php7 (SUSE:Enterprise Storage 7.1) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Enterprise Storage 7.1 package php7, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (15)
CVE-2025-1861 — CVSS 9.8 (critical): In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in…
CVE-2023-3824 — CVSS 9.4 (critical): In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory…
CVE-2022-31631 — CVSS 9.1 (critical): In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data…
CVE-2023-3823 — CVSS 8.6 (high): In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track…
CVE-2024-11235 — CVSS 8.1 (high): In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead…
CVE-2023-0567 — CVSS 7.7 (high): In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes…
CVE-2023-0662 — CVSS 7.5 (high): In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high…
CVE-2023-0568 — CVSS 7.5 (high): In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small…
CVE-2025-1736 — CVSS 7.3 (high): In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers…
CVE-2024-3096 — CVSS 6.5 (medium): In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null…
CVE-2024-2756 — CVSS 6.5 (medium): Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a…
CVE-2025-1219 — CVSS 5.3 (medium): In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP…
CVE-2024-5458 — CVSS 5.3 (medium): In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as…
CVE-2025-1734 — CVSS 5.3 (medium): In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from…
CVE-2025-1217 — CVSS 3.1 (low): In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module…