php

756 tracked vulnerabilities.

CVE-2016-7126 CRITICAL
PHP < 5.6.25 and 7.x < 7.0.10 - Out-of-bounds Write via imagetruecolortopalette
Sep 12, 2016
CVSS 9.8
EPSS 0.05
CVE-2016-7125 HIGH
PHP < 5.6.25 and 7.x < 7.0.10 - Remote Arbitrary Session Data Injection via Session Name Parsing
Sep 12, 2016
CVSS 7.5
EPSS 0.01
CVE-2016-7124 CRITICAL
PHP < 5.6.25 and 7.x < 7.0.10 - Denial of Service via Crafted Serialized Data
Sep 12, 2016
CVSS 9.8
EPSS 0.75
CVE-2016-6207 MEDIUM
libgd < 2.2.3 - Denial of Service via Integer Overflow in _gdContributionsAlloc
Aug 12, 2016
CVSS 6.5
EPSS 0.09
CVE-2016-5773 CRITICAL
PHP < 5.5.37, 5.6.x < 5.6.23, 7.x < 7.0.8 - Remote Code Execution via ZipArchive Unserialize Use-After-Free
Aug 07, 2016
CVSS 9.8
EPSS 0.16
CVE-2016-5772 CRITICAL
PHP <5.5.37, <5.6.23, <7.0.8 - Use After Free
Aug 07, 2016
CVSS 9.8
EPSS 0.16
CVE-2016-5771 CRITICAL
PHP < 5.5.37 - Use-After-Free in SPL Array Unserialize Interaction
Aug 07, 2016
CVSS 9.8
EPSS 0.10
CVE-2016-5770 CRITICAL
PHP < 5.5.37 - Integer Overflow in SplFileObject::fread
Aug 07, 2016
CVSS 9.8
EPSS 0.10
CVE-2016-5769 CRITICAL
PHP <5.5.37, 5.6.x <5.6.23, 7.x <7.0.8 - DoS
Aug 07, 2016
CVSS 9.8
EPSS 0.06
CVE-2016-5768 CRITICAL
PHP < 5.5.36 - Double Free in mbstring Extension
Aug 07, 2016
CVSS 9.8
EPSS 0.21
CVE-2016-5114 CRITICAL
PHP < 5.5.31, 5.6.x < 5.6.17, 7.x < 7.0.2 - Denial of Service via Long String in fpm_log.c
Aug 07, 2016
CVSS 9.1
EPSS 0.01
CVE-2016-5096 HIGH
PHP < 5.5.36 and 5.6.x < 5.6.22 - Integer Overflow in fread Function
Aug 07, 2016
CVSS 8.6
EPSS 0.02
CVE-2016-5095 HIGH
PHP < 5.5.36 and 5.6.x < 5.6.22 - Integer Overflow in php_escape_html_entities_ex
Aug 07, 2016
CVSS 8.6
EPSS 0.01
CVE-2016-5094 HIGH
PHP < 5.5.36 and 5.6.x < 5.6.22 - Integer Overflow in php_html_entities
Aug 07, 2016
CVSS 8.6
EPSS 0.02
CVE-2016-5093 HIGH
PHP < 5.5.36, 5.6.x < 5.6.22, 7.x < 7.0.7 - Out-of-bounds Read via locale_get_primary_language
Aug 07, 2016
CVSS 8.6
EPSS 0.02
CVE-2016-3132 CRITICAL
PHP 7.x - Double Free in SplDoublyLinkedList::offsetSet
Aug 07, 2016
CVSS 9.8
EPSS 0.11
CVE-2016-3078 CRITICAL
PHP < 7.0.6 - Integer Overflow in ZipArchive getFromIndex and getFromName
Aug 07, 2016
CVSS 9.8
EPSS 0.48
CVE-2016-6297 HIGH
PHP < 5.5.37 - Denial of Service via Integer Overflow in php_stream_zip_opener
Jul 25, 2016
CVSS 8.8
EPSS 0.06
CVE-2016-6296 CRITICAL
PHP < 5.5.37 - Heap-Based Buffer Overflow via xmlrpc_encode_request
Jul 25, 2016
CVSS 9.8
EPSS 0.13
CVE-2016-6295 CRITICAL
PHP <5.5.38, 5.6.x <5.6.24, 7.x <7.0.9 - Use After Free
Jul 25, 2016
CVSS 9.8
EPSS 0.05
CVE-2016-6294 CRITICAL
PHP <5.5.38, 5.6.x <5.6.24, 7.x <7.0.9 - DoS
Jul 25, 2016
CVSS 9.8
EPSS 0.06
CVE-2016-6292 MEDIUM
PHP < 5.5.38, 5.6.x < 5.6.24, 7.x < 7.0.9 - Denial of Service via EXIF User Comment Processing
Jul 25, 2016
CVSS 6.5
EPSS 0.06
CVE-2016-6291 CRITICAL
PHP <5.5.38, <5.6.24, <7.0.9 - DoS/Info Disclosure
Jul 25, 2016
CVSS 9.8
EPSS 0.07
CVE-2016-6290 CRITICAL
PHP <5.5.38, <5.6.24, <7.0.9 - Use After Free
Jul 25, 2016
CVSS 9.8
EPSS 0.08
CVE-2016-6289 HIGH
PHP < 5.5.37 - Denial of Service via Integer Overflow in ZIP Archive Extraction
Jul 25, 2016
CVSS 7.8
EPSS 0.02
Products
php 723 pear 5 archive_tar 4 frankenphp 2 pearweb 2 php_script_index 2 animated_smiley_generator 1 ar_memberscript 1 blog_cms 1 bloq 1 com_extensions 1 directory_listing_script 1 errordocs 1 ext-http 1 f1_maxs_file_uploader 1 imagick 1 memcached 1 mysql_banner_exchange 1 mysql_extension 1 pear_archive_tar 1 pecl_http 1 php_fi 1 phpsquidpass 1 xhprof 1 xml_rpc 1
Quick Filters
Critical CVEs With Exploits In CISA KEV