PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 867

CVE-2015-8874

больше 9 лет назад

Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.

CVSS3: 7.5

EPSS: Низкий

CVE-2015-8874

больше 9 лет назад

Stack consumption vulnerability in GD in PHP before 5.6.12 allows remo ...

CVSS3: 7.5

EPSS: Низкий

CVE-2015-8873

больше 9 лет назад

Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.

CVSS3: 7.5

EPSS: Низкий

CVE-2015-8873

больше 9 лет назад

Stack consumption vulnerability in Zend/zend_exceptions.c in PHP befor ...

CVSS3: 7.5

EPSS: Низкий

CVE-2015-8838

больше 9 лет назад

ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.

CVSS3: 5.9

EPSS: Низкий

CVE-2015-8838

больше 9 лет назад

ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5 ...

CVSS3: 5.9

EPSS: Низкий

CVE-2015-8835

больше 9 лет назад

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.

CVSS3: 9.8

EPSS: Низкий

CVE-2015-8835

больше 9 лет назад

The make_http_soap_request function in ext/soap/php_http.c in PHP befo ...

CVSS3: 9.8

EPSS: Низкий

CVE-2015-6838

больше 9 лет назад

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.

CVSS3: 7.5

EPSS: Низкий

CVE-2015-6838

больше 9 лет назад

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ...

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2015-8874 Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.	CVSS3: 7.5	3% Низкий	больше 9 лет назад
CVE-2015-8874 Stack consumption vulnerability in GD in PHP before 5.6.12 allows remo ...	CVSS3: 7.5	3% Низкий	больше 9 лет назад
CVE-2015-8873 Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.	CVSS3: 7.5	2% Низкий	больше 9 лет назад
CVE-2015-8873 Stack consumption vulnerability in Zend/zend_exceptions.c in PHP befor ...	CVSS3: 7.5	2% Низкий	больше 9 лет назад
CVE-2015-8838 ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.	CVSS3: 5.9	1% Низкий	больше 9 лет назад
CVE-2015-8838 ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5 ...	CVSS3: 5.9	1% Низкий	больше 9 лет назад
CVE-2015-8835 The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.	CVSS3: 9.8	4% Низкий	больше 9 лет назад
CVE-2015-8835 The make_http_soap_request function in ext/soap/php_http.c in PHP befo ...	CVSS3: 9.8	4% Низкий	больше 9 лет назад
CVE-2015-6838 The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.	CVSS3: 7.5	4% Низкий	больше 9 лет назад
CVE-2015-6838 The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ...	CVSS3: 7.5	4% Низкий	больше 9 лет назад

Уязвимостей на страницу