Vulnerabilities (CVE)

Vendor filter

Php Subscribe

Filter

633 total CVE
CVE Vendors Products Updated CVSS
CVE-2015-4644 2 Php, Redhat 2 Enterprise Linux, Php 2019-04-22 5.0
The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause...
CVE-2015-4021 3 Apple, Php, Redhat 9 Enterprise Linux Desktop, Enterprise Linux, Php and 6 more 2019-04-22 5.0
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause...
CVE-2015-4603 2 Php, Redhat 8 Enterprise Linux Desktop, Enterprise Linux, Php and 5 more 2019-04-22 10.0
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
CVE-2015-4598 2 Php, Redhat 8 Enterprise Linux Desktop, Enterprise Linux, Php and 5 more 2019-04-22 7.5
PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a...
CVE-2015-3411 2 Php, Redhat 8 Enterprise Linux Desktop, Enterprise Linux, Php and 5 more 2019-04-22 6.4
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a...
CVE-2015-4025 3 Apple, Php, Redhat 9 Enterprise Linux Desktop, Enterprise Linux, Php and 6 more 2019-04-22 7.5
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories...
CVE-2015-4026 3 Apple, Php, Redhat 9 Enterprise Linux Desktop, Enterprise Linux, Php and 6 more 2019-04-22 7.5
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute...
CVE-2015-3330 4 Apple, Php, Oracle and 1 more 11 Linux, Enterprise Linux Desktop, Enterprise Linux and 8 more 2019-04-22 6.8
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash)...
CVE-2015-4022 3 Apple, Php, Redhat 9 Enterprise Linux Desktop, Enterprise Linux, Php and 6 more 2019-04-22 7.5
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer...
CVE-2015-3307 3 Apple, Php, Redhat 9 Enterprise Linux Desktop, Enterprise Linux, Php and 6 more 2019-04-22 7.5
The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a...
CVE-2015-4024 5 Hp, Apple, Php and 2 more 12 Linux, Enterprise Linux Desktop, Enterprise Linux and 9 more 2019-04-22 5.0
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted...
CVE-2015-2783 3 Apple, Php, Redhat 9 Enterprise Linux Desktop, Enterprise Linux, Php and 6 more 2019-04-22 5.8
ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted...
CVE-2017-8923 1 Php 1 Php 2019-04-16 7.5
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly...
CVE-2019-6977 5 Libgd, Php, Debian and 2 more 5 Libgd, Php, Debian Linux and 2 more 2019-04-10 6.8
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow....
CVE-2017-9119 2 Php, Netapp 3 Php, Clustered Data Ontap, Storage Automation Store 2019-03-19 7.5
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data...
CVE-2018-12882 3 Php, Canonical, Netapp 3 Php, Ubuntu Linux, Storage Automation Store 2019-03-12 7.5
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through...
CVE-2018-15132 2 Php, Netapp 2 Php, Storage Automation Store 2019-03-08 5.0
An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find...
CVE-2016-7568 3 Libgd, Php, Debian 3 Libgd, Php, Debian Linux 2019-03-07 7.5
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have...
CVE-2018-14883 4 Php, Canonical, Debian and 1 more 4 Php, Ubuntu Linux, Debian Linux and 1 more 2019-03-05 5.0
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.
CVE-2018-1000888 3 Php, Canonical, Debian 3 Pear Archive Tar, Ubuntu Linux, Debian Linux 2019-03-05 6.8
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract...