Search CVE reports
41 – 43 of 43 results
Some fixes available 7 of 8
In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release | — |
| php7.0 | Not in release | Not in release | Not in release | Not in release | — |
| php7.2 | Not in release | Not in release | Not in release | Not in release | Fixed |
| php7.4 | Not in release | Not in release | Not in release | Fixed | — |
| php8.1 | Not in release | Not in release | Fixed | Not in release | — |
| php8.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.3 | Not in release | Fixed | Not in release | Not in release | Not in release |
Some fixes available 7 of 8
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | Not in release | — |
| php7.0 | Not in release | Not in release | Not in release | Not in release | — |
| php7.2 | Not in release | Not in release | Not in release | Not in release | Fixed |
| php7.4 | Not in release | Not in release | Not in release | Fixed | — |
| php8.1 | Not in release | Not in release | Fixed | Not in release | — |
| php8.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.3 | Not in release | Fixed | Not in release | Not in release | Not in release |
Some fixes available 2 of 3
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| php5 | — | — | Not in release | Not in release | Not in release |
| php7.0 | — | — | Not in release | Not in release | Not in release |
| php7.2 | — | — | Not in release | Not in release | Not affected |
| php7.4 | — | — | Not in release | Fixed | Not in release |
| php8.1 | — | Not in release | Fixed | Not in release | Not in release |
| php8.2 | — | Not in release | Not in release | Not in release | Not in release |
| php8.3 | — | Not affected | Not in release | Not in release | Not in release |