Vulnerabilities > PHP > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-10 CVE-2017-11143 Deserialization of Untrusted Data vulnerability in PHP
In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c.
network
low complexity
php CWE-502
7.5
7.5
2017-07-10 CVE-2017-11142 Resource Exhaustion vulnerability in PHP
In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.
network
low complexity
php CWE-400
7.8
7.8
2017-07-10 CVE-2016-10397 Improper Input Validation vulnerability in PHP
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:[email protected]/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext/standard/url.c).
network
low complexity
php CWE-20
7.5
7.5
2017-06-08 CVE-2016-4473 Use After Free vulnerability in multiple products
/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code.
network
low complexity
php suse CWE-416
7.5
7.5
2017-05-24 CVE-2017-9228 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5.
network
low complexity
oniguruma-project php CWE-787
7.5
7.5
2017-05-24 CVE-2017-9227 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5.
network
low complexity
oniguruma-project php CWE-125
7.5
7.5
2017-05-24 CVE-2017-9226 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5.
network
low complexity
oniguruma-project php CWE-787
7.5
7.5
2017-05-24 CVE-2017-9225 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5.
network
low complexity
oniguruma-project php ruby-lang CWE-787
7.5
7.5
2017-05-24 CVE-2017-9224 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5.
network
low complexity
oniguruma-project php CWE-125
7.5
7.5
2017-05-21 CVE-2017-9119 Resource Exhaustion vulnerability in multiple products
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data structures.
network
low complexity
php netapp CWE-400
7.5
7.5