Filtered by vendor Php
Subscribe
Total
737 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-7479 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. | |||||
CVE-2016-7478 | 1 Php | 1 Php | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. | |||||
CVE-2016-7418 | 1 Php | 1 Php | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. | |||||
CVE-2016-7417 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data. | |||||
CVE-2016-7416 | 1 Php | 1 Php | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument. | |||||
CVE-2016-7414 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c. | |||||
CVE-2016-7413 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call. | |||||
CVE-2016-7412 | 1 Php | 1 Php | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata. | |||||
CVE-2016-7411 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object. | |||||
CVE-2016-7405 | 3 Adodb Project, Fedoraproject, Php | 3 Adodb, Fedora, Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. | |||||
CVE-2016-7398 | 1 Php | 1 Ext-http | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP requests. | |||||
CVE-2016-7134 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overflow) or possibly have unspecified other impact via a long string that is mishandled in a curl_escape call. | |||||
CVE-2016-7133 | 1 Php | 1 Php | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname. | |||||
CVE-2016-7132 | 1 Php | 1 Php | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing. | |||||
CVE-2016-7131 | 1 Php | 1 Php | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character. | |||||
CVE-2016-7130 | 1 Php | 1 Php | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document. | |||||
CVE-2016-7129 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deserialize call that mishandles a dateTime element in a wddxPacket XML document. | |||||
CVE-2016-7128 | 1 Php | 1 Php | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image. | |||||
CVE-2016-7127 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments. | |||||
CVE-2016-7126 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have unspecified other impact via a large value in the third argument. |