PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 883

CVE-2011-1464

почти 15 лет назад

Buffer overflow in the strval function in PHP before 5.3.6, when the p ...

CVSS2: 4.3

EPSS: Низкий

CVE-2011-0708

почти 15 лет назад

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.

CVSS2: 4.3

EPSS: Средний

CVE-2011-0708

почти 15 лет назад

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms p ...

CVSS2: 4.3

EPSS: Средний

CVE-2011-0421

почти 15 лет назад

The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.

CVSS2: 4.3

EPSS: Низкий

CVE-2011-0421

почти 15 лет назад

The _zip_name_locate function in zip_name_locate.c in the Zip extensio ...

CVSS2: 4.3

EPSS: Низкий

CVE-2011-1464

почти 15 лет назад

Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument.

CVSS2: 4.3

EPSS: Низкий

CVE-2011-0708

почти 15 лет назад

CVSS2: 4.3

EPSS: Средний

CVE-2011-1467

почти 15 лет назад

Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.

CVSS2: 5

EPSS: Низкий

CVE-2011-1470

почти 15 лет назад

The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function.

CVSS2: 4.3

EPSS: Низкий

CVE-2011-1469

почти 15 лет назад

Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper.

CVSS2: 4.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2011-1464 Buffer overflow in the strval function in PHP before 5.3.6, when the p ...	CVSS2: 4.3	1% Низкий	почти 15 лет назад
CVE-2011-0708 exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.	CVSS2: 4.3	16% Средний	почти 15 лет назад
CVE-2011-0708 exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms p ...	CVSS2: 4.3	16% Средний	почти 15 лет назад
CVE-2011-0421 The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.	CVSS2: 4.3	8% Низкий	почти 15 лет назад
CVE-2011-0421 The _zip_name_locate function in zip_name_locate.c in the Zip extensio ...	CVSS2: 4.3	8% Низкий	почти 15 лет назад
CVE-2011-1464 Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument.	CVSS2: 4.3	1% Низкий	почти 15 лет назад
CVE-2011-0708 exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.	CVSS2: 4.3	16% Средний	почти 15 лет назад
CVE-2011-1467 Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.	CVSS2: 5	6% Низкий	почти 15 лет назад
CVE-2011-1470 The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function.	CVSS2: 4.3	3% Низкий	почти 15 лет назад
CVE-2011-1469 Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper.	CVSS2: 4.3	6% Низкий	почти 15 лет назад

Уязвимостей на страницу