PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 883
CVE-2016-5771
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
CVE-2016-5771
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before ...
CVE-2016-5770
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096.
CVE-2016-5770
Integer overflow in the SplFileObject::fread function in spl_directory ...
CVE-2016-5769
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.
CVE-2016-5769
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP ...
CVE-2016-5768
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.
CVE-2016-5768
Double free vulnerability in the _php_mb_regex_ereg_replace_exec funct ...
CVE-2016-5767
Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.
CVE-2016-5767
Integer overflow in the gdImageCreate function in gd.c in the GD Graph ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2016-5771 spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data. | CVSS3: 9.8 | 14% Средний | больше 9 лет назад |
| CVE-2016-5771 spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before ... | CVSS3: 9.8 | 14% Средний | больше 9 лет назад |
| CVE-2016-5770 Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096. | CVSS3: 9.8 | 10% Средний | больше 9 лет назад |
| CVE-2016-5770 Integer overflow in the SplFileObject::fread function in spl_directory ... | CVSS3: 9.8 | 10% Средний | больше 9 лет назад |
| CVE-2016-5769 Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions. | CVSS3: 9.8 | 6% Низкий | больше 9 лет назад |
| CVE-2016-5769 Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP ... | CVSS3: 9.8 | 6% Низкий | больше 9 лет назад |
| CVE-2016-5768 Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception. | CVSS3: 9.8 | 21% Средний | больше 9 лет назад |
| CVE-2016-5768 Double free vulnerability in the _php_mb_regex_ereg_replace_exec funct ... | CVSS3: 9.8 | 21% Средний | больше 9 лет назад |
| CVE-2016-5767 Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions. | CVSS3: 8.8 | 5% Низкий | больше 9 лет назад |
| CVE-2016-5767 Integer overflow in the gdImageCreate function in gd.c in the GD Graph ... | CVSS3: 8.8 | 5% Низкий | больше 9 лет назад |
Уязвимостей на страницу