PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 867

CVE-2011-1464

больше 14 лет назад

Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument.

CVSS2: 2.1

EPSS: Низкий

CVE-2011-0420

больше 14 лет назад

The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.

CVSS2: 5

EPSS: Средний

CVE-2011-0420

больше 14 лет назад

The grapheme_extract function in the Internationalization extension (I ...

CVSS2: 5

EPSS: Средний

CVE-2011-0420

больше 14 лет назад

CVSS2: 5

EPSS: Средний

CVE-2011-0420

больше 14 лет назад

CVSS2: 2.6

EPSS: Средний

CVE-2011-0708

почти 15 лет назад

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.

CVSS2: 2.6

EPSS: Средний

CVE-2011-0755

почти 15 лет назад

Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.

CVSS2: 5

EPSS: Низкий

CVE-2011-0755

почти 15 лет назад

Integer overflow in the mt_rand function in PHP before 5.3.4 might mak ...

CVSS2: 5

EPSS: Низкий

CVE-2011-0754

почти 15 лет назад

The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.

CVSS2: 4.4

EPSS: Низкий

CVE-2011-0754

почти 15 лет назад

The SplFileInfo::getType function in the Standard PHP Library (SPL) ex ...

CVSS2: 4.4

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2011-1464 Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument.	CVSS2: 2.1	1% Низкий	больше 14 лет назад
CVE-2011-0420 The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.	CVSS2: 5	15% Средний	больше 14 лет назад
CVE-2011-0420 The grapheme_extract function in the Internationalization extension (I ...	CVSS2: 5	15% Средний	больше 14 лет назад
CVE-2011-0420 The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.	CVSS2: 5	15% Средний	больше 14 лет назад
CVE-2011-0420 The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.	CVSS2: 2.6	15% Средний	больше 14 лет назад
CVE-2011-0708 exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.	CVSS2: 2.6	11% Средний	почти 15 лет назад
CVE-2011-0755 Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.	CVSS2: 5	0% Низкий	почти 15 лет назад
CVE-2011-0755 Integer overflow in the mt_rand function in PHP before 5.3.4 might mak ...	CVSS2: 5	0% Низкий	почти 15 лет назад
CVE-2011-0754 The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.	CVSS2: 4.4	0% Низкий	почти 15 лет назад
CVE-2011-0754 The SplFileInfo::getType function in the Standard PHP Library (SPL) ex ...	CVSS2: 4.4	0% Низкий	почти 15 лет назад

Уязвимостей на страницу