Max CVSS | 7.8 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-11147 | 6.4 |
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile fu
|
20-07-2022 - 17:56 | 10-07-2017 - 14:29 | |
CVE-2017-7890 | 4.3 |
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitia
|
04-05-2018 - 01:29 | 02-08-2017 - 19:29 | |
CVE-2017-11143 | 5.0 |
In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wdd
|
04-05-2018 - 01:29 | 10-07-2017 - 14:29 | |
CVE-2017-11145 | 5.0 |
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/p
|
04-05-2018 - 01:29 | 10-07-2017 - 14:29 | |
CVE-2017-11144 | 5.0 |
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation c
|
04-05-2018 - 01:29 | 10-07-2017 - 14:29 | |
CVE-2017-11142 | 7.8 |
In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.
|
14-01-2018 - 02:29 | 10-07-2017 - 14:29 |