Total
706 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-7134 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call. | |||||
CVE-2016-7133 | 1 Php | 1 Php | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname. | |||||
CVE-2016-7132 | 1 Php | 1 Php | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing. | |||||
CVE-2016-7131 | 1 Php | 1 Php | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character. | |||||
CVE-2016-7130 | 1 Php | 1 Php | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document. | |||||
CVE-2016-7129 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document. | |||||
CVE-2016-7128 | 1 Php | 1 Php | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image. | |||||
CVE-2016-7127 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments. | |||||
CVE-2016-7126 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument. | |||||
CVE-2016-7125 | 1 Php | 1 Php | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection. | |||||
CVE-2016-7124 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call. | |||||
CVE-2016-6297 | 1 Php | 1 Php | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip:// URL. | |||||
CVE-2016-6296 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function. | |||||
CVE-2016-6295 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773. | |||||
CVE-2016-6294 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long argument. | |||||
CVE-2016-6292 | 1 Php | 1 Php | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image. | |||||
CVE-2016-6291 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have unspecified other impact via a crafted JPEG image. | |||||
CVE-2016-6290 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization. | |||||
CVE-2016-6289 | 1 Php | 1 Php | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation on a ZIP archive. | |||||
CVE-2016-6288 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type. |