Vulnerabilities > PHP > PHP > 7.1.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-10 | CVE-2017-11145 | Information Exposure vulnerability in PHP In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. | 7.5 |
2017-07-10 | CVE-2017-11144 | Improper Check for Unusual or Exceptional Conditions vulnerability in PHP In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission. | 7.5 |
2017-07-10 | CVE-2017-11142 | Resource Exhaustion vulnerability in PHP In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c. | 7.8 |
2017-05-24 | CVE-2017-9229 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. | 5.0 |
2017-05-24 | CVE-2017-9228 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. | 7.5 |
2017-05-24 | CVE-2017-9227 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. | 7.5 |
2017-05-24 | CVE-2017-9226 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. | 7.5 |
2017-05-24 | CVE-2017-9224 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. | 7.5 |
2017-04-19 | CVE-2017-7963 | Allocation of Resources Without Limits or Throttling vulnerability in PHP The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. | 7.5 |
2017-03-27 | CVE-2017-7272 | Server-Side Request Forgery (SSRF) vulnerability in PHP PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. | 5.8 |