PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 883

CVE-2011-0420

почти 15 лет назад

The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.

CVSS2: 2.6

EPSS: Средний

CVE-2011-0708

почти 15 лет назад

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.

CVSS2: 2.6

EPSS: Средний

CVE-2011-0755

около 15 лет назад

Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.

CVSS2: 5

EPSS: Низкий

CVE-2011-0755

около 15 лет назад

Integer overflow in the mt_rand function in PHP before 5.3.4 might mak ...

CVSS2: 5

EPSS: Низкий

CVE-2011-0754

около 15 лет назад

The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.

CVSS2: 4.4

EPSS: Низкий

CVE-2011-0754

около 15 лет назад

The SplFileInfo::getType function in the Standard PHP Library (SPL) ex ...

CVSS2: 4.4

EPSS: Низкий

CVE-2011-0753

около 15 лет назад

Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals.

CVSS2: 4.3

EPSS: Низкий

CVE-2011-0753

около 15 лет назад

Race condition in the PCNTL extension in PHP before 5.3.4, when a user ...

CVSS2: 4.3

EPSS: Низкий

CVE-2011-0752

около 15 лет назад

The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758.

CVSS2: 5

EPSS: Низкий

CVE-2011-0752

около 15 лет назад

The extract function in PHP before 5.2.15 does not prevent use of the ...

CVSS2: 5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2011-0420 The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.	CVSS2: 2.6	15% Средний	почти 15 лет назад
CVE-2011-0708 exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.	CVSS2: 2.6	16% Средний	почти 15 лет назад
CVE-2011-0755 Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.	CVSS2: 5	0% Низкий	около 15 лет назад
CVE-2011-0755 Integer overflow in the mt_rand function in PHP before 5.3.4 might mak ...	CVSS2: 5	0% Низкий	около 15 лет назад
CVE-2011-0754 The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.	CVSS2: 4.4	0% Низкий	около 15 лет назад
CVE-2011-0754 The SplFileInfo::getType function in the Standard PHP Library (SPL) ex ...	CVSS2: 4.4	0% Низкий	около 15 лет назад
CVE-2011-0753 Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals.	CVSS2: 4.3	1% Низкий	около 15 лет назад
CVE-2011-0753 Race condition in the PCNTL extension in PHP before 5.3.4, when a user ...	CVSS2: 4.3	1% Низкий	около 15 лет назад
CVE-2011-0752 The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758.	CVSS2: 5	1% Низкий	около 15 лет назад
CVE-2011-0752 The extract function in PHP before 5.2.15 does not prevent use of the ...	CVSS2: 5	1% Низкий	около 15 лет назад

Уязвимостей на страницу