PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 867

CVE-2016-7132

около 9 лет назад

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remo ...

CVSS3: 7.5

EPSS: Низкий

CVE-2016-7131

около 9 лет назад

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.

CVSS3: 7.5

EPSS: Низкий

CVE-2016-7131

около 9 лет назад

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remo ...

CVSS3: 7.5

EPSS: Низкий

CVE-2016-7130

около 9 лет назад

The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.

CVSS3: 7.5

EPSS: Низкий

CVE-2016-7130

около 9 лет назад

The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6 ...

CVSS3: 7.5

EPSS: Низкий

CVE-2016-7129

около 9 лет назад

The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.

CVSS3: 9.8

EPSS: Низкий

CVE-2016-7129

около 9 лет назад

The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5. ...

CVSS3: 9.8

EPSS: Низкий

CVE-2016-7128

около 9 лет назад

The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.

CVSS3: 5.3

EPSS: Низкий

CVE-2016-7128

около 9 лет назад

The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before ...

CVSS3: 5.3

EPSS: Низкий

CVE-2016-7127

около 9 лет назад

The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2016-7132 ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remo ...	CVSS3: 7.5	6% Низкий	около 9 лет назад
CVE-2016-7131 ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.	CVSS3: 7.5	6% Низкий	около 9 лет назад
CVE-2016-7131 ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remo ...	CVSS3: 7.5	6% Низкий	около 9 лет назад
CVE-2016-7130 The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.	CVSS3: 7.5	3% Низкий	около 9 лет назад
CVE-2016-7130 The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6 ...	CVSS3: 7.5	3% Низкий	около 9 лет назад
CVE-2016-7129 The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document.	CVSS3: 9.8	2% Низкий	около 9 лет назад
CVE-2016-7129 The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5. ...	CVSS3: 9.8	2% Низкий	около 9 лет назад
CVE-2016-7128 The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.	CVSS3: 5.3	1% Низкий	около 9 лет назад
CVE-2016-7128 The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before ...	CVSS3: 5.3	1% Низкий	около 9 лет назад
CVE-2016-7127 The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.	CVSS3: 9.8	1% Низкий	около 9 лет назад

Уязвимостей на страницу