php

756 tracked vulnerabilities.

CVE-2016-5873 CRITICAL
pecl_http < 3.0.1 - Remote Code Execution via HTTP URL Parsing Buffer Overflow
Jan 23, 2017
CVSS 9.8
EPSS 0.05
CVE-2016-7479 CRITICAL
PHP 7.x - Use-After-Free during Unserialization
Jan 12, 2017
CVSS 9.8
EPSS 0.22
CVE-2016-7480 CRITICAL
PHP < 7.0.12 - Remote Code Execution via SplObjectStorage Unserialize
Jan 11, 2017
CVSS 9.8
EPSS 0.04
CVE-2016-7478 HIGH
PHP - Denial of Service via Crafted Exception Object in Serialized Data
Jan 11, 2017
CVSS 7.5
EPSS 0.19
CVE-2016-9936 CRITICAL
PHP 7.x - Use-After-Free via Crafted Serialized Data
Jan 04, 2017
CVSS 9.8
EPSS 0.01
CVE-2016-9935 CRITICAL
PHP < 5.6.29 and 7.x < 7.0.14 - Out-of-bounds Read in WDDX Boolean Element Parsing
Jan 04, 2017
CVSS 9.8
EPSS 0.05
CVE-2016-9934 HIGH
PHP < 5.6.28 and 7.x < 7.0.13 - Denial of Service via WDDX Packet Deserialization
Jan 04, 2017
CVSS 7.5
EPSS 0.12
CVE-2016-9138 CRITICAL
PHP < 5.6.27 and 7.x < 7.0.12 - Use-After-Free via Serialized Data
Jan 04, 2017
CVSS 9.8
EPSS 0.01
CVE-2016-9137 CRITICAL
PHP <5.6.27, <7.0.12 - Use After Free
Jan 04, 2017
CVSS 9.8
EPSS 0.01
CVE-2016-7568 CRITICAL
libgd < 2.2.3 - Integer Overflow in gdImageWebpCtx
Sep 28, 2016
CVSS 9.8
EPSS 0.03
CVE-2016-7418 HIGH
PHP < 5.6.26 and 7.x < 7.0.11 - Denial of Service via WDDX Deserialization
Sep 17, 2016
CVSS 7.5
EPSS 0.02
CVE-2016-7417 CRITICAL
PHP < 5.6.26 and 7.x < 7.0.11 - Denial of Service via SplArray Unserialization
Sep 17, 2016
CVSS 9.8
EPSS 0.02
CVE-2016-7416 HIGH
PHP < 5.6.26 and 7.x < 7.0.11 - Denial of Service via Long Locale in MessageFormatter::formatMessage
Sep 17, 2016
CVSS 7.5
EPSS 0.03
CVE-2016-7414 CRITICAL
PHP < 5.6.26 and 7.x < 7.0.11 - Denial of Service via Crafted PHAR Archive
Sep 17, 2016
CVSS 9.8
EPSS 0.02
CVE-2016-7413 CRITICAL
PHP < 5.6.26 and 7.x < 7.0.11 - Use-After-Free in WDDX Deserialization
Sep 17, 2016
CVSS 9.8
EPSS 0.02
CVE-2016-7412 HIGH
PHP < 5.6.26 and 7.x < 7.0.11 - Denial of Service via MySQL BIT Field Metadata
Sep 17, 2016
CVSS 8.1
EPSS 0.02
CVE-2016-7411 CRITICAL
PHP < 5.6.26 - Memory Corruption via Unserialize Call
Sep 17, 2016
CVSS 9.8
EPSS 0.01
CVE-2016-7134 CRITICAL
PHP 7.x - Denial of Service via Long String in curl_escape
Sep 12, 2016
CVSS 9.8
EPSS 0.01
CVE-2016-7133 HIGH
PHP 7.x < 7.0.10 - Denial of Service via Integer Overflow in zend_alloc.c
Sep 12, 2016
CVSS 8.1
EPSS 0.01
CVE-2016-7132 HIGH
PHP < 5.6.25 and 7.x < 7.0.10 - Denial of Service via WDDX Deserialization NULL Pointer Dereference
Sep 12, 2016
CVSS 7.5
EPSS 0.15
CVE-2016-7131 HIGH
PHP < 5.6.25 and 7.x < 7.0.10 - Denial of Service via Malformed wddxPacket XML Document
Sep 12, 2016
CVSS 7.5
EPSS 0.06
CVE-2016-7130 HIGH
PHP < 5.6.25 and 7.x < 7.0.10 - Denial of Service via Invalid Base64 Binary Value in WDDX Deserialization
Sep 12, 2016
CVSS 7.5
EPSS 0.02
CVE-2016-7129 CRITICAL
PHP < 5.6.25 and 7.x < 7.0.10 - Denial of Service via Invalid ISO 8601 Time in WDDX Deserialization
Sep 12, 2016
CVSS 9.8
EPSS 0.02
CVE-2016-7128 MEDIUM
PHP < 5.6.25 and 7.x < 7.0.10 - Information Disclosure via TIFF Thumbnail Offset Handling
Sep 12, 2016
CVSS 5.3
EPSS 0.02
CVE-2016-7127 CRITICAL
PHP < 5.6.25 and 7.x < 7.0.10 - Out-of-bounds Write via imagegammacorrect Gamma Value Mismatch
Sep 12, 2016
CVSS 9.8
EPSS 0.03
Products
php 723 pear 5 archive_tar 4 frankenphp 2 pearweb 2 php_script_index 2 animated_smiley_generator 1 ar_memberscript 1 blog_cms 1 bloq 1 com_extensions 1 directory_listing_script 1 errordocs 1 ext-http 1 f1_maxs_file_uploader 1 imagick 1 memcached 1 mysql_banner_exchange 1 mysql_extension 1 pear_archive_tar 1 pecl_http 1 php_fi 1 phpsquidpass 1 xhprof 1 xml_rpc 1
Quick Filters
Critical CVEs With Exploits In CISA KEV