PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 867

CVE-2016-6296

больше 9 лет назад

Integer signedness error in the simplestring_addn function in simplest ...

CVSS3: 9.8

EPSS: Средний

CVE-2016-6295

больше 9 лет назад

ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773.

CVSS3: 9.8

EPSS: Низкий

CVE-2016-6295

больше 9 лет назад

ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x bef ...

CVSS3: 9.8

EPSS: Низкий

CVE-2016-6294

больше 9 лет назад

The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.

CVSS3: 9.8

EPSS: Низкий

CVE-2016-6294

больше 9 лет назад

The locale_accept_from_http function in ext/intl/locale/locale_methods ...

CVSS3: 9.8

EPSS: Низкий

CVE-2016-6292

больше 9 лет назад

The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.

CVSS3: 6.5

EPSS: Низкий

CVE-2016-6292

больше 9 лет назад

The exif_process_user_comment function in ext/exif/exif.c in PHP befor ...

CVSS3: 6.5

EPSS: Низкий

CVE-2016-6291

больше 9 лет назад

The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.

CVSS3: 9.8

EPSS: Низкий

CVE-2016-6291

больше 9 лет назад

The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP b ...

CVSS3: 9.8

EPSS: Низкий

CVE-2016-6290

больше 9 лет назад

ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2016-6296 Integer signedness error in the simplestring_addn function in simplest ...	CVSS3: 9.8	12% Средний	больше 9 лет назад
CVE-2016-6295 ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773.	CVSS3: 9.8	10% Низкий	больше 9 лет назад
CVE-2016-6295 ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x bef ...	CVSS3: 9.8	10% Низкий	больше 9 лет назад
CVE-2016-6294 The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument.	CVSS3: 9.8	7% Низкий	больше 9 лет назад
CVE-2016-6294 The locale_accept_from_http function in ext/intl/locale/locale_methods ...	CVSS3: 9.8	7% Низкий	больше 9 лет назад
CVE-2016-6292 The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.	CVSS3: 6.5	3% Низкий	больше 9 лет назад
CVE-2016-6292 The exif_process_user_comment function in ext/exif/exif.c in PHP befor ...	CVSS3: 6.5	3% Низкий	больше 9 лет назад
CVE-2016-6291 The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image.	CVSS3: 9.8	10% Низкий	больше 9 лет назад
CVE-2016-6291 The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP b ...	CVSS3: 9.8	10% Низкий	больше 9 лет назад
CVE-2016-6290 ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.	CVSS3: 9.8	8% Низкий	больше 9 лет назад

Уязвимостей на страницу