php

756 tracked vulnerabilities.

CVE-2016-6288 CRITICAL
PHP < 5.5.37 - Buffer Over-read via php_url_parse_ex Function
Jul 25, 2016
CVSS 9.8
EPSS 0.04
CVE-2016-5385 HIGH
Oracle Communications User Data Repository < 5.09 - Open Redirect
Jul 19, 2016
CVSS 8.1
EPSS 0.84
CVE-2016-6174 HIGH
Invision Power Board < 4.1.13 - Remote Code Execution via content_class Parameter
Jul 12, 2016
CVSS 8.1
EPSS 0.20
CVE-2016-4544 CRITICAL
PHP < 5.5.35, 5.6.x < 5.6.21, 7.x < 7.0.6 - Denial of Service via TIFF Header Processing
May 22, 2016
CVSS 9.8
EPSS 0.04
CVE-2016-4543 CRITICAL
HP System Management Homepage < 7.5.5.6 - Memory Corruption
May 22, 2016
CVSS 9.8
EPSS 0.05
CVE-2016-4542 CRITICAL
PHP < 5.5.35, 5.6.x < 5.6.21, 7.x < 7.0.6 - Denial of Service via EXIF Header Processing
May 22, 2016
CVSS 9.8
EPSS 0.01
CVE-2016-4541 CRITICAL
Fedora < 5.5.34 - Denial of Service
May 22, 2016
CVSS 9.8
EPSS 0.02
CVE-2016-4540 CRITICAL
Fedora < 5.5.34 - Denial of Service
May 22, 2016
CVSS 9.8
EPSS 0.02
CVE-2016-4539 CRITICAL
PHP < 5.5.35, 5.6.x < 5.6.21, 7.x < 7.0.6 - Denial of Service via xml_parse_into_struct
May 22, 2016
CVSS 9.8
EPSS 0.05
CVE-2016-4538 CRITICAL
PHP < 5.5.35, 5.6.x < 5.6.21, 7.x < 7.0.6 - Denial of Service via bcpowmod Function
May 22, 2016
CVSS 9.8
EPSS 0.06
CVE-2016-4537 CRITICAL
PHP < 5.5.35, 5.6.x < 5.6.21, 7.x < 7.0.6 - Denial of Service via bcpowmod Negative Scale Argument
May 22, 2016
CVSS 9.8
EPSS 0.06
CVE-2016-4346 CRITICAL
PHP < 7.0.4 - Integer Overflow in str_pad Function
May 22, 2016
CVSS 9.8
EPSS 0.01
CVE-2016-4345 CRITICAL
PHP < 7.0.4 - Denial of Service via Integer Overflow in php_filter_encode_url
May 22, 2016
CVSS 9.8
EPSS 0.01
CVE-2016-4344 CRITICAL
PHP 7.0.0-7.0.3 - Integer Overflow in utf8_encode via Long Argument
May 22, 2016
CVSS 9.8
EPSS 0.01
CVE-2016-4343 HIGH
PHP < 5.5.36 - Use-After-Free in phar_make_dirstream
May 22, 2016
CVSS 8.8
EPSS 0.08
CVE-2016-4342 HIGH
PHP <5.5.32, 5.6.x <5.6.18, 7.x <7.0.3 - DoS
May 22, 2016
CVSS 8.8
EPSS 0.06
CVE-2016-4073 CRITICAL
PHP <5.5.34, <5.6.20, <7.0.5 - Buffer Overflow
May 20, 2016
CVSS 9.8
EPSS 0.11
CVE-2016-4072 CRITICAL
PHP < 5.5.34, 5.6.x < 5.6.20, 7.x < 7.0.5 - Remote Code Execution via Phar Filename Handling
May 20, 2016
CVSS 9.8
EPSS 0.11
CVE-2016-4071 CRITICAL
PHP < 5.5.34, 5.6.x < 5.6.20, 7.x < 7.0.5 - Remote Code Execution via SNMP::get Format String Specifiers
May 20, 2016
CVSS 9.8
EPSS 0.33
CVE-2016-4070 HIGH
PHP < 5.5.34, 5.6.x < 5.6.20, 7.x < 7.0.5 - Denial of Service via Integer Overflow in php_raw_url_encode
May 20, 2016
CVSS 7.5
EPSS 0.06
CVE-2016-3185 HIGH
PHP < 5.4.44, 5.5.x < 5.5.28, 5.6.x < 5.6.12, 7.x < 7.0.4 - Denial of Service via Crafted Serialized _cookies Data
May 16, 2016
CVSS 7.1
EPSS 0.02
CVE-2016-2554 CRITICAL
PHP < 5.5.32, 5.6.x < 5.6.18, 7.x < 7.0.3 - Stack-Based Buffer Overflow in TAR Archive Handling
May 16, 2016
CVSS 9.8
EPSS 0.10
CVE-2016-3074 CRITICAL
libgd 2.1.1 - Denial of Service and Potential Remote Code Execution via Crafted Compressed GD2 Data
Apr 26, 2016
CVSS 9.8
EPSS 0.60
CVE-2016-3142 HIGH
PHP < 5.5.33 and 5.6.x < 5.6.19 - Out-of-Bounds Read via PHAR Zip File Parsing
Mar 31, 2016
CVSS 8.2
EPSS 0.04
CVE-2016-3141 CRITICAL
Apple Mac OS X < 10.11.4 - Memory Corruption
Mar 31, 2016
CVSS 9.8
EPSS 0.72
Products
php 723 pear 5 archive_tar 4 frankenphp 2 pearweb 2 php_script_index 2 animated_smiley_generator 1 ar_memberscript 1 blog_cms 1 bloq 1 com_extensions 1 directory_listing_script 1 errordocs 1 ext-http 1 f1_maxs_file_uploader 1 imagick 1 memcached 1 mysql_banner_exchange 1 mysql_extension 1 pear_archive_tar 1 pecl_http 1 php_fi 1 phpsquidpass 1 xhprof 1 xml_rpc 1
Quick Filters
Critical CVEs With Exploits In CISA KEV