PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 889

CVE-2015-8879

почти 10 лет назад

The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.

CVSS3: 7.5

EPSS: Низкий

CVE-2015-8879

почти 10 лет назад

The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 ...

CVSS3: 7.5

EPSS: Низкий

CVE-2015-8878

почти 10 лет назад

main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.

CVSS3: 5.9

EPSS: Низкий

CVE-2015-8878

почти 10 лет назад

main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5 ...

CVSS3: 5.9

EPSS: Низкий

CVE-2015-8877

почти 10 лет назад

The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.

CVSS3: 7.5

EPSS: Низкий

CVE-2015-8877

почти 10 лет назад

The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graph ...

CVSS3: 7.5

EPSS: Низкий

CVE-2015-8876

почти 10 лет назад

Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data.

CVSS3: 9.8

EPSS: Средний

CVE-2015-8876

почти 10 лет назад

Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and ...

CVSS3: 9.8

EPSS: Средний

CVE-2015-8867

почти 10 лет назад

The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.

CVSS3: 7.5

EPSS: Средний

CVE-2015-8867

почти 10 лет назад

The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in P ...

CVSS3: 7.5

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2015-8879 The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.	CVSS3: 7.5	2% Низкий	почти 10 лет назад
CVE-2015-8879 The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 ...	CVSS3: 7.5	2% Низкий	почти 10 лет назад
CVE-2015-8878 main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.	CVSS3: 5.9	0% Низкий	почти 10 лет назад
CVE-2015-8878 main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5 ...	CVSS3: 5.9	0% Низкий	почти 10 лет назад
CVE-2015-8877 The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.	CVSS3: 7.5	2% Низкий	почти 10 лет назад
CVE-2015-8877 The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graph ...	CVSS3: 7.5	2% Низкий	почти 10 лет назад
CVE-2015-8876 Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method execution via crafted serialized data.	CVSS3: 9.8	12% Средний	почти 10 лет назад
CVE-2015-8876 Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and ...	CVSS3: 9.8	12% Средний	почти 10 лет назад
CVE-2015-8867 The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.	CVSS3: 7.5	13% Средний	почти 10 лет назад
CVE-2015-8867 The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in P ...	CVSS3: 7.5	13% Средний	почти 10 лет назад

Уязвимостей на страницу