Vulnerabilities > PHP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-22 | CVE-2023-3247 | Use of Insufficiently Random Values vulnerability in PHP In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. | 4.3 |
| 2023-03-01 | CVE-2023-0567 | Use of Password Hash With Insufficient Computational Effort vulnerability in PHP In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. | 6.2 |
| 2023-02-16 | CVE-2023-0568 | Allocation of Resources Without Limits or Throttling vulnerability in PHP In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. | 8.1 |
| 2023-02-16 | CVE-2023-0662 | Resource Exhaustion vulnerability in PHP In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. | 7.5 |
| 2022-11-14 | CVE-2022-31630 | Out-of-bounds Read vulnerability in PHP In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. | 7.1 |
| 2022-10-21 | CVE-2022-37454 | Integer Overflow or Wraparound vulnerability in multiple products The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. network low complexity extended-keccak-code-package-project debian fedoraproject php python sha3-project pysha3-project pypy CWE-190 critical | 9.8 |
| 2022-09-28 | CVE-2022-31628 | Infinite Loop vulnerability in multiple products In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. | 5.5 |
| 2022-09-28 | CVE-2022-31629 | In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. | 6.5 |
| 2022-07-28 | CVE-2022-31627 | Out-of-bounds Write vulnerability in PHP In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption. | 9.8 |
| 2022-06-16 | CVE-2022-31625 | Release of Invalid Pointer or Reference vulnerability in multiple products In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. | 8.1 |