Vulnerabilities (CVE)

Vendor filter

Php Subscribe

Filter

249 total CVE
CVE Vendors Products Updated CVSS
CVE-2015-2301 7 Apple, Php, Canonical and 4 more 12 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 9 more 2019-10-09 7.5
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger...
CVE-2017-12933 1 Php 1 Php 2019-10-03 7.5
The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an...
CVE-2016-7398 1 Php 1 Ext-http 2019-09-20 7.5
A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary...
CVE-2018-7584 4 Php, Ubuntu, Canonical and 1 more 4 Php, Ubuntu, Ubuntu Linux and 1 more 2019-08-19 7.5
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c....
CVE-2017-9120 2 Php, Netapp 2 Php, Storage Automation Store 2019-08-19 7.5
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
CVE-2019-9641 5 Php, Debian, Canonical and 2 more 5 Php, Debian Linux, Ubuntu Linux and 2 more 2019-06-18 7.5
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
CVE-2019-9023 5 Php, Debian, Canonical and 2 more 5 Php, Debian Linux, Ubuntu Linux and 2 more 2019-06-18 7.5
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid...
CVE-2019-9021 5 Php, Debian, Canonical and 2 more 5 Php, Debian Linux, Ubuntu Linux and 2 more 2019-06-18 7.5
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated...
CVE-2019-9020 5 Php, Debian, Canonical and 2 more 5 Php, Debian Linux, Ubuntu Linux and 2 more 2019-06-18 7.5
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is...
CVE-2007-1864 4 Php, Canonical, Debian and 1 more 5 Php, Ubuntu Linux, Debian Linux and 2 more 2019-05-22 7.5
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.
CVE-2017-11362 1 Php 1 Php 2019-05-22 7.5
In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly...
CVE-2019-11037 1 Php 1 Imagick 2019-05-16 7.5
In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to...
CVE-2015-4643 4 Php, Redhat, Debian and 1 more 12 Enterprise Linux Desktop, Enterprise Linux, Php and 9 more 2019-05-10 7.5
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based...
CVE-2015-4022 3 Apple, Php, Redhat 9 Enterprise Linux Desktop, Enterprise Linux, Php and 6 more 2019-04-22 7.5
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer...
CVE-2015-3329 4 Apple, Php, Oracle and 1 more 11 Linux, Enterprise Linux Desktop, Enterprise Linux and 8 more 2019-04-22 7.5
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar,...
CVE-2015-4025 3 Apple, Php, Redhat 9 Enterprise Linux Desktop, Enterprise Linux, Php and 6 more 2019-04-22 7.5
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories...
CVE-2015-3307 3 Apple, Php, Redhat 9 Enterprise Linux Desktop, Enterprise Linux, Php and 6 more 2019-04-22 7.5
The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a...
CVE-2015-4026 3 Apple, Php, Redhat 9 Enterprise Linux Desktop, Enterprise Linux, Php and 6 more 2019-04-22 7.5
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute...
CVE-2015-4603 2 Php, Redhat 8 Enterprise Linux Desktop, Enterprise Linux, Php and 5 more 2019-04-22 10.0
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
CVE-2015-4602 2 Php, Redhat 8 Enterprise Linux Desktop, Enterprise Linux, Php and 5 more 2019-04-22 10.0
The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code...