Search for packages
| purl | pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-11jg-tu1t-abh6 | Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution. |
CVE-2022-31629
|
| VCID-1re1-15w4-cqeq | php: Leak partial content of the heap through heap buffer over-read in mysqlnd |
CVE-2024-8929
|
| VCID-26ab-3bt8-jkf3 | php: heap-based buffer overflow in array_merge() |
CVE-2025-14178
|
| VCID-2adj-dp22-xyeb | Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary shell commands. |
CVE-2020-7062
|
| VCID-2dg4-b7g9-eubx | Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution. |
CVE-2022-31630
|
| VCID-2tux-e678-hubz | Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation. |
CVE-2022-31627
|
| VCID-2yrz-qpqj-9ugn | Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. |
CVE-2020-7071
|
| VCID-32yk-5b4h-4bfv | php: Fail to Escape Arguments Properly in Microsoft Windows |
CVE-2024-1874
|
| VCID-341r-8amt-z7dr | php: Configuring a proxy in a stream context might allow for CRLF injection in URIs |
CVE-2024-11234
|
| VCID-3xsn-r6dz-rfbv | Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary shell commands. |
CVE-2020-7063
|
| VCID-46m1-33z3-ruhk | php: PHP: Denial of Service via invalid character sequence in PDO PostgreSQL prepared statement |
CVE-2025-14180
|
| VCID-53h9-y2ns-jfh1 | Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to arbitrary code execution. |
CVE-2024-8927
|
| VCID-5jts-46jw-tfdp | Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service. |
CVE-2024-5585
|
| VCID-6g29-te13-kucu | Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to arbitrary code execution. |
CVE-2024-9026
|
| VCID-7151-69v8-cqaj | php: Integer overflow in the firebird and dblib quoters causing OOB writes |
CVE-2024-11236
|
| VCID-7mcr-tsd2-tkf2 | Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. |
CVE-2020-7070
|
| VCID-7qqj-hp6m-z7bh | php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix |
CVE-2025-6491
|
| VCID-8kna-v21h-qfb5 | Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation. |
CVE-2021-21704
|
| VCID-99r7-s4va-3kes | Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation. |
CVE-2021-21705
|
| VCID-9byf-ymwr-eug8 | php: Single byte overread with convert.quoted-printable-decode filter |
CVE-2024-11233
|
| VCID-9p3x-8hp1-2bge | Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service. |
CVE-2023-0568
|
| VCID-a21g-6nbb-fbb1 | php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP |
CVE-2023-3247
|
| VCID-araj-st9q-3keq | Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. |
CVE-2020-7069
|
| VCID-b3v5-hed2-wqeb | Multiple vulnerabilities have been found in PHP, the worst of which could result in arbitrary code execution. |
CVE-2022-31628
|
| VCID-bf18-3zx5-f7gr | php: Header parser of http stream wrapper does not handle folded headers |
CVE-2025-1217
|
| VCID-buvz-8rkh-8kak | Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation. |
CVE-2021-21708
|
| VCID-c524-3my9-n7d3 | Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation. |
CVE-2022-31625
|
| VCID-dmvz-493v-mfdr | Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service. |
CVE-2024-3096
|
| VCID-dqb9-fgsz-rycp | Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service. |
CVE-2024-2756
|
| VCID-e16f-4ynx-fqb9 | Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service. |
CVE-2024-5458
|
| VCID-es75-j9rx-zbe5 | security update |
CVE-2020-7067
|
| VCID-ewbq-2gm8-tyf5 | Buffer overflow in sponge queue functions ### Impact The Keccak sponge function interface accepts partial inputs to be absorbed and partial outputs to be squeezed. A buffer can overflow when partial data with some specific sizes are queued, where at least one of them has a length of 2^32 - 200 bytes or more. ### Patches Yes, see commit [fdc6fef0](https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a). ### Workarounds The problem can be avoided by limiting the size of the partial input data (or partial output digest) below 2^32 - 200 bytes. Multiple calls to the queue system can be chained at a higher level to retain the original functionality. Alternatively, one can process the entire input (or produce the entire output) at once, avoiding the queuing functions altogether. ### References See [issue #105](https://github.com/XKCP/XKCP/issues/105) for more details. |
CVE-2022-37454
GHSA-6w4m-2xhg-2658 |
| VCID-f3vu-gjgg-zbgr | Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. |
CVE-2021-21702
|
| VCID-fhh6-shuh-v3am | php: potential buffer overflow in php_cli_server_startup_workers |
CVE-2022-4900
|
| VCID-fyhr-st6h-eker | php: PHP Hostname Null Character Vulnerability |
CVE-2025-1220
|
| VCID-g2sk-sa2j-dkcv | Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service. |
CVE-2023-3824
|
| VCID-gu2y-9qzw-8ke4 | Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service. |
CVE-2023-3823
|
| VCID-h5jx-kf86-5yej | Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary shell commands. |
CVE-2020-7066
|
| VCID-h7pk-y5gm-kyg7 | Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service. |
CVE-2023-0567
|
| VCID-hak4-3ww9-aydn | Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary shell commands. |
CVE-2020-7059
|
| VCID-hv57-6hth-6qfj | Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary shell commands. |
CVE-2020-7060
|
| VCID-k9ne-3nu5-xqdv | Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation. |
CVE-2021-21703
|
| VCID-ky48-2f2t-c7bb | Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary shell commands. |
CVE-2020-7065
|
| VCID-mtw1-k8na-2udv | Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service. |
CVE-2022-31631
|
| VCID-nrnn-pgxj-xugg | php: Stream HTTP wrapper truncates redirect location to 1024 bytes |
CVE-2025-1861
|
| VCID-p9rr-rq6w-3bhg | Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary shell commands. |
CVE-2020-7064
|
| VCID-qymx-je6t-23a6 | Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service. |
CVE-2024-2757
|
| VCID-qyx5-b321-2udm | php: Stream HTTP wrapper header check might omit basic auth header |
CVE-2025-1736
|
| VCID-rh5h-at8n-bfdj | php: PHP: Information disclosure via getimagesize() function when reading multi-chunk images |
CVE-2025-14177
|
| VCID-t862-kese-z7ae | php: libxml streams use wrong content-type header when requesting a redirected resource |
CVE-2025-1219
|
| VCID-tarw-3xd3-x3eh | php: Special character breaks path in xml parsing |
CVE-2021-21707
|
| VCID-tawz-4cft-97bd | In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions. |
CVE-2021-21706
|
| VCID-ugx8-uqup-n3b4 | php: OOB access in ldap_escape |
CVE-2024-8932
|
| VCID-uq31-93sm-r3b2 | security update |
CVE-2019-11048
|
| VCID-uqrh-9nue-rqgx | php: Streams HTTP wrapper does not fail for headers with invalid name and no colon |
CVE-2025-1734
|
| VCID-uush-g6k9-9ffm | php: pgsql extension does not check for errors during escaping |
CVE-2025-1735
|
| VCID-v42g-pabn-yqe7 | Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to arbitrary code execution. |
CVE-2024-8925
|
| VCID-vfx1-jn3w-1fb9 | php: PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass) |
CVE-2024-8926
|
| VCID-vz8y-te3y-gqhp | Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service. |
CVE-2023-0662
|
| VCID-w3f2-4edy-zyg4 | A vulnerabilities in PHP could lead to a Denial of Service condition. |
CVE-2020-7068
|
| VCID-x2s3-ku1g-gfgh | Multiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service. |
CVE-2024-4577
|
| VCID-yfbz-bzvk-xke4 | Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation. |
CVE-2022-31626
|
| VCID-zjc4-mxte-f7hz | Multiple vulnerabilities have been found in PHP, the worst of which could result in the execution of arbitrary shell commands. |
CVE-2020-7061
|