unknown |
Unknown |
| CVE-2022-31625 |
AVG-2768 |
Unknown |
Unknown |
Unknown |
Unknown |
| CVE-2021-21708 |
AVG-2695 |
Critical |
Yes |
Arbitrary file upload |
A flaw was found in PHP. The vulnerability occurs due to the malformed php_filter_float() function and leads to a use-after-free vulnerability. This flaw... |
| CVE-2021-21707 |
AVG-2566 |
Low |
Yes |
Insufficient validation |
A security issue has been found in PHP before versions 8.0.13 and 7.4.26 where a libxml-based XML functions accepting a filename actually accept URIs with... |
| CVE-2021-21706 |
AVG-2420 |
Medium |
Yes |
Directory traversal |
A security issue has been found in PHP on Windows before versions 8.0.11 and 7.4.24. It is possible to construct ZIP archives containing files which are... |
| CVE-2021-21705 |
AVG-2132 |
Medium |
Yes |
Insufficient validation |
A security issue was found in the php_url_parse_ex() function in PHP before versions 8.0.8 and 7.4.21, which leads to FILTER_VALIDATE_URL accepting URLs... |
| CVE-2021-21704 |
AVG-2132 |
Medium |
Yes |
Denial of service |
Multiple bugs in the pdo_firebase module allow a malicious firebase server or man-in-the-middle attacker to crash PHP before versions 8.0.8 and 7.4.21. |
| CVE-2021-21703 |
AVG-2486 |
Medium |
No |
Privilege escalation |
A security issue was found in PHP before versions 8.0.12 and 7.4.25 in the PHP-FPM component. An out-of-bounds read/write in the root FPM at arbitrary... |
| CVE-2021-21702 |
AVG-1531 |
Medium |
Yes |
Denial of service |
A security issue was found in PHP before versions 8.0.2, 7.4.15 and 7.3.27. PHP will crash with a SIGSEGV via null-pointer dereference whenever an XML is... |
| CVE-2020-7071 |
AVG-1415 |
Medium |
No |
Insufficient validation |
A security issue was found in the php_url_parse_ex() function in PHP, which leads to FILTER_VALIDATE_URL accepting URLs with invalid userinfo. It is fixed... |
| CVE-2019-11043 |
AVG-1052 |
Critical |
Yes |
Arbitrary code execution |
A buffer underflow issue has been found in the php-fpm component of php before 7.3.11, 7.2.24 and 7.1.33, leading to remote code execution in certain nginx... |
| CVE-2017-5340 |
AVG-105 |
High |
Yes |
Arbitrary code execution |
It was found that PHP uses uninitialized memory during calls to `unserialize()`. The payload supplied to `unserialize()` may control this uninitialized... |
| CVE-2016-9936 |
AVG-105 |
High |
Yes |
Arbitrary code execution |
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use- after-free) or... |
| CVE-2016-9935 |
AVG-105 |
Medium |
Yes |
Denial of service |
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service... |
| CVE-2016-9934 |
AVG-58 |
Medium |
Yes |
Denial of service |
It has been discovered that ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer... |
| CVE-2016-9933 |
AVG-58 |
Medium |
Yes |
Denial of service |
Stack consumption vulnerability has been discovered in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used... |
| CVE-2016-9138 |
AVG-58 |
High |
Yes |
Arbitrary code execution |
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing while unserializing, which allows remote attackers to... |
| CVE-2016-8670 |
AVG-58 |
High |
Yes |
Arbitrary code execution |
A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf() was incorrectly handled, leading in some circumstances to an out of... |
| CVE-2016-7568 |
AVG-58 |
High |
Yes |
Arbitrary code execution |
An integer overflow flaw, leading to a heap-based buffer overflow, was found in gd. A specially crafted image, when converted to webp, could cause the... |
| CVE-2016-7478 |
AVG-58 |
Medium |
Yes |
Denial of service |
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a... |
| CVE-2016-7125 |
AVG-152 |
High |
Yes |
Access restriction bypass |
It has been discovered that ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect... |
| CVE-2016-6911 |
AVG-58 |
Medium |
Yes |
Denial of service |
A vulnerability was found in gd as used in php. The function dynamicGetbuf() failed to check for out of bounds reads. An attacker could create a crafted... |