CVE-2011-1468
- EPSS 13.21%
- Veröffentlicht 20.03.2011 02:00:04
- Zuletzt bearbeitet 16.06.2026 23:29:24
Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt fun...
CVE-2011-1469
- EPSS 4.32%
- Veröffentlicht 20.03.2011 02:00:04
- Zuletzt bearbeitet 16.06.2026 23:29:24
Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper.
CVE-2011-1470
- EPSS 9.52%
- Veröffentlicht 20.03.2011 02:00:04
- Zuletzt bearbeitet 16.06.2026 23:29:24
The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function.
CVE-2011-1471
- EPSS 13.13%
- Veröffentlicht 20.03.2011 02:00:04
- Zuletzt bearbeitet 16.06.2026 23:29:24
Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.
CVE-2011-0421
- EPSS 13.51%
- Veröffentlicht 20.03.2011 02:00:03
- Zuletzt bearbeitet 16.06.2026 23:27:19
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer derefer...
CVE-2011-0708
- EPSS 9.86%
- Veröffentlicht 20.03.2011 02:00:03
- Zuletzt bearbeitet 16.06.2026 23:27:55
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buf...
CVE-2011-1148
- EPSS 4.61%
- Veröffentlicht 18.03.2011 15:55:01
- Zuletzt bearbeitet 16.06.2026 23:28:49
Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple...
CVE-2011-1153
- EPSS 6.83%
- Veröffentlicht 16.03.2011 22:55:04
- Zuletzt bearbeitet 16.06.2026 23:28:49
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly e...
CVE-2011-1092
- EPSS 17.88%
- Veröffentlicht 15.03.2011 17:55:04
- Zuletzt bearbeitet 16.06.2026 23:28:41
Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function.
- EPSS 14.41%
- Veröffentlicht 19.02.2011 01:00:02
- Zuletzt bearbeitet 16.06.2026 23:27:19
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.