PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 889
CVE-2016-5769
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.
CVE-2016-5769
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP ...
CVE-2016-5768
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.
CVE-2016-5768
Double free vulnerability in the _php_mb_regex_ereg_replace_exec funct ...
CVE-2016-5767
Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.
CVE-2016-5767
Integer overflow in the gdImageCreate function in gd.c in the GD Graph ...
CVE-2016-5766
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
CVE-2016-5766
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD G ...
CVE-2016-5116
gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.
CVE-2016-5116
gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2016-5769 Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions. | CVSS3: 9.8 | 6% Низкий | больше 9 лет назад |
| CVE-2016-5769 Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP ... | CVSS3: 9.8 | 6% Низкий | больше 9 лет назад |
| CVE-2016-5768 Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception. | CVSS3: 9.8 | 21% Средний | больше 9 лет назад |
| CVE-2016-5768 Double free vulnerability in the _php_mb_regex_ereg_replace_exec funct ... | CVSS3: 9.8 | 21% Средний | больше 9 лет назад |
| CVE-2016-5767 Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions. | CVSS3: 8.8 | 5% Низкий | больше 9 лет назад |
| CVE-2016-5767 Integer overflow in the gdImageCreate function in gd.c in the GD Graph ... | CVSS3: 8.8 | 5% Низкий | больше 9 лет назад |
| CVE-2016-5766 Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. | CVSS3: 8.8 | 16% Средний | больше 9 лет назад |
| CVE-2016-5766 Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD G ... | CVSS3: 8.8 | 16% Средний | больше 9 лет назад |
| CVE-2016-5116 gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name. | CVSS3: 9.1 | 2% Низкий | больше 9 лет назад |
| CVE-2016-5116 gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used ... | CVSS3: 9.1 | 2% Низкий | больше 9 лет назад |
Уязвимостей на страницу