The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.
|27897||Ubuntu 5.04 / 5.10 / 6.06 LTS : php4, php5 vulnerabilities (USN-320-1)||Nessus||Ubuntu Local Security Checks|
|22268||PHP < 4.4.3 / 5.1.4 Multiple Vulnerabilities||Nessus||CGI abuses|
|21897||CentOS 3 / 4 : php (CESA-2006:0276)||Nessus||CentOS Local Security Checks|
|21350||GLSA-200605-08 : PHP: Multiple vulnerabilities||Nessus||Gentoo Local Security Checks|
|21287||RHEL 3 / 4 : php (RHSA-2006:0276)||Nessus||Red Hat Local Security Checks|
|21178||Mandrake Linux Security Advisory : php (MDKSA-2006:063)||Nessus||Mandriva Local Security Checks|