PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 883
CVE-2015-8838
ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.
CVE-2015-8838
ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5 ...
CVE-2015-8835
The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.
CVE-2015-8835
The make_http_soap_request function in ext/soap/php_http.c in PHP befo ...
CVE-2015-6838
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.
CVE-2015-6838
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ...
CVE-2015-6837
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838.
CVE-2015-6837
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ...
CVE-2015-6835
The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content.
CVE-2015-6835
The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, an ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2015-8838 ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. | CVSS3: 5.9 | 1% Низкий | больше 9 лет назад |
| CVE-2015-8838 ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5 ... | CVSS3: 5.9 | 1% Низкий | больше 9 лет назад |
| CVE-2015-8835 The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c. | CVSS3: 9.8 | 4% Низкий | больше 9 лет назад |
| CVE-2015-8835 The make_http_soap_request function in ext/soap/php_http.c in PHP befo ... | CVSS3: 9.8 | 4% Низкий | больше 9 лет назад |
| CVE-2015-6838 The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837. | CVSS3: 7.5 | 4% Низкий | больше 9 лет назад |
| CVE-2015-6838 The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ... | CVSS3: 7.5 | 4% Низкий | больше 9 лет назад |
| CVE-2015-6837 The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838. | CVSS3: 7.5 | 4% Низкий | больше 9 лет назад |
| CVE-2015-6837 The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ... | CVSS3: 7.5 | 4% Низкий | больше 9 лет назад |
| CVE-2015-6835 The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content. | CVSS3: 9.8 | 21% Средний | больше 9 лет назад |
| CVE-2015-6835 The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, an ... | CVSS3: 9.8 | 21% Средний | больше 9 лет назад |
Уязвимостей на страницу