Vulnerabilities > PHP > PHP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-29 | CVE-2018-10546 | Infinite Loop vulnerability in PHP An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. | 5.0 |
| 2018-02-19 | CVE-2015-9253 | Resource Exhaustion vulnerability in PHP An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. | 6.8 |
| 2018-01-16 | CVE-2018-5712 | Cross-site Scripting vulnerability in PHP An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. | 4.3 |
| 2018-01-16 | CVE-2018-5711 | Infinite Loop vulnerability in multiple products gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. | 5.5 |
| 2017-11-07 | CVE-2017-16642 | Out-of-bounds Read vulnerability in PHP In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. | 5.0 |
| 2017-08-18 | CVE-2017-12934 | Use After Free vulnerability in PHP ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. | 5.0 |
| 2017-08-02 | CVE-2017-7890 | Information Exposure vulnerability in PHP The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. | 4.3 |
| 2017-05-24 | CVE-2017-9229 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. | 5.0 |
| 2017-05-18 | CVE-2017-9067 | Path Traversal vulnerability in multiple products In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal. | 4.4 |
| 2017-03-27 | CVE-2017-7272 | Server-Side Request Forgery (SSRF) vulnerability in PHP PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. | 5.8 |