Search CVE reports
741 – 750 of 50657 results
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input...
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Needs evaluation |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php8.5 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of...
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Needs evaluation |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php8.5 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted across requests via session...
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Needs evaluation |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php8.5 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, resulting in a segmentation fault...
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Not affected |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php8.5 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On the systems with default...
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Not affected |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php8.5 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary...
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Needs evaluation |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php8.5 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their...
8 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 16.04 LTS |
|---|---|
| php5 | — |
| php7.0 | Needs evaluation |
| php7.2 | — |
| php7.4 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php8.5 | — |
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a...
8 affected packages
php8.5, php8.1, php8.3, php8.4, php5...
| Package | 16.04 LTS |
|---|---|
| php8.5 | — |
| php8.1 | — |
| php8.3 | — |
| php8.4 | — |
| php5 | — |
| php7.0 | Needs evaluation |
| php7.2 | — |
| php7.4 | — |
A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based...
1 affected package
gdal
| Package | 16.04 LTS |
|---|---|
| gdal | Ignored |
A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack...
1 affected package
gdal
| Package | 16.04 LTS |
|---|---|
| gdal | Ignored |