Vulnerabilities > PHP > PHP > 7.0.12

DATE CVE VULNERABILITY TITLE RISK
2017-05-24 CVE-2017-9224 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5.
network
low complexity
oniguruma-project php CWE-125
7.5
2017-04-19 CVE-2017-7963 Allocation of Resources Without Limits or Throttling vulnerability in PHP
The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings.
network
low complexity
php CWE-770
7.5
2017-03-27 CVE-2017-7272 Server-Side Request Forgery (SSRF) vulnerability in PHP
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained.
network
php CWE-918
5.8
2017-03-02 CVE-2015-8994 Permissions, Privileges, and Access Controls vulnerability in PHP
An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled.
network
php CWE-264
6.8
2017-01-24 CVE-2016-10162 NULL Pointer Dereference vulnerability in PHP
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.
network
low complexity
php CWE-476
5.0
2017-01-24 CVE-2016-10161 Out-of-bounds Read vulnerability in PHP
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.
network
low complexity
php CWE-125
5.0
2017-01-24 CVE-2016-10160 Off-by-one Error vulnerability in multiple products
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.
network
low complexity
php netapp debian CWE-193
7.5
2017-01-24 CVE-2016-10159 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.
network
low complexity
php debian CWE-190
5.0
2017-01-24 CVE-2016-10158 Numeric Errors vulnerability in PHP
The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.
network
low complexity
php CWE-189
5.0
2017-01-12 CVE-2016-7479 Use After Free vulnerability in PHP
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free.
network
low complexity
php CWE-416
7.5