PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 883
BDU:2022-02651
Уязвимость функции object_custom интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2022-02643
Уязвимость функции mkgmtime (libxmlrpc/xmlrpc.c) интерпретатора языка программирования PHP, позволяющая нарушителю
BDU:2022-02650
Уязвимость расширения EXIF интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
CVE-2014-3710
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
CVE-2014-3670
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.
CVE-2014-3668
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.
CVE-2014-3622
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.
CVE-2014-5459
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.
CVE-2014-5459
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows lo ...
CVE-2014-5459
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2022-02651 Уязвимость функции object_custom интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код | CVSS3: 7.3 | 67% Средний | больше 11 лет назад |
| BDU:2022-02643 Уязвимость функции mkgmtime (libxmlrpc/xmlrpc.c) интерпретатора языка программирования PHP, позволяющая нарушителю | CVSS3: 7.5 | 1% Низкий | больше 11 лет назад |
| BDU:2022-02650 Уязвимость расширения EXIF интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании | CVSS3: 7.3 | 36% Средний | больше 11 лет назад |
 | CVE-2014-3710 The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. | CVSS2: 4.3 | 8% Низкий | больше 11 лет назад |
| CVE-2014-3670 The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function. | CVSS2: 6.8 | 36% Средний | больше 11 лет назад |
| CVE-2014-3668 Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation. | CVSS2: 4.3 | 1% Низкий | больше 11 лет назад |
| CVE-2014-3622 Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value. | CVSS2: 5.1 | 2% Низкий | больше 11 лет назад |
 | CVE-2014-5459 The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. | CVSS2: 3.6 | 0% Низкий | больше 11 лет назад |
| CVE-2014-5459 The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows lo ... | CVSS2: 3.6 | 0% Низкий | больше 11 лет назад |
 | CVE-2014-5459 The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. | CVSS2: 3.6 | 0% Низкий | больше 11 лет назад |
Уязвимостей на страницу