Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 42 results


CVE-2024-8926

Medium priority
Not affected

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.1, php8.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected
php7.4 Not in release Not in release Not affected
php8.1 Not in release Not affected Not in release
php8.3 Not affected Not in release Not in release
Show less packages

CVE-2024-9026

Medium priority
Fixed

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.1, php8.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected
php7.4 Not in release Not in release Not affected
php8.1 Not in release Fixed Not in release
php8.3 Fixed Not in release Not in release
Show less packages

CVE-2024-8927

Medium priority

Some fixes available 3 of 6

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.1, php8.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Needs evaluation
php7.2 Not in release Not in release Not in release Needs evaluation
php7.4 Not in release Not in release Fixed
php8.1 Not in release Fixed Not in release
php8.3 Fixed Not in release Not in release
Show less packages

CVE-2024-8925

Medium priority

Some fixes available 3 of 6

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to...

6 affected packages

php5, php7.0, php7.2, php7.4, php8.1, php8.3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Needs evaluation
php7.2 Not in release Not in release Not in release Needs evaluation
php7.4 Not in release Not in release Fixed
php8.1 Not in release Fixed Not in release
php8.3 Fixed Not in release Not in release
Show less packages

CVE-2024-5458

Medium priority

Some fixes available 6 of 7

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Fixed
php7.2 Not in release Not in release Not in release Fixed
php7.4 Not in release Not in release Fixed
php8.1 Not in release Fixed Not in release
php8.2 Not in release Not in release Not in release
php8.3 Fixed Not in release Not in release
Show all 7 packages Show less packages

CVE-2024-4577

Medium priority
Not affected

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected
php7.4 Not in release Not in release Not affected
php8.1 Not in release Not affected Not in release
php8.2 Not in release Not in release Not in release
php8.3 Not affected Not in release Not in release
Show all 7 packages Show less packages

CVE-2024-2408

Medium priority
Needs evaluation

The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected
php7.4 Not in release Not in release Not affected
php8.1 Not in release Not affected Not in release
php8.2 Not in release Not in release Not in release
php8.3 Not affected Not in release Not in release
Show all 7 packages Show less packages

CVE-2024-5585

Medium priority
Not affected

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax,...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected
php7.4 Not in release Not in release Not affected
php8.1 Not in release Not affected Not in release
php8.2 Not in release Not in release Not in release
php8.3 Not affected Not in release Not in release
Show all 7 packages Show less packages

CVE-2024-2757

Medium priority
Fixed

In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected
php7.4 Not in release Not in release Not affected
php8.1 Not in release Not affected Not in release
php8.2 Not in release Not in release Not in release Not in release Not in release
php8.3 Fixed Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages

CVE-2024-1874

Medium priority
Not affected

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious...

7 affected packages

php5, php7.0, php7.2, php7.4, php8.1...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php5 Not in release Not in release Not in release
php7.0 Not in release Not in release Not in release Not affected
php7.2 Not in release Not in release Not in release Not affected
php7.4 Not in release Not in release Not affected
php8.1 Not in release Not affected Not in release
php8.2 Not in release Not in release Not in release Not in release Not in release
php8.3 Not affected Not in release Not in release Not in release Not in release
Show all 7 packages Show less packages