PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 889

CVE-2016-5114

больше 9 лет назад

sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging.

CVSS3: 9.1

EPSS: Низкий

CVE-2016-5114

больше 9 лет назад

sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and ...

CVSS3: 9.1

EPSS: Низкий

CVE-2016-5096

больше 9 лет назад

Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.

CVSS3: 8.6

EPSS: Низкий

CVE-2016-5096

больше 9 лет назад

Integer overflow in the fread function in ext/standard/file.c in PHP b ...

CVSS3: 8.6

EPSS: Низкий

CVE-2016-5095

больше 9 лет назад

Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTER_SANITIZE_FULL_SPECIAL_CHARS filter_var call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-5094.

CVSS3: 8.6

EPSS: Низкий

CVE-2016-5095

больше 9 лет назад

Integer overflow in the php_escape_html_entities_ex function in ext/st ...

CVSS3: 8.6

EPSS: Низкий

CVE-2016-5094

больше 9 лет назад

Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.

CVSS3: 8.6

EPSS: Низкий

CVE-2016-5094

больше 9 лет назад

Integer overflow in the php_html_entities function in ext/standard/htm ...

CVSS3: 8.6

EPSS: Низкий

CVE-2016-5093

больше 9 лет назад

The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call.

CVSS3: 8.6

EPSS: Низкий

CVE-2016-5093

больше 9 лет назад

The get_icu_value_internal function in ext/intl/locale/locale_methods. ...

CVSS3: 8.6

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2016-5114 sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with custom REQUEST_URI logging.	CVSS3: 9.1	1% Низкий	больше 9 лет назад
CVE-2016-5114 sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and ...	CVSS3: 9.1	1% Низкий	больше 9 лет назад
CVE-2016-5096 Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.	CVSS3: 8.6	2% Низкий	больше 9 лет назад
CVE-2016-5096 Integer overflow in the fread function in ext/standard/file.c in PHP b ...	CVSS3: 8.6	2% Низкий	больше 9 лет назад
CVE-2016-5095 Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTER_SANITIZE_FULL_SPECIAL_CHARS filter_var call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-5094.	CVSS3: 8.6	1% Низкий	больше 9 лет назад
CVE-2016-5095 Integer overflow in the php_escape_html_entities_ex function in ext/st ...	CVSS3: 8.6	1% Низкий	больше 9 лет назад
CVE-2016-5094 Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function.	CVSS3: 8.6	2% Низкий	больше 9 лет назад
CVE-2016-5094 Integer overflow in the php_html_entities function in ext/standard/htm ...	CVSS3: 8.6	2% Низкий	больше 9 лет назад
CVE-2016-5093 The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call.	CVSS3: 8.6	2% Низкий	больше 9 лет назад
CVE-2016-5093 The get_icu_value_internal function in ext/intl/locale/locale_methods. ...	CVSS3: 8.6	2% Низкий	больше 9 лет назад

Уязвимостей на страницу