PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 889
CVE-2015-6838
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.
CVE-2015-6838
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ...
CVE-2015-6837
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838.
CVE-2015-6837
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ...
CVE-2015-6835
The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content.
CVE-2015-6835
The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, an ...
CVE-2015-6834
Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.
CVE-2015-6834
Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x be ...
CVE-2015-5589
The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.
CVE-2015-5589
The phar_convert_to_other function in ext/phar/phar_object.c in PHP be ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2015-6838 The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837. | CVSS3: 7.5 | 4% Низкий | почти 10 лет назад |
| CVE-2015-6838 The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ... | CVSS3: 7.5 | 4% Низкий | почти 10 лет назад |
| CVE-2015-6837 The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838. | CVSS3: 7.5 | 4% Низкий | почти 10 лет назад |
| CVE-2015-6837 The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP be ... | CVSS3: 7.5 | 4% Низкий | почти 10 лет назад |
| CVE-2015-6835 The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content. | CVSS3: 9.8 | 21% Средний | почти 10 лет назад |
| CVE-2015-6835 The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, an ... | CVSS3: 9.8 | 21% Средний | почти 10 лет назад |
| CVE-2015-6834 Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization. | CVSS3: 9.8 | 37% Средний | почти 10 лет назад |
| CVE-2015-6834 Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x be ... | CVSS3: 9.8 | 37% Средний | почти 10 лет назад |
| CVE-2015-5589 The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call. | CVSS3: 9.8 | 10% Средний | почти 10 лет назад |
| CVE-2015-5589 The phar_convert_to_other function in ext/phar/phar_object.c in PHP be ... | CVSS3: 9.8 | 10% Средний | почти 10 лет назад |
Уязвимостей на страницу