PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 889
BDU:2022-02618
Уязвимость подсистемы sessions интерпретатора языка программирования PHP, позволяющая нарушителю перехватить сессию пользователя
CVE-2013-2220
Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value.
CVE-2013-2220
Buffer overflow in the radius_get_vendor_attr function in the Radius e ...
CVE-2013-2220
Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value.
CVE-2013-4113
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.
CVE-2013-4113
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing ...
CVE-2013-4113
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.
CVE-2013-4113
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.
CVE-2013-4636
The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object.
CVE-2013-4636
The mget function in libmagic/softmagic.c in the Fileinfo component in ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2022-02618 Уязвимость подсистемы sessions интерпретатора языка программирования PHP, позволяющая нарушителю перехватить сессию пользователя | CVSS3: 5.6 | 1% Низкий | больше 12 лет назад |
 | CVE-2013-2220 Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value. | CVSS2: 7.5 | 3% Низкий | больше 12 лет назад |
| CVE-2013-2220 Buffer overflow in the radius_get_vendor_attr function in the Radius e ... | CVSS2: 7.5 | 3% Низкий | больше 12 лет назад |
 | CVE-2013-2220 Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value. | CVSS2: 7.5 | 3% Низкий | больше 12 лет назад |
| CVE-2013-4113 ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. | CVSS2: 6.8 | 19% Средний | больше 12 лет назад |
| CVE-2013-4113 ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing ... | CVSS2: 6.8 | 19% Средний | больше 12 лет назад |
| CVE-2013-4113 ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. | CVSS2: 6.8 | 19% Средний | больше 12 лет назад |
 | CVE-2013-4113 ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. | CVSS2: 6.8 | 19% Средний | больше 12 лет назад |
| CVE-2013-4636 The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object. | CVSS2: 4.3 | 0% Низкий | почти 13 лет назад |
| CVE-2013-4636 The mget function in libmagic/softmagic.c in the Fileinfo component in ... | CVSS2: 4.3 | 0% Низкий | почти 13 лет назад |
Уязвимостей на страницу