PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 883

CVE-2018-12882

больше 7 лет назад

exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.

CVSS3: 9.8

EPSS: Низкий

CVE-2018-14851

больше 7 лет назад

exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.

CVSS3: 5.9

EPSS: Низкий

CVE-2018-14883

больше 7 лет назад

An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.

CVSS3: 5.9

EPSS: Средний

CVE-2018-12882

больше 7 лет назад

CVSS3: 6.3

EPSS: Низкий

CVE-2018-10549

почти 8 лет назад

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.

CVSS3: 8.8

EPSS: Низкий

CVE-2018-10549

почти 8 лет назад

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ...

CVSS3: 8.8

EPSS: Низкий

CVE-2018-10548

почти 8 лет назад

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.

CVSS3: 7.5

EPSS: Средний

CVE-2018-10548

почти 8 лет назад

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ...

CVSS3: 7.5

EPSS: Средний

CVE-2018-10547

почти 8 лет назад

An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.

CVSS3: 6.1

EPSS: Средний

CVE-2018-10547

почти 8 лет назад

An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36 ...

CVSS3: 6.1

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2018-12882 exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.	CVSS3: 9.8	6% Низкий	больше 7 лет назад
CVE-2018-14851 exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.	CVSS3: 5.9	0% Низкий	больше 7 лет назад
CVE-2018-14883 An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.	CVSS3: 5.9	20% Средний	больше 7 лет назад
CVE-2018-12882 exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.	CVSS3: 6.3	6% Низкий	больше 7 лет назад
CVE-2018-10549 An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.	CVSS3: 8.8	2% Низкий	почти 8 лет назад
CVE-2018-10549 An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ...	CVSS3: 8.8	2% Низкий	почти 8 лет назад
CVE-2018-10548 An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.	CVSS3: 7.5	51% Средний	почти 8 лет назад
CVE-2018-10548 An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1 ...	CVSS3: 7.5	51% Средний	почти 8 лет назад
CVE-2018-10547 An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.	CVSS3: 6.1	16% Средний	почти 8 лет назад
CVE-2018-10547 An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36 ...	CVSS3: 6.1	16% Средний	почти 8 лет назад

Уязвимостей на страницу