PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 883

CVE-2015-2348

почти 11 лет назад

The move_uploaded_file implementation in ext/standard/basic_functions. ...

CVSS2: 5

EPSS: Низкий

CVE-2015-2331

почти 11 лет назад

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.

CVSS2: 7.5

EPSS: Средний

CVE-2015-2331

почти 11 лет назад

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libz ...

CVSS2: 7.5

EPSS: Средний

CVE-2015-2305

почти 11 лет назад

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

CVSS2: 6.8

EPSS: Средний

CVE-2015-2305

почти 11 лет назад

Integer overflow in the regcomp implementation in the Henry Spencer BS ...

CVSS2: 6.8

EPSS: Средний

CVE-2015-2301

почти 11 лет назад

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.

CVSS2: 7.5

EPSS: Средний

CVE-2015-2301

почти 11 лет назад

Use-after-free vulnerability in the phar_rename_archive function in ph ...

CVSS2: 7.5

EPSS: Средний

CVE-2015-1352

почти 11 лет назад

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.

CVSS2: 5

EPSS: Средний

CVE-2015-1352

почти 11 лет назад

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) ...

CVSS2: 5

EPSS: Средний

CVE-2015-1351

почти 11 лет назад

Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS2: 7.5

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2015-2348 The move_uploaded_file implementation in ext/standard/basic_functions. ...	CVSS2: 5	7% Низкий	почти 11 лет назад
CVE-2015-2331 Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.	CVSS2: 7.5	43% Средний	почти 11 лет назад
CVE-2015-2331 Integer overflow in the _zip_cdir_new function in zip_dirent.c in libz ...	CVSS2: 7.5	43% Средний	почти 11 лет назад
CVE-2015-2305 Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.	CVSS2: 6.8	30% Средний	почти 11 лет назад
CVE-2015-2305 Integer overflow in the regcomp implementation in the Henry Spencer BS ...	CVSS2: 6.8	30% Средний	почти 11 лет назад
CVE-2015-2301 Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.	CVSS2: 7.5	13% Средний	почти 11 лет назад
CVE-2015-2301 Use-after-free vulnerability in the phar_rename_archive function in ph ...	CVSS2: 7.5	13% Средний	почти 11 лет назад
CVE-2015-1352 The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.	CVSS2: 5	31% Средний	почти 11 лет назад
CVE-2015-1352 The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) ...	CVSS2: 5	31% Средний	почти 11 лет назад
CVE-2015-1351 Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.	CVSS2: 7.5	19% Средний	почти 11 лет назад

Уязвимостей на страницу