Vulnerabilities > PHP > PHP > 5.6.40

DATE CVE VULNERABILITY TITLE RISK
2022-09-28 CVE-2022-31628 Infinite Loop vulnerability in multiple products
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
local
low complexity
php fedoraproject debian CWE-835
5.5
5.5
2022-09-28 CVE-2022-31629 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
network
low complexity
php fedoraproject debian
6.5
6.5
2019-03-09 CVE-2019-9641 Use of Uninitialized Resource vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp CWE-908
7.5
7.5
2019-03-09 CVE-2019-9639 Missing Initialization of Resource vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp redhat CWE-909
5.0
5.0
2019-03-09 CVE-2019-9638 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp redhat CWE-125
5.0
5.0
2019-03-09 CVE-2019-9637 Permissions, Privileges, and Access Controls vulnerability in PHP
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3.
network
low complexity
php debian canonical opensuse netapp CWE-264
5.0
5.0
2018-11-20 CVE-2018-19396 Deserialization of Untrusted Data vulnerability in PHP
ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.
network
low complexity
php CWE-502
5.0
5.0
2018-11-20 CVE-2018-19395 NULL Pointer Dereference vulnerability in PHP
ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell").
network
low complexity
php CWE-476
5.0
5.0
2018-02-19 CVE-2015-9253 Resource Exhaustion vulnerability in PHP
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20.
network
low complexity
php CWE-400
6.8
6.8
2017-04-19 CVE-2017-7963 Allocation of Resources Without Limits or Throttling vulnerability in PHP
The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings.
network
low complexity
php CWE-770
7.5
7.5