Vulnerabilities > PHP

DATE CVE VULNERABILITY TITLE RISK
2016-05-22 CVE-2016-4537 Improper Input Validation vulnerability in multiple products
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.
network
low complexity
php opensuse fedoraproject CWE-20
critical
9.8
2016-05-22 CVE-2016-4346 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.
network
low complexity
php opensuse CWE-190
critical
9.8
2016-05-22 CVE-2016-4345 Integer Overflow or Wraparound vulnerability in PHP
Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.
network
low complexity
php CWE-190
critical
9.8
2016-05-22 CVE-2016-4344 Integer Overflow or Wraparound vulnerability in PHP
Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argument to the utf8_encode function, leading to a heap-based buffer overflow.
network
low complexity
php CWE-190
critical
9.8
2016-05-22 CVE-2016-4343 Access of Uninitialized Pointer vulnerability in multiple products
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.
network
low complexity
php opensuse CWE-824
8.8
2016-05-22 CVE-2016-4342 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.
network
low complexity
opensuse php CWE-119
8.8
2016-05-22 CVE-2015-8880 Double Free vulnerability in PHP 7.0.0
Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error.
network
low complexity
php CWE-415
critical
9.8
2016-05-22 CVE-2015-8879 Improper Input Validation vulnerability in PHP
The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.
network
low complexity
php CWE-20
7.5
2016-05-22 CVE-2015-8878 Race Condition vulnerability in PHP
main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that performs many temporary-file accesses.
network
high complexity
php CWE-362
5.9
2016-05-22 CVE-2015-8877 Resource Management Errors vulnerability in multiple products
The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted call, as demonstrated by a call to the PHP imagescale function.
network
low complexity
libgd php CWE-399
7.5