Php

Php

711 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2015-8874

Exploit
  • EPSS 2.92%
  • Veröffentlicht 16.05.2016 10:59:25
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.

7.5

CVE-2015-8873

Exploit
  • EPSS 2.79%
  • Veröffentlicht 16.05.2016 10:59:24
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.

5.9

CVE-2015-8838

  • EPSS 0.66%
  • Veröffentlicht 16.05.2016 10:59:23
  • Zuletzt bearbeitet 12.04.2025 10:46:40

ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issu...

9.8

CVE-2015-8835

  • EPSS 4.05%
  • Veröffentlicht 16.05.2016 10:59:22
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type ...

7.5

CVE-2015-6838

  • EPSS 3.79%
  • Veröffentlicht 16.05.2016 10:59:21
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding wi...

7.5

CVE-2015-6837

  • EPSS 3.79%
  • Veröffentlicht 16.05.2016 10:59:20
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding wi...

9.8

CVE-2015-6835

  • EPSS 20.13%
  • Veröffentlicht 16.05.2016 10:59:19
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafte...

9.8

CVE-2015-6834

  • EPSS 40.28%
  • Veröffentlicht 16.05.2016 10:59:18
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3)...

10

CVE-2015-5589

  • EPSS 10.38%
  • Veröffentlicht 16.05.2016 10:59:17
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (seg...

7.5

CVE-2015-4644

  • EPSS 4.23%
  • Veröffentlicht 16.05.2016 10:59:16
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a d...