PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 867

CVE-2016-5773

больше 9 лет назад

php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.

CVSS3: 9.8

EPSS: Средний

CVE-2016-5773

больше 9 лет назад

php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6. ...

CVSS3: 9.8

EPSS: Средний

CVE-2016-5772

больше 9 лет назад

Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.

CVSS3: 9.8

EPSS: Средний

CVE-2016-5772

больше 9 лет назад

Double free vulnerability in the php_wddx_process_data function in wdd ...

CVSS3: 9.8

EPSS: Средний

CVE-2016-5771

больше 9 лет назад

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.

CVSS3: 9.8

EPSS: Средний

CVE-2016-5771

больше 9 лет назад

spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before ...

CVSS3: 9.8

EPSS: Средний

CVE-2016-5770

больше 9 лет назад

Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.

CVSS3: 9.8

EPSS: Средний

CVE-2016-5770

больше 9 лет назад

Integer overflow in the SplFileObject::fread function in spl_directory ...

CVSS3: 9.8

EPSS: Средний

CVE-2016-5769

больше 9 лет назад

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.

CVSS3: 9.8

EPSS: Низкий

CVE-2016-5769

больше 9 лет назад

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP ...

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2016-5773 php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.	CVSS3: 9.8	21% Средний	больше 9 лет назад
CVE-2016-5773 php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6. ...	CVSS3: 9.8	21% Средний	больше 9 лет назад
CVE-2016-5772 Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.	CVSS3: 9.8	15% Средний	больше 9 лет назад
CVE-2016-5772 Double free vulnerability in the php_wddx_process_data function in wdd ...	CVSS3: 9.8	15% Средний	больше 9 лет назад
CVE-2016-5771 spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.	CVSS3: 9.8	14% Средний	больше 9 лет назад
CVE-2016-5771 spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before ...	CVSS3: 9.8	14% Средний	больше 9 лет назад
CVE-2016-5770 Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.	CVSS3: 9.8	10% Средний	больше 9 лет назад
CVE-2016-5770 Integer overflow in the SplFileObject::fread function in spl_directory ...	CVSS3: 9.8	10% Средний	больше 9 лет назад
CVE-2016-5769 Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.	CVSS3: 9.8	5% Низкий	больше 9 лет назад
CVE-2016-5769 Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP ...	CVSS3: 9.8	5% Низкий	больше 9 лет назад

Уязвимостей на страницу