PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 867
CVE-2016-7127
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and ...
CVE-2016-7126
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument.
CVE-2016-7126
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6. ...
CVE-2016-7125
ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.
CVE-2016-7125
ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips ...
CVE-2016-7124
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call.
CVE-2016-7124
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7. ...
CVE-2016-7130
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.
CVE-2016-7128
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
CVE-2016-7133
Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2016-7127 The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and ... | CVSS3: 9.8 | 1% Низкий | около 9 лет назад |
 | CVE-2016-7126 The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument. | CVSS3: 9.8 | 5% Низкий | около 9 лет назад |
| CVE-2016-7126 The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6. ... | CVSS3: 9.8 | 5% Низкий | около 9 лет назад |
| CVE-2016-7125 ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection. | CVSS3: 7.5 | 1% Низкий | около 9 лет назад |
| CVE-2016-7125 ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips ... | CVSS3: 7.5 | 1% Низкий | около 9 лет назад |
| CVE-2016-7124 ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call. | CVSS3: 9.8 | 74% Высокий | около 9 лет назад |
| CVE-2016-7124 ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7. ... | CVSS3: 9.8 | 74% Высокий | около 9 лет назад |
 | CVE-2016-7130 The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document. | CVSS3: 7.5 | 3% Низкий | около 9 лет назад |
| CVE-2016-7128 The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image. | CVSS3: 5.3 | 1% Низкий | около 9 лет назад |
| CVE-2016-7133 Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname. | CVSS3: 8.1 | 0% Низкий | около 9 лет назад |
Уязвимостей на страницу