Vulnerabilities > PHP > PHP > 5.6.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-10 | CVE-2017-11142 | Resource Exhaustion vulnerability in PHP In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c. | 7.8 |
2017-07-10 | CVE-2016-10397 | Improper Input Validation vulnerability in PHP In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:[email protected]/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c). | 7.5 |
2017-06-08 | CVE-2016-4473 | Use After Free vulnerability in multiple products /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. | 7.5 |
2017-05-24 | CVE-2017-9229 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. | 5.0 |
2017-05-24 | CVE-2017-9228 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. | 7.5 |
2017-05-24 | CVE-2017-9227 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. | 7.5 |
2017-05-24 | CVE-2017-9226 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. | 7.5 |
2017-05-24 | CVE-2017-9224 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. | 7.5 |
2017-04-21 | CVE-2016-5399 | Out-of-bounds Write vulnerability in PHP The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive. | 7.8 |
2017-04-19 | CVE-2017-7963 | Allocation of Resources Without Limits or Throttling vulnerability in PHP The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. | 7.5 |