php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

  Showing 1-30 of 392 Show Next 30 Entries »
ID# Date Last Modified Package Type Status PHP Version OS Summary Assigned
70081
(edit)		 2015-07-15 11:41 UTC 2023-12-31 10:07 UTC SOAP related Sec Bug Closed Irrelevant Ubuntu x86_64 Hidden because of SPAM ondrej
81746
(edit)		 2023-01-20 22:19 UTC 2023-02-13 04:40 UTC *Directory/Filesystem functions Sec Bug Closed 8.0.27 Linux 1-byte array overrun in common path resolve code stas
81744
(edit)		 2023-01-05 12:52 UTC 2023-02-13 04:40 UTC *Encryption and hash functions Sec Bug Closed 8.2.0   Password_verify() always return true with some hash stas
81740
(edit)		 2022-10-29 13:25 UTC 2022-12-19 06:27 UTC PDO SQLite Sec Bug Closed 7.4Git-2022-10-29 (Git) * PDO::quote() may return unquoted string stas
81739
(edit)		 2022-10-12 16:13 UTC 2022-10-24 00:58 UTC GD related Sec Bug Closed 7.4Git-2022-10-12 (Git) * OOB read due to insufficient input validation in imageloadfont() stas
81738
(edit)		 2022-10-11 18:24 UTC 2022-10-21 05:55 UTC hash related Sec Bug Closed 8.2.0RC3 all 64-bit buffer overflow in hash_update() on long parameter  
81726
(edit)		 2022-07-19 14:30 UTC 2022-09-29 18:58 UTC PHAR related Sec Bug Closed 7.4.30 ubuntu-20.04 phar wrapper can occur dos when using quine gzip file stas
81727
(edit)		 2022-08-12 09:44 UTC 2022-09-29 18:57 UTC HTTP related Sec Bug Closed Irrelevant Any $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities derick
81723
(edit)		 2022-06-27 22:59 UTC 2022-07-05 07:05 UTC Filesystem function related Sec Bug Closed 8.1.7 Linux Heap buffer overflow in finfo_buffer stas
81719
(edit)		 2022-05-16 14:33 UTC 2022-06-15 07:24 UTC PDO MySQL Sec Bug Closed 8.1.6   mysqlnd/pdo password buffer overflow leading to RCE cmb
81713
(edit)		 2022-03-10 11:30 UTC 2022-06-10 08:46 UTC OpenSSL related Sec Bug Closed PHP 7.4 all NULL byte injection in several OpenSSL functions working with certificates bukka
81720
(edit)		 2022-05-16 14:50 UTC 2022-06-06 07:13 UTC PostgreSQL related Sec Bug Closed 8.1.6   Uninitialized array in pg_query_params() leading to RCE stas
81708
(edit)		 2022-01-30 09:00 UTC 2022-02-14 06:07 UTC Filter related Sec Bug Closed 8.0.15 centos 8 UAF due to php_filter_float() failing for ints stas
79971
(edit)		 2020-08-13 13:09 UTC 2021-11-15 07:30 UTC *XML functions Sec Bug Closed 7.2 linux special character is breaking the path in xml function stas
81026
(edit)		 2021-05-10 09:16 UTC 2021-10-26 11:42 UTC FPM related Sec Bug Closed 8.0.6   PHP-FPM oob R/W in root process leading to privilege escalation bukka
81420
(edit)		 2021-09-06 14:20 UTC 2021-09-21 04:36 UTC Zip Related Sec Bug Closed 7.3 Windows ZipArchive::extractTo may extract outside of destination dir stas
81211
(edit)		 2021-06-30 12:59 UTC 2021-08-26 20:59 UTC PHAR related Sec Bug Closed 8.1Git-2021-06-30 (Git) MacOS, Linux Symlinks are followed when creating PHAR archive stas
81122
(edit)		 2021-06-10 02:37 UTC 2021-07-16 22:03 UTC URL related Sec Bug Closed 8.0.7 All SSRF bypass in FILTER_VALIDATE_URL cmb
76448
(edit)		 2018-06-11 19:34 UTC 2021-06-28 04:40 UTC PDO Firebird Sec Bug Closed 7.3.0alpha1   Stack buffer overflow in firebird_info_cb stas
76449
(edit)		 2018-06-11 19:50 UTC 2021-06-28 04:40 UTC PDO Firebird Sec Bug Closed 7.3.0alpha1   SIGSEGV in firebird_handle_doer stas
76450
(edit)		 2018-06-11 20:02 UTC 2021-06-28 04:40 UTC PDO Firebird Sec Bug Closed 7.3.0alpha1   SIGSEGV in firebird_stmt_execute stas
76452
(edit)		 2018-06-11 20:17 UTC 2021-06-28 04:40 UTC PDO Firebird Sec Bug Closed 7.3.0alpha1   Crash while parsing blob data in firebird_fetch_blob stas
80710
(edit)		 2021-02-04 12:14 UTC 2021-04-27 06:05 UTC IMAP related Sec Bug Closed 7.4.14 cross php imap mime crlf header injection mime splitting multipart injection stas
77423
(edit)		 2019-01-07 10:16 UTC 2021-02-15 10:28 UTC *URL Functions Sec Bug Closed 5.6.39 linux FILTER_VALIDATE_URL accepts URLs with invalid userinfo stas
80711
(edit)		 2021-02-04 15:31 UTC 2021-02-05 15:39 UTC Systems problem Sec Bug Closed 8.0.2 N/A Archives doesn't matches sha256sum nor GPG Signatures pollita
80672
(edit)		 2021-01-26 16:12 UTC 2021-02-01 08:15 UTC SOAP related Sec Bug Closed 7.4.14 Ubuntu Null Dereference in SoapClient stas
79405
(edit)		 2020-03-23 02:01 UTC 2021-01-04 09:21 UTC *Network Functions Sec Bug Closed All All gethostbyname() silently truncates after a null byte stas
80235
(edit)		 2020-10-14 11:52 UTC 2020-10-19 06:51 UTC DOM XML related Sec Bug Closed 8.0.0rc1   libxml_disable_entity_loader deprecated but XSD external references possilbe beberlei
79601
(edit)		 2020-05-15 10:46 UTC 2020-09-29 20:29 UTC OpenSSL related Sec Bug Closed Irrelevant * Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV bukka
79699
(edit)		 2020-06-14 19:37 UTC 2020-09-29 06:12 UTC HTTP related Sec Bug Closed 7.4.7 macOS (but should affect any) PHP parses encoded cookie names so malicious `__Host-` cookies can be sent stas
  Showing 1-30 of 392 Show Next 30 Entries »
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Tue Apr 23 15:01:32 2024 UTC