Max CVSS 7.8 Min CVSS 5.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2017-11147 6.4
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile fu
03-10-2019 - 00:03 10-07-2017 - 14:29
CVE-2017-11143 5.0
In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wdd
04-05-2018 - 01:29 10-07-2017 - 14:29
CVE-2017-11145 5.0
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/p
04-05-2018 - 01:29 10-07-2017 - 14:29
CVE-2017-11144 5.0
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation c
04-05-2018 - 01:29 10-07-2017 - 14:29
CVE-2017-11142 7.8
In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c.
14-01-2018 - 02:29 10-07-2017 - 14:29
CVE-2016-10397 5.0
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.c
14-01-2018 - 02:29 10-07-2017 - 14:29
Back to Top Mark selected
Back to Top