php.net
|
support
|
documentation
|
report a bug
|
advanced search
|
search howto
|
statistics
|
random bug
|
login
go to bug id or search bugs for
Showing 1-30 of 392
Show Next 30 Entries »
ID#
Date
Last Modified
Package
Type
Status
PHP Version
OS
Summary
Assigned
70081
(edit)
2015-07-15 11:41 UTC
2023-12-31 10:07 UTC
SOAP related
Sec Bug
Closed
Irrelevant
Ubuntu x86_64
Hidden because of SPAM
ondrej
81746
(edit)
2023-01-20 22:19 UTC
2023-02-13 04:40 UTC
*Directory/Filesystem functions
Sec Bug
Closed
8.0.27
Linux
1-byte array overrun in common path resolve code
stas
81744
(edit)
2023-01-05 12:52 UTC
2023-02-13 04:40 UTC
*Encryption and hash functions
Sec Bug
Closed
8.2.0
Password_verify() always return true with some hash
stas
81740
(edit)
2022-10-29 13:25 UTC
2022-12-19 06:27 UTC
PDO SQLite
Sec Bug
Closed
7.4Git-2022-10-29 (Git)
*
PDO::quote() may return unquoted string
stas
81739
(edit)
2022-10-12 16:13 UTC
2022-10-24 00:58 UTC
GD related
Sec Bug
Closed
7.4Git-2022-10-12 (Git)
*
OOB read due to insufficient input validation in imageloadfont()
stas
81738
(edit)
2022-10-11 18:24 UTC
2022-10-21 05:55 UTC
hash related
Sec Bug
Closed
8.2.0RC3
all 64-bit
buffer overflow in hash_update() on long parameter
81726
(edit)
2022-07-19 14:30 UTC
2022-09-29 18:58 UTC
PHAR related
Sec Bug
Closed
7.4.30
ubuntu-20.04
phar wrapper can occur dos when using quine gzip file
stas
81727
(edit)
2022-08-12 09:44 UTC
2022-09-29 18:57 UTC
HTTP related
Sec Bug
Closed
Irrelevant
Any
$_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities
derick
81723
(edit)
2022-06-27 22:59 UTC
2022-07-05 07:05 UTC
Filesystem function related
Sec Bug
Closed
8.1.7
Linux
Heap buffer overflow in finfo_buffer
stas
81719
(edit)
2022-05-16 14:33 UTC
2022-06-15 07:24 UTC
PDO MySQL
Sec Bug
Closed
8.1.6
mysqlnd/pdo password buffer overflow leading to RCE
cmb
81713
(edit)
2022-03-10 11:30 UTC
2022-06-10 08:46 UTC
OpenSSL related
Sec Bug
Closed
PHP 7.4
all
NULL byte injection in several OpenSSL functions working with certificates
bukka
81720
(edit)
2022-05-16 14:50 UTC
2022-06-06 07:13 UTC
PostgreSQL related
Sec Bug
Closed
8.1.6
Uninitialized array in pg_query_params() leading to RCE
stas
81708
(edit)
2022-01-30 09:00 UTC
2022-02-14 06:07 UTC
Filter related
Sec Bug
Closed
8.0.15
centos 8
UAF due to php_filter_float() failing for ints
stas
79971
(edit)
2020-08-13 13:09 UTC
2021-11-15 07:30 UTC
*XML functions
Sec Bug
Closed
7.2
linux
special character is breaking the path in xml function
stas
81026
(edit)
2021-05-10 09:16 UTC
2021-10-26 11:42 UTC
FPM related
Sec Bug
Closed
8.0.6
PHP-FPM oob R/W in root process leading to privilege escalation
bukka
81420
(edit)
2021-09-06 14:20 UTC
2021-09-21 04:36 UTC
Zip Related
Sec Bug
Closed
7.3
Windows
ZipArchive::extractTo may extract outside of destination dir
stas
81211
(edit)
2021-06-30 12:59 UTC
2021-08-26 20:59 UTC
PHAR related
Sec Bug
Closed
8.1Git-2021-06-30 (Git)
MacOS, Linux
Symlinks are followed when creating PHAR archive
stas
81122
(edit)
2021-06-10 02:37 UTC
2021-07-16 22:03 UTC
URL related
Sec Bug
Closed
8.0.7
All
SSRF bypass in FILTER_VALIDATE_URL
cmb
76448
(edit)
2018-06-11 19:34 UTC
2021-06-28 04:40 UTC
PDO Firebird
Sec Bug
Closed
7.3.0alpha1
Stack buffer overflow in firebird_info_cb
stas
76449
(edit)
2018-06-11 19:50 UTC
2021-06-28 04:40 UTC
PDO Firebird
Sec Bug
Closed
7.3.0alpha1
SIGSEGV in firebird_handle_doer
stas
76450
(edit)
2018-06-11 20:02 UTC
2021-06-28 04:40 UTC
PDO Firebird
Sec Bug
Closed
7.3.0alpha1
SIGSEGV in firebird_stmt_execute
stas
76452
(edit)
2018-06-11 20:17 UTC
2021-06-28 04:40 UTC
PDO Firebird
Sec Bug
Closed
7.3.0alpha1
Crash while parsing blob data in firebird_fetch_blob
stas
80710
(edit)
2021-02-04 12:14 UTC
2021-04-27 06:05 UTC
IMAP related
Sec Bug
Closed
7.4.14
cross
php imap mime crlf header injection mime splitting multipart injection
stas
77423
(edit)
2019-01-07 10:16 UTC
2021-02-15 10:28 UTC
*URL Functions
Sec Bug
Closed
5.6.39
linux
FILTER_VALIDATE_URL accepts URLs with invalid userinfo
stas
80711
(edit)
2021-02-04 15:31 UTC
2021-02-05 15:39 UTC
Systems problem
Sec Bug
Closed
8.0.2
N/A
Archives doesn't matches sha256sum nor GPG Signatures
pollita
80672
(edit)
2021-01-26 16:12 UTC
2021-02-01 08:15 UTC
SOAP related
Sec Bug
Closed
7.4.14
Ubuntu
Null Dereference in SoapClient
stas
79405
(edit)
2020-03-23 02:01 UTC
2021-01-04 09:21 UTC
*Network Functions
Sec Bug
Closed
All
All
gethostbyname() silently truncates after a null byte
stas
80235
(edit)
2020-10-14 11:52 UTC
2020-10-19 06:51 UTC
DOM XML related
Sec Bug
Closed
8.0.0rc1
libxml_disable_entity_loader deprecated but XSD external references possilbe
beberlei
79601
(edit)
2020-05-15 10:46 UTC
2020-09-29 20:29 UTC
OpenSSL related
Sec Bug
Closed
Irrelevant
*
Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV
bukka
79699
(edit)
2020-06-14 19:37 UTC
2020-09-29 06:12 UTC
HTTP related
Sec Bug
Closed
7.4.7
macOS (but should affect any)
PHP parses encoded cookie names so malicious `__Host-` cookies can be sent
stas
Showing 1-30 of 392
Show Next 30 Entries »
Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Jun 16 01:01:29 2024 UTC