VYPR

apk package

wolfi/php-8.3-calendar-config

pkg:apk/wolfi/php-8.3-calendar-config

Vulnerabilities (13)

  • CVE-2024-11233Nov 24, 2024
    affected < 8.3.14-r0fixed 8.3.14-r0

    In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory ar

  • CVE-2024-11234Nov 24, 2024
    affected < 8.3.14-r0fixed 8.3.14-r0

    In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbi

  • CVE-2024-11236Nov 24, 2024
    affected < 8.3.14-r0fixed 8.3.14-r0

    In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

  • CVE-2024-8929Nov 22, 2024
    affected < 8.3.14-r0fixed 8.3.14-r0

    In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.

  • CVE-2024-8932Nov 22, 2024
    affected < 8.3.14-r0fixed 8.3.14-r0

    In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.

  • CVE-2022-4900Nov 2, 2023
    affected < 0fixed 0

    A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.

  • CVE-2022-4455Dec 13, 2022
    affected < 0fixed 0

    A vulnerability was identified in sproctor php-calendar up to 2.0.13. This impacts an unknown function of the file index.php. Such manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be launched remotely. The name of the patch is a29411

  • CVE-2015-3211MedAug 25, 2017
    affected < 0fixed 0

    php-fpm allows local users to write to or create arbitrary files via a symlink attack.

  • CVE-2017-6485MedMar 5, 2017
    affected < 0fixed 0

    A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script cod

  • CVE-2007-4889Sep 14, 2007
    affected < 0fixed 0

    The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.

  • CVE-2007-4596Aug 30, 2007
    affected < 0fixed 0

    The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments.

  • CVE-2007-3205Jun 13, 2007
    affected < 0fixed 0

    The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a

  • CVE-2007-2728May 16, 2007
    affected < 0fixed 0

    The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue.