Vulnerabilities > PHP > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-03 CVE-2018-14884 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1.
network
low complexity
php netapp CWE-476
7.5
7.5
2018-08-03 CVE-2018-14883 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8.
network
low complexity
php canonical debian netapp CWE-190
7.5
7.5
2018-08-02 CVE-2017-9118 Out-of-bounds Read vulnerability in multiple products
PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
network
low complexity
php netapp CWE-125
7.5
7.5
2018-04-29 CVE-2018-10549 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5.
network
low complexity
php canonical debian netapp CWE-125
8.8
8.8
2018-04-29 CVE-2018-10548 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5.
network
low complexity
php canonical debian netapp CWE-476
7.5
7.5
2018-04-29 CVE-2018-10546 Infinite Loop vulnerability in multiple products
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5.
network
low complexity
php canonical debian netapp CWE-835
7.5
7.5
2018-02-09 CVE-2016-10712 Improper Input Validation vulnerability in multiple products
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads).
network
low complexity
php canonical CWE-20
7.5
7.5
2017-11-07 CVE-2017-16642 Out-of-bounds Read vulnerability in multiple products
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function.
network
low complexity
php debian canonical netapp CWE-125
7.5
7.5
2017-08-18 CVE-2017-12934 Use After Free vulnerability in PHP
ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h.
network
low complexity
php CWE-416
7.5
7.5
2017-07-25 CVE-2017-11628 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code.
local
low complexity
php CWE-119
7.8
7.8