PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 867
CVE-2014-4698
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.
CVE-2014-3515
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.
CVE-2014-3515
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorre ...
CVE-2014-3487
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
CVE-2014-3487
The cdf_read_property_info function in file before 5.19, as used in th ...
CVE-2014-3480
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
CVE-2014-3480
The cdf_count_chain function in cdf.c in file before 5.19, as used in ...
CVE-2014-3479
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.
CVE-2014-3479
The cdf_check_stream_offset function in cdf.c in file before 5.19, as ...
CVE-2014-3478
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2014-4698 Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. | CVSS2: 4.6 | 0% Низкий | больше 11 лет назад |
 | CVE-2014-3515 The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage. | CVSS2: 7.5 | 37% Средний | больше 11 лет назад |
| CVE-2014-3515 The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorre ... | CVSS2: 7.5 | 37% Средний | больше 11 лет назад |
| CVE-2014-3487 The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. | CVSS2: 4.3 | 19% Средний | больше 11 лет назад |
| CVE-2014-3487 The cdf_read_property_info function in file before 5.19, as used in th ... | CVSS2: 4.3 | 19% Средний | больше 11 лет назад |
| CVE-2014-3480 The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. | CVSS2: 4.3 | 10% Средний | больше 11 лет назад |
| CVE-2014-3480 The cdf_count_chain function in cdf.c in file before 5.19, as used in ... | CVSS2: 4.3 | 10% Средний | больше 11 лет назад |
| CVE-2014-3479 The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. | CVSS2: 4.3 | 10% Средний | больше 11 лет назад |
| CVE-2014-3479 The cdf_check_stream_offset function in cdf.c in file before 5.19, as ... | CVSS2: 4.3 | 10% Средний | больше 11 лет назад |
| CVE-2014-3478 Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. | CVSS2: 5 | 44% Средний | больше 11 лет назад |
Уязвимостей на страницу