PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 867
openSUSE-SU-2017:0982-1
Security update for php7
CVE-2017-6441
The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only.
CVE-2017-6441
The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allow ...
CVE-2017-6441
The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only.
SUSE-SU-2017:0899-1
Security update for php7
openSUSE-SU-2017:0850-1
Security update for php5
CVE-2017-7272
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.
CVE-2017-7272
PHP through 7.1.11 enables potential SSRF in applications that accept ...
CVE-2017-7272
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.
CVE-2017-7272
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | openSUSE-SU-2017:0982-1 Security update for php7 | 2% Низкий | больше 8 лет назад | |
 | CVE-2017-6441 The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only. | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
| CVE-2017-6441 The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allow ... | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
 | CVE-2017-6441 The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only. | CVSS3: 7.5 | 0% Низкий | больше 8 лет назад |
| SUSE-SU-2017:0899-1 Security update for php7 | 2% Низкий | больше 8 лет назад | |
| openSUSE-SU-2017:0850-1 Security update for php5 | 2% Низкий | больше 8 лет назад | |
| CVE-2017-7272 PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function. | CVSS3: 7.4 | 0% Низкий | больше 8 лет назад |
| CVE-2017-7272 PHP through 7.1.11 enables potential SSRF in applications that accept ... | CVSS3: 7.4 | 0% Низкий | больше 8 лет назад |
| CVE-2017-7272 PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function. | CVSS3: 7.4 | 0% Низкий | больше 8 лет назад |
 | CVE-2017-7272 PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function. | CVSS3: 5.4 | 0% Низкий | больше 8 лет назад |
Уязвимостей на страницу