Vulnerabilities > PHP > PHP > 7.2.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-29 | CVE-2018-10547 | Cross-site Scripting vulnerability in PHP An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. | 4.3 |
2018-04-29 | CVE-2018-10546 | Infinite Loop vulnerability in PHP An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. | 5.0 |
2018-04-29 | CVE-2018-10545 | Information Exposure vulnerability in PHP An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. | 1.9 |
2018-03-01 | CVE-2018-7584 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. | 7.5 |
2018-02-19 | CVE-2015-9253 | Resource Exhaustion vulnerability in PHP An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. | 6.8 |
2018-01-16 | CVE-2018-5712 | Cross-site Scripting vulnerability in PHP An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. | 4.3 |
2018-01-16 | CVE-2018-5711 | Infinite Loop vulnerability in multiple products gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. | 5.5 |
2016-05-22 | CVE-2015-8866 | XXE vulnerability in multiple products ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161. | 9.6 |