php

756 tracked vulnerabilities.

CVE-2015-4644 HIGH
Redhat Enterprise Linux < 5.4.41 - Denial of Service
May 16, 2016
CVSS 7.5
EPSS 0.10
CVE-2015-4643 CRITICAL
PHP < 5.4.42 - Remote Code Execution via FTP LIST Command Reply Overflow
May 16, 2016
CVSS 9.8
EPSS 0.09
CVE-2015-4642 CRITICAL
PHP < 5.4.42 - OS Command Injection via escapeshellarg Function
May 16, 2016
CVSS 9.8
EPSS 0.06
CVE-2015-4605 HIGH
PHP < 5.4.40 - Denial of Service via Fileinfo mcopy Offset Mishandling
May 16, 2016
CVSS 7.5
EPSS 0.09
CVE-2015-4604 HIGH
PHP < 5.4.40 - Denial of Service via Fileinfo Component
May 16, 2016
CVSS 7.5
EPSS 0.09
CVE-2015-4603 CRITICAL
PHP < 5.4.40 - Remote Code Execution via Exception::getTraceAsString Type Confusion
May 16, 2016
CVSS 9.8
EPSS 0.08
CVE-2015-4602 CRITICAL
Redhat Enterprise Linux < 5.4.39 - Denial of Service
May 16, 2016
CVSS 9.8
EPSS 0.11
CVE-2015-4601 CRITICAL
Redhat Enterprise Linux Desktop < 5.6.6 - Denial of Service
May 16, 2016
CVSS 9.8
EPSS 0.21
CVE-2015-4600 CRITICAL
Redhat Enterprise Linux Desktop < 5.4.39 - Denial of Service
May 16, 2016
CVSS 9.8
EPSS 0.11
CVE-2015-4599 CRITICAL
PHP < 5.4.40, 5.5.x < 5.5.24, 5.6.x < 5.6.8 - Type Confusion in SoapFault::__toString
May 16, 2016
CVSS 9.8
EPSS 0.07
CVE-2015-4598 MEDIUM
Redhat Enterprise Linux Desktop < 5.4.41 - Improper Input Validation
May 16, 2016
CVSS 6.5
EPSS 0.01
CVE-2015-4116 CRITICAL
Opensuse Leap < 5.5.26 - Use After Free
May 16, 2016
CVSS 9.8
EPSS 0.03
CVE-2015-3412 MEDIUM
PHP <5.4.40, 5.5.x <5.5.24, 5.6.x <5.6.8 - Info Disclosure
May 16, 2016
CVSS 5.3
EPSS 0.01
CVE-2015-3411 MEDIUM
PHP <5.4.40, 5.5.x <5.5.24, 5.6.x <5.6.8 - Info Disclosure
May 16, 2016
CVSS 6.5
EPSS 0.00
CVE-2015-3152 MEDIUM
Oracle MySQL <5.7.3 & MariaDB <5.5.44 - Info Disclosure
May 16, 2016
CVSS 5.9
EPSS 0.40
CVE-2015-8617 CRITICAL
PHP 7.x < 7.0.1 - Remote Code Execution via Format String Specifiers in Class Name
Jan 19, 2016
CVSS 9.8
EPSS 0.22
CVE-2015-8616 HIGH
PHP 7.x - Use-After-Free in Collator::sortWithSortKeys
Jan 19, 2016
CVSS 8.6
EPSS 0.01
CVE-2015-6836 HIGH
PHP < 5.4.45 - Remote Code Execution via SoapClient __call Type Confusion
Jan 19, 2016
CVSS 7.3
EPSS 0.03
CVE-2015-6833 HIGH
PHP < 5.4.44, 5.5.x < 5.5.28, 5.6.x < 5.6.12 - Path Traversal and Arbitrary File Write via PharData extractTo
Jan 19, 2016
CVSS 7.5
EPSS 0.00
CVE-2015-6832 HIGH
PHP < 5.4.44 - Use-After-Free in SPL Unserialize
Jan 19, 2016
CVSS 7.3
EPSS 0.02
CVE-2015-6831 HIGH
PHP < 5.4.44 - Use-After-Free in SPL Unserialization
Jan 19, 2016
CVSS 7.3
EPSS 0.01
CVE-2015-6527 HIGH
PHP 7.x - Remote Code Execution via str_ireplace Third Argument
Jan 19, 2016
CVSS 7.3
EPSS 0.02
CVE-2015-5590 HIGH
PHP <5.4.43, <5.5.27, <5.6.11 - Buffer Overflow
Jan 19, 2016
CVSS 7.3
EPSS 0.06
CVE-2015-7804
PHP <5.5.30, <5.6.14 - DoS
Dec 11, 2015
EPSS 0.18
CVE-2015-7803
PHP < 5.5.29 - Denial of Service via Crafted TAR Archive Entry in PHAR File
Dec 11, 2015
EPSS 0.26
Products
php 723 pear 5 archive_tar 4 frankenphp 2 pearweb 2 php_script_index 2 animated_smiley_generator 1 ar_memberscript 1 blog_cms 1 bloq 1 com_extensions 1 directory_listing_script 1 errordocs 1 ext-http 1 f1_maxs_file_uploader 1 imagick 1 memcached 1 mysql_banner_exchange 1 mysql_extension 1 pear_archive_tar 1 pecl_http 1 php_fi 1 phpsquidpass 1 xhprof 1 xml_rpc 1
Quick Filters
Critical CVEs With Exploits In CISA KEV