Max CVSS | 10.0 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-11043 | 7.5 |
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the p
|
16-07-2024 - 17:52 | 28-10-2019 - 15:15 | |
CVE-2016-5385 | 5.1 |
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attacker
|
12-02-2023 - 23:23 | 19-07-2016 - 02:00 | |
CVE-2014-4698 | 4.6 |
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applicatio
|
19-01-2023 - 16:35 | 10-07-2014 - 11:06 | |
CVE-2014-4721 | 2.6 |
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent
|
19-01-2023 - 16:14 | 06-07-2014 - 23:55 | |
CVE-2014-3710 | 5.0 |
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and appli
|
05-11-2022 - 02:10 | 05-11-2014 - 11:55 | |
CVE-2013-4113 | 6.8 |
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the
|
16-08-2022 - 13:29 | 13-07-2013 - 13:10 | |
CVE-2020-7066 | 4.3 |
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make in
|
08-05-2022 - 23:51 | 01-04-2020 - 04:15 | |
CVE-2019-9640 | 5.0 |
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
|
05-04-2022 - 20:48 | 09-03-2019 - 00:29 | |
CVE-2015-4643 | 7.5 |
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer ov
|
27-12-2019 - 16:08 | 16-05-2016 - 10:59 | |
CVE-2019-9024 | 5.0 |
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlr
|
18-06-2019 - 18:15 | 22-02-2019 - 23:29 | |
CVE-2013-6420 | 7.5 |
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to exec
|
30-10-2018 - 16:27 | 17-12-2013 - 04:46 | |
CVE-2017-7890 | 4.3 |
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitia
|
04-05-2018 - 01:29 | 02-08-2017 - 19:29 | |
CVE-2016-10168 | 6.8 |
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
|
04-05-2018 - 01:29 | 15-03-2017 - 15:59 | |
CVE-2016-5768 | 7.5 |
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial o
|
05-01-2018 - 02:31 | 07-08-2016 - 10:59 | |
CVE-2012-2688 | 10.0 |
Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."
|
22-12-2017 - 02:29 | 20-07-2012 - 10:40 | |
CVE-2013-4248 | 4.3 |
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-
|
28-11-2016 - 19:09 | 18-08-2013 - 02:52 | |
CVE-2014-5120 | 6.4 |
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1)
|
26-10-2016 - 02:00 | 23-08-2014 - 01:55 |