Php

Php

714 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2015-8865

Exploit
  • EPSS 1.01%
  • Veröffentlicht 20.05.2016 10:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a de...

7.1

CVE-2016-3185

  • EPSS 2.43%
  • Veröffentlicht 16.05.2016 10:59:27
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (...

10

CVE-2016-2554

Exploit
  • EPSS 10.28%
  • Veröffentlicht 16.05.2016 10:59:26
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive...

7.5

CVE-2015-8874

Exploit
  • EPSS 3.78%
  • Veröffentlicht 16.05.2016 10:59:25
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.

7.5

CVE-2015-8873

Exploit
  • EPSS 2.79%
  • Veröffentlicht 16.05.2016 10:59:24
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.

5.9

CVE-2015-8838

  • EPSS 0.66%
  • Veröffentlicht 16.05.2016 10:59:23
  • Zuletzt bearbeitet 12.04.2025 10:46:40

ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issu...

9.8

CVE-2015-8835

  • EPSS 4.05%
  • Veröffentlicht 16.05.2016 10:59:22
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type ...

7.5

CVE-2015-6838

  • EPSS 3.8%
  • Veröffentlicht 16.05.2016 10:59:21
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding wi...

7.5

CVE-2015-6837

  • EPSS 3.8%
  • Veröffentlicht 16.05.2016 10:59:20
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding wi...

9.8

CVE-2015-6835

  • EPSS 21.3%
  • Veröffentlicht 16.05.2016 10:59:19
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafte...