PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 889
BDU:2022-02602
Уязвимость функции rshutdown интерпретатора языка программирования PHP , позволяющая нарушителю читать произвольные файлы
CVE-2014-1943
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
CVE-2013-7328
Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226.
CVE-2013-7226
Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow.
CVE-2013-7327
The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226.
CVE-2014-2020
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.
BDU:2015-09882
Уязвимость интерпретатора PHP, позволяющая удалённому злоумышленнику получить доступ к области памяти за пределами границ приложения или вызвать аварийное завершение приложения
CVE-2014-2270
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
CVE-2013-6420
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
CVE-2013-6420
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP befor ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2022-02602 Уязвимость функции rshutdown интерпретатора языка программирования PHP , позволяющая нарушителю читать произвольные файлы | CVSS3: 3.7 | 0% Низкий | около 12 лет назад |
 | CVE-2014-1943 Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file. | CVSS2: 4.3 | 21% Средний | около 12 лет назад |
| CVE-2013-7328 Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226. | CVSS2: 6.8 | 1% Низкий | около 12 лет назад |
| CVE-2013-7226 Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow. | CVSS2: 6.8 | 10% Средний | около 12 лет назад |
| CVE-2013-7327 The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226. | CVSS2: 6.8 | 1% Низкий | около 12 лет назад |
| CVE-2014-2020 ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226. | CVSS2: 6.8 | 0% Низкий | около 12 лет назад |
| BDU:2015-09882 Уязвимость интерпретатора PHP, позволяющая удалённому злоумышленнику получить доступ к области памяти за пределами границ приложения или вызвать аварийное завершение приложения | CVSS2: 5 | 6% Низкий | около 12 лет назад |
| CVE-2014-2270 softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. | CVSS2: 4.3 | 27% Средний | больше 12 лет назад |
 | CVE-2013-6420 The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function. | CVSS2: 7.5 | 40% Средний | больше 12 лет назад |
| CVE-2013-6420 The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP befor ... | CVSS2: 7.5 | 40% Средний | больше 12 лет назад |
Уязвимостей на страницу