PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 883
CVE-2019-19246
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
CVE-2019-11044
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
CVE-2010-4657
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
CVE-2010-4657
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlText ...
CVE-2010-4657
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
BDU:2022-02599
Уязвимость компонента XMLWriter интерпретатора языка программирования PHP, позволяющая нарушителю раскрыть защищаемую информацию
openSUSE-SU-2019:2457-1
Security update for php7
CVE-2019-11050
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
SUSE-SU-2019:2909-1
Security update for php72
RLSA-2019:3736
Critical: php:7.3 security update
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2019-19246 Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. | CVSS3: 7.5 | 0% Низкий | около 6 лет назад |
 | CVE-2019-11044 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. | 8% Низкий | около 6 лет назад | |
 | CVE-2010-4657 PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. | CVSS3: 7.5 | 2% Низкий | около 6 лет назад |
| CVE-2010-4657 PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlText ... | CVSS3: 7.5 | 2% Низкий | около 6 лет назад |
| CVE-2010-4657 PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. | CVSS3: 7.5 | 2% Низкий | около 6 лет назад |
 | BDU:2022-02599 Уязвимость компонента XMLWriter интерпретатора языка программирования PHP, позволяющая нарушителю раскрыть защищаемую информацию | CVSS3: 7.5 | 2% Низкий | около 6 лет назад |
 | openSUSE-SU-2019:2457-1 Security update for php7 | 94% Критический | около 6 лет назад | |
| CVE-2019-11050 When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. | CVSS3: 6.5 | 3% Низкий | больше 6 лет назад |
| SUSE-SU-2019:2909-1 Security update for php72 | 94% Критический | больше 6 лет назад | |
 | RLSA-2019:3736 Critical: php:7.3 security update | 94% Критический | больше 6 лет назад |
Уязвимостей на страницу