Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Php
(Php)Repositories |
• https://github.com/php/php-src
• https://github.com/file/file • https://github.com/kkos/oniguruma • https://github.com/libgd/libgd • https://github.com/mysql/mysql-server |
#Vulnerabilities | 683 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2015-12-02 | CVE-2015-8383 | PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | Fedora, Perl_compatible_regular_expression_library, Php | 9.8 | ||
2015-12-02 | CVE-2015-8386 | PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | Fedora, Linux, Perl_compatible_regular_expression_library, Php | 9.8 | ||
2015-12-02 | CVE-2015-8387 | PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | Fedora, Perl_compatible_regular_expression_library, Php | 7.3 | ||
2015-12-02 | CVE-2015-8389 | PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | Fedora, Perl_compatible_regular_expression_library, Php | 9.8 | ||
2015-12-02 | CVE-2015-8390 | PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | Fedora, Perl_compatible_regular_expression_library, Php | 9.8 | ||
2015-12-02 | CVE-2015-8391 | The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | Fedora, Linux, Pcre, Php, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 9.8 | ||
2015-12-02 | CVE-2015-8393 | pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. | Fedora, Perl_compatible_regular_expression_library, Php | 7.5 | ||
2021-11-29 | CVE-2021-21707 | In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended. | Debian_linux, Clustered_data_ontap, Php, Tenable\.sc | 5.3 | ||
2007-06-04 | CVE-2007-2872 | Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments. | Php | N/A | ||
2008-05-05 | CVE-2008-2050 | Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors. | Php | N/A |