Vulnerabilities (CVE)

Vendor filter

Php Subscribe

Filter

609 total CVE
CVE Vendors Products Updated CVSS
CVE-2015-8867 2 Php, Canonical 2 Php, Ubuntu Linux 2019-02-14 5.0
The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to...
CVE-2015-8866 2 Php, Canonical 2 Php, Ubuntu Linux 2019-02-14 6.8
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and...
CVE-2015-8876 1 Php 1 Php 2019-02-14 7.5
Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or...
CVE-2015-8878 1 Php 1 Php 2019-02-14 7.1
main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that...
CVE-2018-1000888 3 Php, Canonical, Debian 3 Pear Archive Tar, Ubuntu Linux, Debian Linux 2019-02-12 6.8
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract...
CVE-2019-6977 3 Libgd, Php, Debian 3 Libgd, Php, Debian Linux 2019-02-08 6.8
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow....
CVE-2015-2301 7 Apple, Php, Canonical and 4 more 12 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 9 more 2019-02-05 7.5
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger...
CVE-2015-1352 2 Apple, Php 2 Mac Os X, Php 2019-02-04 5.0
The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and...
CVE-2015-1351 3 Apple, Oracle, Php 5 Solaris, Mac Os X, Php and 2 more 2019-02-04 7.5
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2018-19518 3 Php, University Of Washington, Debian 3 Php, Uw-imap, Debian Linux 2019-02-04 8.5
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without...
CVE-2018-19520 2 Php, Sdcms 2 Php, Sdcms 2019-02-04 6.5
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to...
CVE-2014-9709 6 Libgd, Php, Novell and 3 more 6 Php, Libgd, Opensuse and 3 more 2019-02-01 5.0
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is...
CVE-2018-5711 1 Php 1 Php 2019-01-31 4.3
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as...
CVE-2006-7086 2 Php, Mrcgiguy 2 Php Perl Hot Links, Php Perl Hot Links 2019-01-02 4.3
The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter.
CVE-2018-19396 1 Php 1 Php 2019-01-02 5.0
ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.
CVE-2018-19935 2 Php, Debian 2 Php, Debian Linux 2018-12-31 5.0
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
CVE-2018-19395 1 Php 1 Php 2018-12-27 5.0
ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in...
CVE-2018-17082 2 Php, Debian 2 Php, Debian Linux 2018-12-11 4.3
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function...
CVE-2018-14883 3 Php, Canonical, Debian 3 Php, Ubuntu Linux, Debian Linux 2018-12-11 5.0
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.
CVE-2018-14851 3 Php, Canonical, Debian 3 Php, Ubuntu Linux, Debian Linux 2018-12-11 4.3
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted...