PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 867

CVE-2015-8878

больше 9 лет назад

main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.

CVSS3: 5.9

EPSS: Низкий

CVE-2015-8878

больше 9 лет назад

main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5 ...

CVSS3: 5.9

EPSS: Низкий

CVE-2015-8877

больше 9 лет назад

The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.

CVSS3: 7.5

EPSS: Низкий

CVE-2015-8877

больше 9 лет назад

The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graph ...

CVSS3: 7.5

EPSS: Низкий

CVE-2015-8876

больше 9 лет назад

Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data.

CVSS3: 9.8

EPSS: Средний

CVE-2015-8876

больше 9 лет назад

Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and ...

CVSS3: 9.8

EPSS: Средний

CVE-2015-8867

больше 9 лет назад

The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

CVSS3: 7.5

EPSS: Средний

CVE-2015-8867

больше 9 лет назад

The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in P ...

CVSS3: 7.5

EPSS: Средний

CVE-2015-8866

больше 9 лет назад

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.

CVSS3: 9.6

EPSS: Низкий

CVE-2015-8866

больше 9 лет назад

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when ...

CVSS3: 9.6

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2015-8878 main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.	CVSS3: 5.9	0% Низкий	больше 9 лет назад
CVE-2015-8878 main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5 ...	CVSS3: 5.9	0% Низкий	больше 9 лет назад
CVE-2015-8877 The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.	CVSS3: 7.5	2% Низкий	больше 9 лет назад
CVE-2015-8877 The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graph ...	CVSS3: 7.5	2% Низкий	больше 9 лет назад
CVE-2015-8876 Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data.	CVSS3: 9.8	13% Средний	больше 9 лет назад
CVE-2015-8876 Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and ...	CVSS3: 9.8	13% Средний	больше 9 лет назад
CVE-2015-8867 The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.	CVSS3: 7.5	13% Средний	больше 9 лет назад
CVE-2015-8867 The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in P ...	CVSS3: 7.5	13% Средний	больше 9 лет назад
CVE-2015-8866 ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.	CVSS3: 9.6	3% Низкий	больше 9 лет назад
CVE-2015-8866 ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when ...	CVSS3: 9.6	3% Низкий	больше 9 лет назад

Уязвимостей на страницу