Логотип exploitDog
product: "php"
Консоль
Логотип exploitDog

exploitDog

product: "php"
PHP

PHPпопулярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP
Вендор: php

График релизов

8.18.28.38.4202120222023202420252026202720282029

Недавние уязвимости PHP

Количество 3 799

nvd логотип

CVE-2009-3291

почти 16 лет назад

The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

CVSS2: 7.5
EPSS: Низкий
debian логотип

CVE-2009-3291

почти 16 лет назад

The php_openssl_apply_verification_policy function in PHP before 5.2.1 ...

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2009-3291

почти 16 лет назад

The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2009-3294

почти 16 лет назад

The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2009-3293

почти 16 лет назад

Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2009-3292

почти 16 лет назад

Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."

CVSS2: 7.5
EPSS: Низкий
redhat логотип

CVE-2009-3292

почти 16 лет назад

Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."

CVSS2: 4.3
EPSS: Низкий
redhat логотип

CVE-2009-3293

почти 16 лет назад

Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."

CVSS2: 4.3
EPSS: Низкий
redhat логотип

CVE-2009-3291

почти 16 лет назад

The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

CVSS2: 2.6
EPSS: Низкий
nvd логотип

CVE-2008-7068

почти 16 лет назад

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.

CVSS2: 6.4
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
nvd логотип
CVE-2009-3291

The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

CVSS2: 7.5
2%
Низкий
почти 16 лет назад
debian логотип
CVE-2009-3291

The php_openssl_apply_verification_policy function in PHP before 5.2.1 ...

CVSS2: 7.5
2%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2009-3291

The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

CVSS2: 7.5
2%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2009-3294

The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" string in the second argument (aka mode), possibly related to the _fdopen function in the Microsoft C runtime library. NOTE: this might not cross privilege boundaries except in rare cases in which the mode argument is accessible to an attacker outside of an application that uses the popen function.

CVSS2: 5
1%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2009-3293

Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."

CVSS2: 7.5
2%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2009-3292

Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."

CVSS2: 7.5
4%
Низкий
почти 16 лет назад
redhat логотип
CVE-2009-3292

Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."

CVSS2: 4.3
4%
Низкий
почти 16 лет назад
redhat логотип
CVE-2009-3293

Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."

CVSS2: 4.3
2%
Низкий
почти 16 лет назад
redhat логотип
CVE-2009-3291

The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

CVSS2: 2.6
2%
Низкий
почти 16 лет назад
nvd логотип
CVE-2008-7068

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.

CVSS2: 6.4
1%
Низкий
почти 16 лет назад

Уязвимостей на страницу


Поделиться