| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2014-9426 |
17 |
|
DoS Mem. Corr. |
2014-12-31 |
2015-03-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
** DISPUTED ** The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable. |
|
2 |
CVE-2014-9425 |
|
|
DoS |
2014-12-31 |
2022-08-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
|
3 |
CVE-2014-8626 |
119 |
|
DoS Exec Code Overflow |
2014-11-23 |
2015-04-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding. |
|
4 |
CVE-2014-8142 |
|
|
Exec Code |
2014-12-20 |
2016-12-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019. |
|
5 |
CVE-2014-5459 |
59 |
|
|
2014-09-27 |
2021-03-29 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. |
|
6 |
CVE-2014-5120 |
20 |
|
|
2014-08-23 |
2016-10-26 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function. |
|
7 |
CVE-2014-4721 |
200 |
|
+Info |
2014-07-06 |
2023-01-19 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php. |
|
8 |
CVE-2014-4698 |
|
|
DoS |
2014-07-10 |
2023-01-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. |
|
9 |
CVE-2014-4670 |
|
|
DoS |
2014-07-10 |
2017-01-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. |
|
10 |
CVE-2014-4049 |
119 |
|
DoS Exec Code Overflow |
2014-06-18 |
2022-08-29 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function. |
|
11 |
CVE-2014-3981 |
59 |
|
|
2014-06-08 |
2023-01-19 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. |
|
12 |
CVE-2014-3710 |
20 |
|
DoS |
2014-11-05 |
2022-11-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. |
|
13 |
CVE-2014-3670 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2014-10-29 |
2016-10-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function. |
|
14 |
CVE-2014-3669 |
189 |
|
DoS Exec Code Overflow |
2014-10-29 |
2017-01-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value. |
|
15 |
CVE-2014-3668 |
119 |
|
DoS Overflow |
2014-10-29 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation. |
|
16 |
CVE-2014-3597 |
119 |
|
DoS Exec Code Overflow |
2014-08-23 |
2017-01-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049. |
|
17 |
CVE-2014-3587 |
189 |
|
DoS Overflow |
2014-08-23 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571. |
|
18 |
CVE-2014-3538 |
399 |
|
DoS |
2014-07-03 |
2023-01-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345. |
|
19 |
CVE-2014-3515 |
|
|
Exec Code |
2014-07-09 |
2022-11-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage. |
|
20 |
CVE-2014-3487 |
20 |
|
DoS |
2014-07-09 |
2022-10-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. |
|
21 |
CVE-2014-3480 |
|
|
DoS |
2014-07-09 |
2022-10-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. |
|
22 |
CVE-2014-3479 |
|
|
DoS |
2014-07-09 |
2022-10-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. |
|
23 |
CVE-2014-3478 |
119 |
|
DoS Overflow |
2014-07-09 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion. |
|
24 |
CVE-2014-2497 |
476 |
|
DoS |
2014-03-21 |
2022-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. |
|
25 |
CVE-2014-2270 |
119 |
|
DoS Overflow |
2014-03-14 |
2022-10-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. |
|
26 |
CVE-2014-2020 |
189 |
|
+Info |
2014-02-18 |
2014-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226. |
|
27 |
CVE-2014-1943 |
755 |
|
DoS |
2014-02-18 |
2022-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file. |
|
28 |
CVE-2014-0238 |
119 |
|
DoS Overflow |
2014-06-01 |
2022-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long. |
|
29 |
CVE-2014-0237 |
399 |
|
DoS |
2014-06-01 |
2023-01-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. |
|
30 |
CVE-2014-0207 |
119 |
|
DoS Overflow |
2014-07-09 |
2022-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. |
|
31 |
CVE-2014-0185 |
269 |
|
+Priv |
2014-05-06 |
2022-08-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client. |
|
32 |
CVE-2013-7345 |
|
|
DoS |
2014-03-24 |
2022-10-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters. |
|
33 |
CVE-2013-7328 |
189 |
|
DoS +Info |
2014-02-18 |
2014-03-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a different vulnerability than CVE-2013-7226. |
|
34 |
CVE-2013-7327 |
20 |
|
DoS |
2014-02-18 |
2016-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226. |
|
35 |
CVE-2013-7226 |
189 |
|
DoS Overflow |
2014-02-18 |
2017-08-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer overflow. |
|
36 |
CVE-2012-1171 |
200 |
|
Bypass +Info |
2014-02-15 |
2014-02-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper. |
