CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 1CVE-2017-8923 – Ubuntu Security Notice USN-5300-3
https://notcve.org/view.php?id=CVE-2017-8923
12 May 2017 — The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string. La función zend_string_extend en el archivo Zend/zend_string.h en PHP hasta de la versión 7.1.5 no impide cambios en los objetos de cadena que resultan en una longitud negativa, lo que... • http://www.securityfocus.com/bid/98518 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7963
https://notcve.org/view.php?id=CVE-2017-7963
19 Apr 2017 — The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service (memory consumption and application crash) via operations on long strings. NOTE: the vendor disputes this, stating "There is no security issue here, because GMP safely aborts in case of an OOM condition. The only attack vector here is denial of service. However, if you allow attacker-controlled, unbounded allocations you have a DoS vector regardless of GMP's OOM behavior. ** DISP... • https://bugs.php.net/bug.php?id=74308 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6441
https://notcve.org/view.php?id=CVE-2017-6441
03 Apr 2017 — The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only. ** EN DISPUTA ** El _zval_get_long_func_ex en Zend/zend_operators.c en PHP 7.1.2 permite a atacantes provocar una denegación de... • https://bugs.php.net/bug.php?id=74146 • CWE-476: NULL Pointer Dereference •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7272
https://notcve.org/view.php?id=CVE-2017-7272
27 Mar 2017 — PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function. PHP hasta la versión 7.1.11 podría permitir SSRF en aplicaciones que aceptan un argumento de nombre de host fsockopen o pfsockopen con la expectativa de que... • http://www.securityfocus.com/bid/97178 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 2CVE-2015-8994 – Ubuntu Security Notice USN-3382-1
https://notcve.org/view.php?id=CVE-2015-8994
02 Mar 2017 — An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM d... • http://marc.info/?l=php-internals&m=147876797317925&w=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 8%CPEs: 17EXPL: 0CVE-2016-10158 – php: Wrong calculation in exif_convert_any_to_int function
https://notcve.org/view.php?id=CVE-2016-10158
24 Jan 2017 — The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. La función exif_convert_any_to_int en ext/exif/exif.c en PHP en versiones anteriores a 5.6.30, 7.0.x en versiones anteriores a 7.0.15, y 7.1.x en versiones anteriores a 7.1.1 permite a atacantes remotos provoca... • http://php.net/ChangeLog-5.php • CWE-189: Numeric Errors CWE-682: Incorrect Calculation •
CVSS: 7.5EPSS: 20%CPEs: 4EXPL: 0CVE-2016-10159 – php: Integer overflow in phar_parse_pharfile
https://notcve.org/view.php?id=CVE-2016-10159
24 Jan 2017 — Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. Desbordamiento de entero en la función phar_parse_pharfile en ext/phar/phar.c en PHP en versiones anteriores a 5.6.30 y 7.0.x en versiones anteriores a 7.0.15 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria o caída... • http://php.net/ChangeLog-5.php • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 10%CPEs: 5EXPL: 0CVE-2016-10160 – php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive
https://notcve.org/view.php?id=CVE-2016-10160
24 Jan 2017 — Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. Error por un paso en la función phar_parse_pharfile en ext/phar/phar.c en PHP en versiones anteriores a 5.6.30 y 7.0.x en versiones anteriores a 7.0.15 permite a atacantes remotos provocar una denegación de servicio (corrupción de memor... • http://php.net/ChangeLog-5.php • CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 25%CPEs: 17EXPL: 0CVE-2016-10161 – php: Out-of-bounds heap read on unserialize in finish_nested_data()
https://notcve.org/view.php?id=CVE-2016-10161
24 Jan 2017 — The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. La función object_common1 en ext/standard/var_unserializer.c en PHP en versiones anteriores a 5.6.30, 7.0.x en versiones anteriores a 7.0.15 y 7.1.x en versiones anteriores a 7.1.1 permite a atacantes remotos pro... • http://php.net/ChangeLog-5.php • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 16EXPL: 0CVE-2016-10162 – php: Null pointer dereference when unserializing PHP object
https://notcve.org/view.php?id=CVE-2016-10162
24 Jan 2017 — The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. La función php_wddx_pop_element en ext/wddx/wddx.c en PHP 7.0.x en versiones anteriores a 7.0.15 y 7.1.x en versiones anteriores a 7.1.1 permite a atacantes remotos provocar una denegación de ser... • http://php.net/ChangeLog-7.php • CWE-476: NULL Pointer Dereference •