PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 867
BDU:2021-01912
Уязвимость функции openssl_encrypt() языка программирования php, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность
BDU:2021-01913
Уязвимость механизма обработки файлов cookie языка программирования php, позволяющая нарушителю оказать воздействие на целостность данных
BDU:2021-01914
Уязвимость функции URL языка программирования php, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю оказать воздействие на целостность данных
openSUSE-SU-2020:0847-1
Security update for php7
SUSE-SU-2020:1661-1
Security update for php7
CVE-2020-7070
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
SUSE-SU-2020:1545-1
Security update for php7
CVE-2019-11048
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.
CVE-2019-11048
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below ...
CVE-2019-11048
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2021-01912 Уязвимость функции openssl_encrypt() языка программирования php, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность | CVSS3: 6.5 | 9% Низкий | больше 5 лет назад |
| BDU:2021-01913 Уязвимость механизма обработки файлов cookie языка программирования php, позволяющая нарушителю оказать воздействие на целостность данных | CVSS3: 5.3 | 26% Средний | больше 5 лет назад |
| BDU:2021-01914 Уязвимость функции URL языка программирования php, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю оказать воздействие на целостность данных | CVSS3: 5.3 | 7% Низкий | больше 5 лет назад |
 | openSUSE-SU-2020:0847-1 Security update for php7 | 13% Средний | больше 5 лет назад | |
| SUSE-SU-2020:1661-1 Security update for php7 | 13% Средний | больше 5 лет назад | |
 | CVE-2020-7070 In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. | CVSS3: 5.3 | 26% Средний | больше 5 лет назад |
| SUSE-SU-2020:1545-1 Security update for php7 | 13% Средний | больше 5 лет назад | |
 | CVE-2019-11048 In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server. | CVSS3: 5.3 | 13% Средний | больше 5 лет назад |
| CVE-2019-11048 In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below ... | CVSS3: 5.3 | 13% Средний | больше 5 лет назад |
 | CVE-2019-11048 In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server. | CVSS3: 5.3 | 13% Средний | больше 5 лет назад |
Уязвимостей на страницу