Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2014-9709 | 5.0 |
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperl
|
09-11-2022 - 03:04 | 30-03-2015 - 10:59 | |
CVE-2015-1352 | 5.0 |
The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and applicat
|
05-11-2022 - 02:10 | 30-03-2015 - 10:59 | |
CVE-2015-2305 | 6.8 |
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary co
|
16-08-2022 - 13:29 | 30-03-2015 - 10:59 | |
CVE-2015-2301 | 7.5 |
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an a
|
16-08-2022 - 13:28 | 30-03-2015 - 10:59 | |
CVE-2015-1351 | 7.5 |
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
04-08-2022 - 15:46 | 30-03-2015 - 10:59 | |
CVE-2015-2787 | 7.5 |
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call th
|
30-10-2018 - 16:27 | 30-03-2015 - 10:59 | |
CVE-2015-2348 | 5.0 |
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extens
|
30-10-2018 - 16:27 | 30-03-2015 - 10:59 | |
CVE-2015-4147 | 7.5 |
The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serial
|
05-01-2018 - 02:30 | 09-06-2015 - 18:59 | |
CVE-2015-4148 | 5.0 |
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted seria
|
05-01-2018 - 02:30 | 09-06-2015 - 18:59 | |
CVE-2014-9705 | 7.5 |
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of m
|
05-01-2018 - 02:29 | 30-03-2015 - 10:59 | |
CVE-2015-0232 | 6.8 |
The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) v
|
05-01-2018 - 02:29 | 27-01-2015 - 20:04 | |
CVE-2015-0273 | 7.5 |
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier
|
05-01-2018 - 02:29 | 30-03-2015 - 10:59 | |
CVE-2014-9652 | 5.0 |
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version
|
01-07-2017 - 01:29 | 30-03-2015 - 10:59 | |
CVE-2014-8142 | 7.5 |
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call th
|
31-12-2016 - 02:59 | 20-12-2014 - 11:59 | |
CVE-2014-9427 | 7.5 |
sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins wit
|
31-12-2016 - 02:59 | 03-01-2015 - 02:59 | |
CVE-2015-0231 | 7.5 |
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call th
|
31-12-2016 - 02:59 | 27-01-2015 - 20:03 |