RHSA-2026:22305 Red Hat Security Advisory: php:8.2 security update

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2026-7262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding...

Linux Distros Unpatched Vulnerability : CVE-2026-6735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-016501)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016501 advisory. In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, due to an error inconvert.quoted-printable-decode filter certain data can lead to buffer...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005838)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005838 advisory. In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functio...

RHEL 8 : php:8.2 (RHSA-2026:1412)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1412 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: pgsql extension does not check fo...

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-872)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-872 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode...

Unity Linux 20.1070e Security Update: php (UTSA-2025-984693)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984693 advisory. In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from...

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-1088)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1088 advisory. fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. CVE-2025-1220 Missing error checking could resul...

RockyLinux 9 : php:8.2 (RLSA-2025:7432)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:7432 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-deco...

UBUNTU-CVE-2025-1220

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 some functions like fsockopen lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parseurl treat the hostname in different way, thus openin...

Exploit for SQL Injection in Dimdavid File_Provider

CVE-2025-4578 File Provider = 5.0.12 time-based blind - Parame...

RHEL 9 : php:8.2 (RHSA-2025:7432)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:7432 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap...

Moderate: Red Hat Security Advisory: php:8.2 security update

An update for the php:8.2 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-936)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-936 advisory. Header parser of http stream wrapper does not handle folded headers. CVE-2025-1217 When requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used t...

Debian dsa-5878 : libapache2-mod-php8.2 - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5878 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5878-1 [email protected] https://www.debian.org/securit...

php:8.2 security update

php 8.2.25-1 - rebase to 8.2.25 RHEL-65837 php-pecl-apcu 5.1.23-1 - update to 5.1.23 for PHP 8.2 RHEL-14699 php-pecl-rrd php-pecl-xdebug3 3.2.2-2 - drop inetntoa usage using upstream patch 3.2.2-1 - update to 3.2.2 for PHP 8.2 RHEL-14699 php-pecl-zip 1.22.3-1 - update to 1.22.3 for PHP 8.2...

DSA-5819-1 php8.2 - security update

Bulletin has no description...

CVE-2024-11236

CVE-2024-11236 affects PHP versions with ldap_escape() on 32-bit systems where uncontrolled long inputs can overflow an integer, causing an out-of-bounds write. Affected are PHP 8.1.x before 8.1.31, 8.2.x before 8.2.26, and 8.3.x before 8.3.14. The issue is described in multiple sources, includin...