php7-fastcgi (SUSE:Linux Enterprise Module for Legacy 15 SP4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Legacy 15 SP4 package php7-fastcgi, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (16)
CVE-2022-37454 — CVSS 9.8 (critical): The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers…
CVE-2023-3824 — CVSS 9.4 (critical): In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory…
CVE-2022-31631 — CVSS 9.1 (critical): In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data…
CVE-2023-3823 — CVSS 8.6 (high): In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track…
CVE-2021-21708 — CVSS 8.2 (high): In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT…
CVE-2022-31625 — CVSS 8.1 (high): In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid…
CVE-2023-0567 — CVSS 7.7 (high): In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes…
CVE-2023-0568 — CVSS 7.5 (high): In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small…
CVE-2022-31626 — CVSS 7.5 (high): In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third…
CVE-2023-0662 — CVSS 7.5 (high): In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high…
CVE-2022-31629 — CVSS 6.5 (medium): In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure…
CVE-2022-31630 — CVSS 6.5 (medium): In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a…
CVE-2022-4900 — CVSS 6.2 (medium): A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer…
CVE-2021-21707 — CVSS 5.3 (medium): In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file()…
CVE-2023-3247 — CVSS 2.6 (low): In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value…
CVE-2022-31628 — CVSS 2.3 (low): In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in…