apk package
wolfi/php-8.5
pkg:apk/wolfi/php-8.5
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-4455 | — | < 0 | 0 | Dec 13, 2022 | A vulnerability was identified in sproctor php-calendar up to 2.0.13. This impacts an unknown function of the file index.php. Such manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be launched remotely. The name of the patch is a29411 | ||
| CVE-2017-6485 | Med | 6.1 | < 0 | 0 | Mar 5, 2017 | A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script cod | |
| CVE-2007-4596 | — | < 8.5.2-r0 | 8.5.2-r0 | Aug 30, 2007 | The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments. | ||
| CVE-2007-3205 | — | < 8.5.2-r0 | 8.5.2-r0 | Jun 13, 2007 | The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a | ||
| CVE-2007-2728 | — | < 8.5.2-r0 | 8.5.2-r0 | May 16, 2007 | The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue. |
- CVE-2022-4455Dec 13, 2022affected < 0fixed 0
A vulnerability was identified in sproctor php-calendar up to 2.0.13. This impacts an unknown function of the file index.php. Such manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be launched remotely. The name of the patch is a29411
- affected < 0fixed 0
A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script cod
- CVE-2007-4596Aug 30, 2007affected < 8.5.2-r0fixed 8.5.2-r0
The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments.
- CVE-2007-3205Jun 13, 2007affected < 8.5.2-r0fixed 8.5.2-r0
The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a
- CVE-2007-2728May 16, 2007affected < 8.5.2-r0fixed 8.5.2-r0
The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue.