PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 883
CVE-2015-8616
Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging the relationships between a key buffer and a destroyed array.
CVE-2015-8394
PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-8394
PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditi ...
CVE-2015-8393
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
CVE-2015-8393
pcregrep in PCRE before 8.38 mishandles the -q option for binary files ...
CVE-2015-8391
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-8391
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishan ...
CVE-2015-8390
PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-8390
PCRE before 8.38 mishandles the [: and \\ substrings in character clas ...
CVE-2015-8389
PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2015-8616 Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging the relationships between a key buffer and a destroyed array. | CVSS2: 4.3 | 1% Низкий | около 10 лет назад |
 | CVE-2015-8394 PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | CVSS3: 9.8 | 4% Низкий | около 10 лет назад |
| CVE-2015-8394 PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditi ... | CVSS3: 9.8 | 4% Низкий | около 10 лет назад |
| CVE-2015-8393 pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. | CVSS3: 7.5 | 1% Низкий | около 10 лет назад |
| CVE-2015-8393 pcregrep in PCRE before 8.38 mishandles the -q option for binary files ... | CVSS3: 7.5 | 1% Низкий | около 10 лет назад |
| CVE-2015-8391 The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | CVSS3: 9.8 | 9% Низкий | около 10 лет назад |
| CVE-2015-8391 The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishan ... | CVSS3: 9.8 | 9% Низкий | около 10 лет назад |
| CVE-2015-8390 PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | CVSS3: 9.8 | 4% Низкий | около 10 лет назад |
| CVE-2015-8390 PCRE before 8.38 mishandles the [: and \\ substrings in character clas ... | CVSS3: 9.8 | 4% Низкий | около 10 лет назад |
| CVE-2015-8389 PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | CVSS3: 9.8 | 3% Низкий | около 10 лет назад |
Уязвимостей на страницу