Vulnerabilities > PHP > PHP > 5.4.14

DATE CVE VULNERABILITY TITLE RISK
2014-05-06 CVE-2014-0185 Improper Privilege Management vulnerability in PHP
sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.
local
low complexity
php CWE-269
7.2
7.2
2014-02-18 CVE-2014-2020 Numeric Errors vulnerability in PHP
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.
network
low complexity
php CWE-189
5.0
5.0
2014-02-15 CVE-2012-1171 Information Exposure vulnerability in PHP
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.
network
low complexity
php CWE-200
5.0
5.0
2013-06-21 CVE-2013-4636 Improper Input Validation vulnerability in PHP
The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object.
network
php CWE-20
4.3
4.3
2013-06-21 CVE-2013-4635 Numeric Errors vulnerability in PHP
Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function.
network
low complexity
php CWE-189
5.0
5.0
2013-06-21 CVE-2013-2110 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP
Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function.
network
low complexity
php CWE-119
5.0
5.0