Vulnerabilities > PHP > PHP > 5.6.39
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-27 | CVE-2019-6977 | Out-of-bounds Write vulnerability in multiple products gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. | 8.8 |
| 2018-11-20 | CVE-2018-19396 | Deserialization of Untrusted Data vulnerability in PHP ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class. | 5.0 |
| 2018-11-20 | CVE-2018-19395 | NULL Pointer Dereference vulnerability in PHP ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell"). | 5.0 |
| 2018-02-19 | CVE-2015-9253 | Resource Exhaustion vulnerability in PHP An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. | 6.8 |
| 2017-04-19 | CVE-2017-7963 | Allocation of Resources Without Limits or Throttling vulnerability in PHP The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. | 7.5 |
| 2017-03-27 | CVE-2017-7272 | Server-Side Request Forgery (SSRF) vulnerability in PHP PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. | 5.8 |