CVE-2013-6420
- EPSS 35.64%
- Veröffentlicht 17.12.2013 04:46:45
- Zuletzt bearbeitet 29.04.2026 01:13:23
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to exec...
- EPSS 4.58%
- Veröffentlicht 28.11.2013 04:37:39
- Zuletzt bearbeitet 29.04.2026 01:13:23
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted inte...
CVE-2013-1824
- EPSS 4.31%
- Veröffentlicht 16.09.2013 13:02:34
- Zuletzt bearbeitet 29.04.2026 01:13:23
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity...
CVE-2013-4248
- EPSS 3.59%
- Veröffentlicht 18.08.2013 02:52:23
- Zuletzt bearbeitet 29.04.2026 01:13:23
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-...
CVE-2011-4718
- EPSS 3.6%
- Veröffentlicht 13.08.2013 15:04:18
- Zuletzt bearbeitet 29.04.2026 01:13:23
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
CVE-2013-4113
- EPSS 5.19%
- Veröffentlicht 13.07.2013 13:10:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the...
- EPSS 4.23%
- Veröffentlicht 21.06.2013 21:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish ...
CVE-2013-4636
- EPSS 1.98%
- Veröffentlicht 21.06.2013 21:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type ...
- EPSS 6.75%
- Veröffentlicht 21.06.2013 20:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other imp...
- EPSS 2.83%
- Veröffentlicht 31.05.2013 21:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafte...