CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-8923 – Ubuntu Security Notice USN-5300-3
https://notcve.org/view.php?id=CVE-2017-8923
12 May 2017 — The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. La función zend_string_extend en el archivo Zend/zend_string.h en PHP hasta de la versión 7.1.5 no impide cambios en los objetos de cadena que resultan en una longitud negativa, lo que... • http://www.securityfocus.com/bid/98518 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7963
https://notcve.org/view.php?id=CVE-2017-7963
19 Apr 2017 — The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior. ** DISP... • https://bugs.php.net/bug.php?id=74308 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7272
https://notcve.org/view.php?id=CVE-2017-7272
27 Mar 2017 — PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function. PHP hasta la versión 7.1.11 podría permitir SSRF en aplicaciones que aceptan un argumento de nombre de host fsockopen o pfsockopen con la expectativa de que... • http://www.securityfocus.com/bid/97178 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2CVE-2015-8994 – Ubuntu Security Notice USN-3382-1
https://notcve.org/view.php?id=CVE-2015-8994
02 Mar 2017 — An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM d... • http://marc.info/?l=php-internals&m=147876797317925&w=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 8%CPEs: 4EXPL: 0CVE-2016-10159 – php: Integer overflow in phar_parse_pharfile
https://notcve.org/view.php?id=CVE-2016-10159
24 Jan 2017 — Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. Desbordamiento de entero en la función phar_parse_pharfile en ext/phar/phar.c en PHP en versiones anteriores a 5.6.30 y 7.0.x en versiones anteriores a 7.0.15 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria o caída... • http://php.net/ChangeLog-5.php • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 4%CPEs: 17EXPL: 0CVE-2016-10161 – php: Out-of-bounds heap read on unserialize in finish_nested_data()
https://notcve.org/view.php?id=CVE-2016-10161
24 Jan 2017 — The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. La función object_common1 en ext/standard/var_unserializer.c en PHP en versiones anteriores a 5.6.30, 7.0.x en versiones anteriores a 7.0.15 y 7.1.x en versiones anteriores a 7.1.1 permite a atacantes remotos pro... • http://php.net/ChangeLog-5.php • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 5%CPEs: 17EXPL: 0CVE-2016-10158 – php: Wrong calculation in exif_convert_any_to_int function
https://notcve.org/view.php?id=CVE-2016-10158
24 Jan 2017 — The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. La función exif_convert_any_to_int en ext/exif/exif.c en PHP en versiones anteriores a 5.6.30, 7.0.x en versiones anteriores a 7.0.15, y 7.1.x en versiones anteriores a 7.1.1 permite a atacantes remotos provoca... • http://php.net/ChangeLog-5.php • CWE-189: Numeric Errors CWE-682: Incorrect Calculation •
CVSS: 7.5EPSS: 9%CPEs: 202EXPL: 1CVE-2016-7478 – Ubuntu Security Notice USN-3196-1
https://notcve.org/view.php?id=CVE-2016-7478
11 Jan 2017 — Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. cccZend/zend_exceptions.c en PHP, posiblemente en 5.x en versiones anteriores a 5.6.28 y 7.x en versiones anteriores a 7.0.13, permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un objeto Exception manipulado en datos serializados, un ... • http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7 •
CVSS: 9.8EPSS: 1%CPEs: 62EXPL: 0CVE-2014-9912 – Ubuntu Security Notice USN-3196-1
https://notcve.org/view.php?id=CVE-2014-9912
04 Jan 2017 — The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a locale_get_display_name call with a long first argument. La función get_icu_disp_value_src_php en ext/intl/locale/locale_methods.c en PHP en versiones anteriores a 5.3.29, 5.4.... • http://www.openwall.com/lists/oss-security/2016/11/25/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2016-9138
https://notcve.org/view.php?id=CVE-2016-9138
04 Jan 2017 — PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup. PHP hasta la versión 5.6.27 y 7.x hasta la versión 7.0.12 no maneja adecuadamente la modificación de propiedades durante el procesamiento de __wakeup, lo que permite a atacantes remotos provocar una denegación... • http://www.openwall.com/lists/oss-security/2016/11/01/2 • CWE-416: Use After Free •