Filtered by vendor Php
Subscribe
Search
Total
114 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4644 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2019-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352. | |||||
| CVE-2015-4605 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2019-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. | |||||
| CVE-2016-5766 | 6 Debian, Fedoraproject, Freebsd and 3 more | 7 Debian Linux, Fedora, Freebsd and 4 more | 2019-04-22 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. | |||||
| CVE-2015-4604 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2019-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. | |||||
| CVE-2018-15132 | 2 Netapp, Php | 2 Storage Automation Store, Php | 2019-03-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories. | |||||
| CVE-2015-8867 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2019-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | |||||
| CVE-2018-19520 | 2 Php, Sdcms | 2 Php, Sdcms | 2019-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management. | |||||
| CVE-2018-19395 | 1 Php | 1 Php | 2018-12-27 | 5.0 MEDIUM | 7.5 HIGH |
| ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell"). | |||||
| CVE-2016-4342 | 2 Opensuse, Php | 2 Leap, Php | 2018-10-30 | 8.3 HIGH | 8.8 HIGH |
| ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive. | |||||
| CVE-2015-8874 | 2 Opensuse, Php | 2 Leap, Php | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. | |||||
| CVE-2015-8873 | 2 Opensuse, Php | 2 Leap, Php | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls. | |||||
| CVE-2016-5399 | 1 Php | 1 Php | 2018-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive. | |||||
| CVE-2015-8865 | 2 Apple, Php | 2 Mac Os X, Php | 2018-06-30 | 7.5 HIGH | 7.3 HIGH |
| The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. | |||||
| CVE-2017-11145 | 1 Php | 1 Php | 2018-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist. | |||||
| CVE-2017-11628 | 1 Php | 1 Php | 2018-05-04 | 6.8 MEDIUM | 7.8 HIGH |
| In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives. | |||||
| CVE-2017-12934 | 1 Php | 1 Php | 2018-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP. | |||||
| CVE-2016-9934 | 1 Php | 1 Php | 2018-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. | |||||
| CVE-2016-9933 | 2 Libgd, Php | 2 Libgd, Php | 2018-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. | |||||
| CVE-2016-7418 | 1 Php | 1 Php | 2018-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. | |||||
| CVE-2016-7416 | 1 Php | 1 Php | 2018-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument. | |||||
| CVE-2016-7412 | 1 Php | 1 Php | 2018-05-04 | 6.8 MEDIUM | 8.1 HIGH |
| ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata. | |||||
| CVE-2016-10158 | 1 Php | 1 Php | 2018-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. | |||||
| CVE-2017-9229 | 3 Oniguruma Project, Php, Ruby-lang | 3 Oniguruma, Php, Ruby | 2018-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. | |||||
| CVE-2016-10159 | 1 Php | 1 Php | 2018-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. | |||||
| CVE-2016-10161 | 1 Php | 1 Php | 2018-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. | |||||
| CVE-2016-10162 | 1 Php | 1 Php | 2018-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. | |||||
| CVE-2017-11143 | 1 Php | 1 Php | 2018-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c. | |||||
| CVE-2017-11144 | 1 Php | 1 Php | 2018-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission. | |||||
| CVE-2017-7272 | 1 Php | 1 Php | 2018-02-26 | 5.8 MEDIUM | 7.4 HIGH |
| PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function. | |||||
| CVE-2016-7478 | 1 Php | 1 Php | 2018-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. | |||||
| CVE-2016-10397 | 1 Php | 1 Php | 2018-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c). | |||||
| CVE-2017-11142 | 1 Php | 1 Php | 2018-01-14 | 7.8 HIGH | 7.5 HIGH |
| In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c. | |||||
| CVE-2016-5767 | 2 Libgd, Php | 2 Libgd, Php | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions. | |||||
| CVE-2016-7130 | 1 Php | 1 Php | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document. | |||||
| CVE-2016-7125 | 1 Php | 1 Php | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection. | |||||
| CVE-2016-6297 | 1 Php | 1 Php | 2018-01-05 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL. | |||||
| CVE-2016-6289 | 1 Php | 1 Php | 2018-01-05 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive. | |||||
| CVE-2016-5094 | 1 Php | 1 Php | 2018-01-05 | 7.5 HIGH | 8.6 HIGH |
| Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function. | |||||
| CVE-2016-4070 | 1 Php | 1 Php | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not)." | |||||
| CVE-2016-5093 | 1 Php | 1 Php | 2018-01-05 | 7.5 HIGH | 8.6 HIGH |
| The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted locale_get_primary_language call. | |||||
| CVE-2015-8877 | 2 Libgd, Php | 2 Libgd, Php | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function. | |||||
| CVE-2015-8879 | 1 Php | 1 Php | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table. | |||||
| CVE-2016-5096 | 1 Php | 1 Php | 2018-01-05 | 7.5 HIGH | 8.6 HIGH |
| Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument. | |||||
| CVE-2016-3142 | 2 Apple, Php | 2 Mac Os X, Php | 2018-01-05 | 6.4 MEDIUM | 8.2 HIGH |
| The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location. | |||||
| CVE-2013-7456 | 2 Libgd, Php | 2 Libgd, Php | 2018-01-05 | 6.8 MEDIUM | 7.6 HIGH |
| gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image that is mishandled by the imagescale function. | |||||
| CVE-2015-6837 | 2 Php, Xmlsoft | 2 Php, Libxml2 | 2017-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838. | |||||
| CVE-2015-5590 | 1 Php | 1 Php | 2017-11-04 | 7.5 HIGH | 7.3 HIGH |
| Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension. | |||||
| CVE-2015-6831 | 1 Php | 1 Php | 2017-11-04 | 7.5 HIGH | 7.3 HIGH |
| Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization. | |||||
| CVE-2015-6832 | 1 Php | 1 Php | 2017-11-04 | 7.5 HIGH | 7.3 HIGH |
| Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field. | |||||
| CVE-2015-6833 | 1 Php | 1 Php | 2017-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call. | |||||