Vulnerabilities (CVE)

Filtered by vendor Php Subscribe
Total 737 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-12868 2 Php, Simplesamlphp 2 Php, Simplesamlphp 2024-02-28 7.5 HIGH 9.8 CRITICAL
The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR operation.
CVE-2016-10397 1 Php 1 Php 2024-02-28 5.0 MEDIUM 7.5 HIGH
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).
CVE-2017-11144 1 Php 1 Php 2024-02-28 5.0 MEDIUM 7.5 HIGH
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission.
CVE-2017-9225 3 Oniguruma Project, Php, Ruby-lang 3 Oniguruma, Php, Ruby 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.
CVE-2017-11145 1 Php 1 Php 2024-02-28 5.0 MEDIUM 7.5 HIGH
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: the correct fix is in the e8b7698f5ee757ce2c8bd10a192a491a498f891c commit, not the bd77ac90d3bdf31ce2a5251ad92e9e75 gist.
CVE-2017-11147 2 Netapp, Php 2 Clustered Data Ontap, Php 2024-02-28 6.4 MEDIUM 9.1 CRITICAL
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.
CVE-2017-9229 3 Oniguruma Project, Php, Ruby-lang 3 Oniguruma, Php, Ruby 2024-02-28 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.
CVE-2016-4473 2 Php, Suse 3 Php, Linux Enterprise Module For Web Scripting, Linux Enterprise Software Development Kit 2024-02-28 7.5 HIGH 9.8 CRITICAL
/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.
CVE-2017-5630 1 Php 1 Pear 2024-02-28 5.0 MEDIUM 7.5 HIGH
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.
CVE-2016-5399 1 Php 1 Php 2024-02-28 6.8 MEDIUM 7.8 HIGH
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
CVE-2017-9119 2 Netapp, Php 3 Clustered Data Ontap, Storage Automation Store, Php 2024-02-28 7.5 HIGH 9.8 CRITICAL
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures.
CVE-2016-9138 1 Php 1 Php 2024-02-28 7.5 HIGH 9.8 CRITICAL
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.
CVE-2016-5873 1 Php 1 Pecl Http 2024-02-28 7.5 HIGH 9.8 CRITICAL
Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL.
CVE-2016-10161 1 Php 1 Php 2024-02-28 5.0 MEDIUM 7.5 HIGH
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.
CVE-2016-9935 1 Php 1 Php 2024-02-28 7.5 HIGH 9.8 CRITICAL
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.
CVE-2016-7480 2 Netapp, Php 2 Clustered Data Ontap, Php 2024-02-28 7.5 HIGH 9.8 CRITICAL
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access) via crafted serialized data.
CVE-2017-5340 2 Netapp, Php 2 Clustered Data Ontap, Php 2024-02-28 7.5 HIGH 9.8 CRITICAL
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data.
CVE-2017-7272 1 Php 1 Php 2024-02-28 5.8 MEDIUM 7.4 HIGH
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.
CVE-2017-8923 1 Php 1 Php 2024-02-28 7.5 HIGH 9.8 CRITICAL
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
CVE-2017-9067 2 Modx, Php 2 Modx Revolution, Php 2024-02-28 4.4 MEDIUM 7.0 HIGH
In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.