PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 867
BDU:2017-01655
Уязвимость интерпретатора PHP, позволяющая нарушителю выполнить произвольный код
CVE-2016-7480
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.
CVE-2016-7480
The SplObjectStorage unserialize implementation in ext/spl/spl_observe ...
CVE-2016-7480
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.
CVE-2017-5340
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
CVE-2017-5340
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandle ...
CVE-2016-7478
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
CVE-2016-7478
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x befo ...
CVE-2017-5340
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
CVE-2016-7478
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2017-01655 Уязвимость интерпретатора PHP, позволяющая нарушителю выполнить произвольный код | CVSS2: 7.5 | 19% Средний | почти 9 лет назад |
 | CVE-2016-7480 The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. | CVSS3: 9.8 | 5% Низкий | почти 9 лет назад |
| CVE-2016-7480 The SplObjectStorage unserialize implementation in ext/spl/spl_observe ... | CVSS3: 9.8 | 5% Низкий | почти 9 лет назад |
 | CVE-2016-7480 The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data. | CVSS3: 9.8 | 5% Низкий | почти 9 лет назад |
| CVE-2017-5340 Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. | CVSS3: 9.8 | 34% Средний | почти 9 лет назад |
| CVE-2017-5340 Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandle ... | CVSS3: 9.8 | 34% Средний | почти 9 лет назад |
| CVE-2016-7478 Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. | CVSS3: 7.5 | 23% Средний | почти 9 лет назад |
| CVE-2016-7478 Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x befo ... | CVSS3: 7.5 | 23% Средний | почти 9 лет назад |
| CVE-2017-5340 Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. | CVSS3: 9.8 | 34% Средний | почти 9 лет назад |
| CVE-2016-7478 Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. | CVSS3: 7.5 | 23% Средний | почти 9 лет назад |
Уязвимостей на страницу