PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 889

CVE-2016-7412

почти 10 лет назад

ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.

CVSS3: 4.2

EPSS: Низкий

CVE-2016-5116

почти 10 лет назад

gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.

CVSS2: 4.3

EPSS: Низкий

CVE-2016-4544

почти 10 лет назад

The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.

CVSS3: 9.8

EPSS: Низкий

CVE-2016-4544

почти 10 лет назад

The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP befor ...

CVSS3: 9.8

EPSS: Низкий

CVE-2016-4543

почти 10 лет назад

The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.

CVSS3: 9.8

EPSS: Низкий

CVE-2016-4543

почти 10 лет назад

The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before ...

CVSS3: 9.8

EPSS: Низкий

CVE-2016-4542

почти 10 лет назад

The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.

CVSS3: 9.8

EPSS: Низкий

CVE-2016-4542

почти 10 лет назад

The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5 ...

CVSS3: 9.8

EPSS: Низкий

CVE-2016-4541

почти 10 лет назад

The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.

CVSS3: 9.8

EPSS: Низкий

CVE-2016-4541

почти 10 лет назад

The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in ...

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2016-7412 ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.	CVSS3: 4.2	2% Низкий	почти 10 лет назад
CVE-2016-5116 gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.	CVSS2: 4.3	2% Низкий	почти 10 лет назад
CVE-2016-4544 The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.	CVSS3: 9.8	4% Низкий	почти 10 лет назад
CVE-2016-4544 The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP befor ...	CVSS3: 9.8	4% Низкий	почти 10 лет назад
CVE-2016-4543 The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.	CVSS3: 9.8	5% Низкий	почти 10 лет назад
CVE-2016-4543 The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before ...	CVSS3: 9.8	5% Низкий	почти 10 лет назад
CVE-2016-4542 The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data.	CVSS3: 9.8	1% Низкий	почти 10 лет назад
CVE-2016-4542 The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5 ...	CVSS3: 9.8	1% Низкий	почти 10 лет назад
CVE-2016-4541 The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.	CVSS3: 9.8	2% Низкий	почти 10 лет назад
CVE-2016-4541 The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in ...	CVSS3: 9.8	2% Низкий	почти 10 лет назад

Уязвимостей на страницу