PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 883
BDU:2015-00367
Уязвимость программного обеспечения PHP, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVE-2014-4698
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.
CVE-2014-4698
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL compone ...
CVE-2014-4670
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.
CVE-2014-4670
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL compon ...
CVE-2014-4698
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.
CVE-2014-4670
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.
CVE-2014-3515
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.
CVE-2014-3515
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorre ...
CVE-2014-3487
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2015-00367 Уязвимость программного обеспечения PHP, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации | CVSS2: 4.6 | 0% Низкий | больше 11 лет назад |
 | CVE-2014-4698 Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. | CVSS2: 4.6 | 0% Низкий | больше 11 лет назад |
| CVE-2014-4698 Use-after-free vulnerability in ext/spl/spl_array.c in the SPL compone ... | CVSS2: 4.6 | 0% Низкий | больше 11 лет назад |
| CVE-2014-4670 Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. | CVSS2: 4.6 | 0% Низкий | больше 11 лет назад |
| CVE-2014-4670 Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL compon ... | CVSS2: 4.6 | 0% Низкий | больше 11 лет назад |
 | CVE-2014-4698 Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. | CVSS2: 4.6 | 0% Низкий | больше 11 лет назад |
| CVE-2014-4670 Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. | CVSS2: 4.6 | 0% Низкий | больше 11 лет назад |
| CVE-2014-3515 The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage. | CVSS2: 7.5 | 61% Средний | больше 11 лет назад |
| CVE-2014-3515 The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorre ... | CVSS2: 7.5 | 61% Средний | больше 11 лет назад |
| CVE-2014-3487 The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. | CVSS2: 4.3 | 19% Средний | больше 11 лет назад |
Уязвимостей на страницу