Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD787EF75E-44DA-11E5-93AD-002590263BF5
HistoryAug 06, 2015 - 12:00 a.m.

php5 -- multiple vulnerabilities

2015-08-0600:00:00
vuxml.freebsd.org
13

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

0.022 Low

EPSS

Percentile

89.5%

JSON

The PHP project reports:

Core:

Fixed bug #69793 (Remotely triggerable stack exhaustion via
recursive method calls).
Fixed bug #70121 (unserialize() could lead to unexpected methods
execution / NULL pointer deref).

OpenSSL:

Fixed bug #70014 (openssl_random_pseudo_bytes() is not
cryptographically secure).

Phar:

Improved fix for bug #69441.
Fixed bug #70019 (Files extracted from archive may be placed
outside of destination directory).

SOAP:

Fixed bug #70081 (SoapClient info leak / null pointer
dereference via multiple type confusions).

SPL:

Fixed bug #70068 (Dangling pointer in the unserialization of
ArrayObject items).
Fixed bug #70166 (Use After Free Vulnerability in unserialize()
with SPLArrayObject).
Fixed bug #70168 (Use After Free Vulnerability in unserialize()
with SplObjectStorage).
Fixed bug #70169 (Use After Free Vulnerability in unserialize()
with SplDoublyLinkedList).

Related

openvas 16
nessus 22
amazon 3
suse 4
osv 3
debian 1
hackerone 3
ubuntucve 4
cvelist 4
cve 4
prion 4
nvd 4
kaspersky 2
ubuntu 1
veracode 11
redhatcve 1
redhat 1
thn 1
gentoo 1
ibm 1
cloudlinux 1
rosalinux 1
openvas
openvas
PHP Multiple Vulnerabilities - 01 (Mar 2016) - Linux
2016-03-01 00:00:00
PHP Multiple Vulnerabilities - 01 (Mar 2016) - Windows
2016-03-01 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-583)
2015-09-08 00:00:00
nessus
nessus
FreeBSD : php5 -- multiple vulnerabilities (787ef75e-44da-11e5-93ad-002590263bf5)
2015-08-18 00:00:00
PHP 5.4.x < 5.4.44 Multiple Vulnerabilities
2015-08-11 00:00:00
Amazon Linux AMI : php54 (ALAS-2015-583) (BACKRONYM)
2015-08-18 00:00:00
amazon
amazon
Medium: php56
2015-08-17 12:46:00
Medium: php55
2015-08-17 12:41:00
Medium: php54
2015-08-17 12:39:00
suse
suse
Security update for php5 (important)
2015-09-25 11:09:46
Security update for php5 (important)
2015-09-25 15:09:56
Security update for php53 (important)
2015-10-26 15:09:54
osv
osv
php5 - security update
2015-08-27 00:00:00
php5 - security update
2015-11-08 00:00:00
CVE-2016-4473
2017-06-08 20:29:00
debian
debian
[SECURITY] [DLA 341-1] php5 security update
2015-11-08 18:51:20
hackerone
hackerone
Internet Bug Bounty: Dangling pointer in the unserialization of ArrayObject items
2015-07-13 00:00:00
Internet Bug Bounty: Files extracted from archive may be placed outside of destination directory
2015-07-08 00:00:00
Internet Bug Bounty: Multiple Use After Free Vulnerabilites in unserialize()
2015-07-30 00:00:00
ubuntucve
ubuntucve
CVE-2015-6833
2015-08-27 00:00:00
CVE-2015-6832
2015-08-27 00:00:00
CVE-2015-6831
2015-08-27 00:00:00
cvelist
cvelist
CVE-2015-6833
2016-01-19 02:00:00
CVE-2015-6832
2016-01-19 02:00:00
CVE-2015-6831
2016-01-19 02:00:00
cve
cve
CVE-2015-6832
2016-01-19 05:59:03
CVE-2015-6833
2016-01-19 05:59:04
CVE-2015-6831
2016-01-19 05:59:02
prion
prion
Directory traversal
2016-01-19 05:59:00
Design/Logic Flaw
2016-01-19 05:59:00
Design/Logic Flaw
2016-01-19 05:59:00
nvd
nvd
CVE-2015-6832
2016-01-19 05:59:03
CVE-2015-6833
2016-01-19 05:59:04
CVE-2015-6831
2016-01-19 05:59:02
kaspersky
kaspersky
KLA10747 Obsolete PHP version in XAMPP & WAMP
2016-01-19 00:00:00
KLA10746 Multiple vulnerabilities in PHP
2016-01-19 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2015-09-30 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:27:42
Use After Free
2019-05-02 05:27:42
Denial Of Service (DoS)
2019-05-02 05:27:42
redhatcve
redhatcve
CVE-2016-4473
2016-08-22 20:48:41
redhat
redhat
(RHSA-2016:0457) Moderate: rh-php56-php security update
2016-03-15 00:00:00
thn
thn
3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!
2016-12-28 23:45:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2016-06-19 00:00:00
ibm
ibm
Security Bulletin: IBM Tealeaf Customer Experience PCA Web UI PHP security issues
2018-06-16 19:50:01
cloudlinux
cloudlinux
Fix of 227 CVE
2020-10-15 12:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

0.022 Low

EPSS

Percentile

89.5%

JSON
Related for 787EF75E-44DA-11E5-93AD-002590263BF5
openvas16nessus22amazon3suse4osv3debian1hackerone3ubuntucve4cvelist4cve4prion4nvd4kaspersky2ubuntu1veracode11redhatcve1redhat1thn1gentoo1ibm1cloudlinux1rosalinux1