PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 883

BDU:2020-03142

почти 7 лет назад

Уязвимость функции exif_process_IFD_in_MAKERNOTE расширения EXIF интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

CVSS3: 5.9

EPSS: Средний

openSUSE-SU-2019:0276-1

почти 7 лет назад

Security update for php5

EPSS: Высокий

CVE-2019-9639

почти 7 лет назад

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.

CVSS3: 5.3

EPSS: Средний

CVE-2019-9025

почти 7 лет назад

An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data.

CVSS3: 9.8

EPSS: Низкий

CVE-2019-9025

почти 7 лет назад

An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyt ...

CVSS3: 9.8

EPSS: Низкий

CVE-2019-9024

почти 7 лет назад

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.

CVSS3: 7.5

EPSS: Средний

CVE-2019-9024

почти 7 лет назад

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ...

CVSS3: 7.5

EPSS: Средний

CVE-2019-9023

почти 7 лет назад

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.

CVSS3: 9.8

EPSS: Средний

CVE-2019-9023

почти 7 лет назад

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ...

CVSS3: 9.8

EPSS: Средний

CVE-2019-9022

почти 7 лет назад

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
BDU:2020-03142 Уязвимость функции exif_process_IFD_in_MAKERNOTE расширения EXIF интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации	CVSS3: 5.9	18% Средний	почти 7 лет назад
openSUSE-SU-2019:0276-1 Security update for php5		88% Высокий	почти 7 лет назад
CVE-2019-9639 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.	CVSS3: 5.3	18% Средний	почти 7 лет назад
CVE-2019-9025 An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data.	CVSS3: 9.8	2% Низкий	почти 7 лет назад
CVE-2019-9025 An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyt ...	CVSS3: 9.8	2% Низкий	почти 7 лет назад
CVE-2019-9024 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.	CVSS3: 7.5	17% Средний	почти 7 лет назад
CVE-2019-9024 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ...	CVSS3: 7.5	17% Средний	почти 7 лет назад
CVE-2019-9023 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.	CVSS3: 9.8	12% Средний	почти 7 лет назад
CVE-2019-9023 An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x ...	CVSS3: 9.8	12% Средний	почти 7 лет назад
CVE-2019-9022 An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.	CVSS3: 7.5	8% Низкий	почти 7 лет назад

Уязвимостей на страницу