7.4.30

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-14	CVE-2022-31630	Out-of-bounds Read vulnerability in PHP In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. local low complexity php CWE-125	7.1
2022-10-21	CVE-2022-37454	Integer Overflow or Wraparound vulnerability in multiple products The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. network low complexity extended-keccak-code-package-project debian fedoraproject php python sha3-project pysha3-project pypy CWE-190 critical	9.8
2022-09-28	CVE-2022-31628	Infinite Loop vulnerability in multiple products In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. local low complexity php fedoraproject debian CWE-835	5.5
2022-09-28	CVE-2022-31629	In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. network low complexity php fedoraproject debian	6.5