VYPR

PHP

by PHP

Source repositories

CVEs (730)

  • CVE-2017-9225CriMay 24, 2017
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not…

  • CVE-2017-9224CriMay 24, 2017
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in…

  • CVE-2017-9119CriMay 21, 2017
    risk 0.64cvss 9.8epss 0.04

    The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures.

  • CVE-2017-8923CriMay 12, 2017
    risk 0.64cvss 9.8epss 0.07

    The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by…

  • CVE-2016-9936CriJan 4, 2017
    risk 0.64cvss 9.8epss 0.04

    The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete…

  • CVE-2016-9935CriJan 4, 2017
    risk 0.64cvss 9.8epss 0.07

    The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket…

  • CVE-2016-9138CriJan 4, 2017
    risk 0.64cvss 9.8epss 0.04

    PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with…

  • CVE-2016-9137CriJan 4, 2017
    risk 0.64cvss 9.8epss 0.05

    Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during…

  • CVE-2016-8670CriJan 4, 2017
    risk 0.64cvss 9.8epss 0.05

    Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have…

  • CVE-2014-9912CriJan 4, 2017
    risk 0.64cvss 9.8epss 0.05

    The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer…

  • CVE-2016-7568CriSep 28, 2016
    risk 0.64cvss 9.8epss 0.05

    Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via…

  • CVE-2016-7417CriSep 17, 2016
    risk 0.64cvss 9.8epss 0.07

    ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.

  • CVE-2016-7414CriSep 17, 2016
    risk 0.64cvss 9.8epss 0.07

    The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other…

  • CVE-2016-7413CriSep 17, 2016
    risk 0.64cvss 9.8epss 0.07

    Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a…

  • CVE-2016-7411CriSep 17, 2016
    risk 0.64cvss 9.8epss 0.06

    ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially…

  • CVE-2016-7134CriSep 12, 2016
    risk 0.64cvss 9.8epss 0.05

    ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is…

  • CVE-2016-7129CriSep 12, 2016
    risk 0.64cvss 9.8epss 0.07

    The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a…

  • CVE-2016-7127CriSep 12, 2016
    risk 0.64cvss 9.8epss 0.07

    The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different…

  • CVE-2016-7126CriSep 12, 2016
    risk 0.64cvss 9.8epss 0.09

    The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have…

  • CVE-2016-5773CriAug 7, 2016
    risk 0.64cvss 9.8epss 0.09

    php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free…

Page 3 of 37