Vulnerabilities > PHP > PHP > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-02 | CVE-2015-8994 | Permissions, Privileges, and Access Controls vulnerability in PHP An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. | 6.8 |
2017-01-24 | CVE-2016-10162 | NULL Pointer Dereference vulnerability in PHP The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. | 5.0 |
2017-01-24 | CVE-2016-10161 | Out-of-bounds Read vulnerability in PHP The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. | 5.0 |
2017-01-24 | CVE-2016-10159 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. | 5.0 |
2017-01-24 | CVE-2016-10158 | Numeric Errors vulnerability in PHP The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. | 5.0 |
2017-01-11 | CVE-2016-7478 | Remote Denial Of Service vulnerability in PHP Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. | 5.0 |
2017-01-04 | CVE-2016-9934 | NULL Pointer Dereference vulnerability in PHP ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. | 5.0 |
2017-01-04 | CVE-2016-9933 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libgd 2.2.1 Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. | 5.0 |
2016-09-17 | CVE-2016-7418 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. | 5.0 |
2016-09-17 | CVE-2016-7416 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument. | 5.0 |