PHP 5.4.39
Approved changes feed: RSS · Atom
cpe:2.3:a:php:php:5.4.39:*:*:*:*:*:*:*
part: a version: 5.4.39 update: *
| Vendor | Php (9aec2613-7a27-5ce5-8ac7-140851d8da4c) |
|---|---|
| Product | Php (38640b93-5029-5cca-a025-ab7d01c98b51) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/php/php-src |
purl2cpe | 2026-06-01 10:17:42.512801 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2016-7478 |
vulnerable | 2026-06-03 14:36:07.931422 |
Details available
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
Published: 2017-01-11T06:02:00.000Z
Updated: 2024-08-06T01:57:47.681Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-4026 |
vulnerable | 2026-06-03 14:34:51.004360 |
Details available
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
Published: 2015-06-09T18:00:00.000Z
Updated: 2024-08-06T06:04:02.379Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-4025 |
vulnerable | 2026-06-03 14:34:51.002413 |
Details available
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
Published: 2015-06-09T18:00:00.000Z
Updated: 2024-08-06T06:04:02.539Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-4024 |
vulnerable | 2026-06-03 14:34:51.000506 |
Details available
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.
Published: 2015-06-09T18:00:00.000Z
Updated: 2024-08-06T06:04:02.812Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-4022 |
vulnerable | 2026-06-03 14:34:50.998554 |
Details available
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.
Published: 2015-06-09T18:00:00.000Z
Updated: 2024-08-06T06:04:02.660Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-4021 |
vulnerable | 2026-06-03 14:34:50.990600 |
Details available
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.
Published: 2015-06-09T18:00:00.000Z
Updated: 2024-08-06T06:04:02.980Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.