PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 889
CVE-2015-0235
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
CVE-2015-0232
The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.
CVE-2015-0232
The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4 ...
CVE-2015-0232
The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.
CVE-2015-0231
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.
CVE-2015-0231
Use-after-free vulnerability in the process_nested_data function in ex ...
CVE-2015-0231
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.
CVE-2015-0235
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
BDU:2022-02653
Уязвимость функции process_nested_data интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код
BDU:2022-02652
Уязвимость функции exif_process_unicode (ext/exif/exif.c) интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2015-0235 Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." | CVSS2: 10 | 87% Высокий | около 11 лет назад |
 | CVE-2015-0232 The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. | CVSS2: 6.8 | 68% Средний | около 11 лет назад |
| CVE-2015-0232 The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4 ... | CVSS2: 6.8 | 68% Средний | около 11 лет назад |
| CVE-2015-0232 The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. | CVSS2: 6.8 | 68% Средний | около 11 лет назад |
| CVE-2015-0231 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. | CVSS2: 7.5 | 87% Высокий | около 11 лет назад |
| CVE-2015-0231 Use-after-free vulnerability in the process_nested_data function in ex ... | CVSS2: 7.5 | 87% Высокий | около 11 лет назад |
| CVE-2015-0231 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. | CVSS2: 7.5 | 87% Высокий | около 11 лет назад |
 | CVE-2015-0235 Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." | CVSS2: 6.8 | 87% Высокий | около 11 лет назад |
 | BDU:2022-02653 Уязвимость функции process_nested_data интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код | CVSS3: 7.3 | 87% Высокий | около 11 лет назад |
| BDU:2022-02652 Уязвимость функции exif_process_unicode (ext/exif/exif.c) интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании | CVSS3: 7.3 | 68% Средний | около 11 лет назад |
Уязвимостей на страницу