Vulnerabilities > PHP > PHP > 5.6.8

DATE CVE VULNERABILITY TITLE RISK
2017-07-10 CVE-2017-11142 Resource Exhaustion vulnerability in PHP
In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.
network
low complexity
php CWE-400
7.8
7.8
2017-07-10 CVE-2016-10397 Improper Input Validation vulnerability in PHP
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:[email protected]/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).
network
low complexity
php CWE-20
7.5
7.5
2017-06-08 CVE-2016-4473 Use After Free vulnerability in multiple products
/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code.
network
low complexity
php suse CWE-416
7.5
7.5
2017-05-24 CVE-2017-9229 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5.
network
low complexity
oniguruma-project ruby-lang php CWE-476
5.0
5.0
2017-05-24 CVE-2017-9228 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5.
network
low complexity
oniguruma-project php CWE-787
7.5
7.5
2017-05-24 CVE-2017-9227 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5.
network
low complexity
oniguruma-project php CWE-125
7.5
7.5
2017-05-24 CVE-2017-9226 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5.
network
low complexity
oniguruma-project php CWE-787
7.5
7.5
2017-05-24 CVE-2017-9224 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5.
network
low complexity
oniguruma-project php CWE-125
7.5
7.5
2017-04-21 CVE-2016-5399 Out-of-bounds Write vulnerability in PHP
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
local
low complexity
php CWE-787
7.8
7.8
2017-04-19 CVE-2017-7963 Allocation of Resources Without Limits or Throttling vulnerability in PHP
The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings.
network
low complexity
php CWE-770
7.5
7.5