Search CVE reports
11 – 13 of 13 results
CVE-2024-3096
Medium prioritySome fixes available 6 of 7
In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | — | — |
| php7.0 | Not in release | Not in release | Not in release | — | Fixed |
| php7.2 | Not in release | Not in release | Not in release | Fixed | — |
| php7.4 | Not in release | Not in release | Fixed | — | — |
| php8.1 | Not in release | Fixed | Not in release | — | — |
| php8.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.3 | Fixed | Not in release | Not in release | Not in release | Not in release |
CVE-2024-2756
Medium prioritySome fixes available 6 of 7
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure-...
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | Not in release | Not in release | Not in release | — | — |
| php7.0 | Not in release | Not in release | Not in release | — | Fixed |
| php7.2 | Not in release | Not in release | Not in release | Fixed | — |
| php7.4 | Not in release | Not in release | Fixed | — | — |
| php8.1 | Not in release | Fixed | Not in release | — | — |
| php8.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.3 | Fixed | Not in release | Not in release | Not in release | Not in release |
CVE-2022-4900
Low prioritySome fixes available 2 of 3
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.
7 affected packages
php5, php7.0, php7.2, php7.4, php8.1...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| php5 | — | Not in release | Not in release | Not in release | Not in release |
| php7.0 | — | Not in release | Not in release | Not in release | Not affected |
| php7.2 | — | Not in release | Not in release | Not affected | Not in release |
| php7.4 | — | Not in release | Fixed | Not in release | Not in release |
| php8.1 | Not in release | Fixed | Not in release | Not in release | Not in release |
| php8.2 | Not in release | Not in release | Not in release | Not in release | Not in release |
| php8.3 | Not affected | Not in release | Not in release | Not in release | Not in release |