PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 867
CVE-2014-5120
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.
CVE-2014-3597
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.
BDU:2015-00366
Уязвимость программного обеспечения PHP, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-00373
Уязвимость программного обеспечения PHP, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации
BDU:2015-00367
Уязвимость программного обеспечения PHP, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVE-2014-4698
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.
CVE-2014-4698
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL compone ...
CVE-2014-4670
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.
CVE-2014-4670
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL compon ...
CVE-2014-4670
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2014-5120 gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function. | CVSS2: 4.3 | 8% Низкий | больше 11 лет назад |
| CVE-2014-3597 Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049. | CVSS2: 2.6 | 6% Низкий | больше 11 лет назад |
 | BDU:2015-00366 Уязвимость программного обеспечения PHP, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации | CVSS2: 4.6 | 0% Низкий | больше 11 лет назад |
| BDU:2015-00373 Уязвимость программного обеспечения PHP, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации | CVSS2: 4.3 | 12% Средний | больше 11 лет назад |
| BDU:2015-00367 Уязвимость программного обеспечения PHP, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации | CVSS2: 4.6 | 0% Низкий | больше 11 лет назад |
 | CVE-2014-4698 Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. | CVSS2: 4.6 | 0% Низкий | больше 11 лет назад |
| CVE-2014-4698 Use-after-free vulnerability in ext/spl/spl_array.c in the SPL compone ... | CVSS2: 4.6 | 0% Низкий | больше 11 лет назад |
| CVE-2014-4670 Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. | CVSS2: 4.6 | 0% Низкий | больше 11 лет назад |
| CVE-2014-4670 Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL compon ... | CVSS2: 4.6 | 0% Низкий | больше 11 лет назад |
 | CVE-2014-4670 Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. | CVSS2: 4.6 | 0% Низкий | больше 11 лет назад |
Уязвимостей на страницу