Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-4070 | 5.0 |
Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode f
|
06-08-2024 - 01:15 | 20-05-2016 - 11:00 | |
CVE-2015-3210 | 7.5 |
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerabi
|
20-12-2023 - 18:28 | 13-12-2016 - 16:59 | |
CVE-2015-8391 | 9.0 |
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as
|
16-02-2023 - 14:15 | 02-12-2015 - 01:59 | |
CVE-2015-8386 | 7.5 |
PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expr
|
16-02-2023 - 14:15 | 02-12-2015 - 01:59 | |
CVE-2015-8383 | 7.5 |
PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript
|
16-02-2023 - 14:15 | 02-12-2015 - 01:59 | |
CVE-2016-5399 | 6.8 |
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
|
12-02-2023 - 23:23 | 21-04-2017 - 20:59 | |
CVE-2015-8873 | 5.0 |
Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.
|
05-11-2022 - 02:08 | 16-05-2016 - 10:59 | |
CVE-2015-8879 | 5.0 |
The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging us
|
29-08-2022 - 20:43 | 22-05-2016 - 01:59 | |
CVE-2016-6207 | 4.3 |
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vecto
|
29-08-2022 - 20:04 | 12-08-2016 - 15:59 | |
CVE-2016-3074 | 7.5 |
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflo
|
20-07-2022 - 16:57 | 26-04-2016 - 14:59 | |
CVE-2016-4544 | 7.5 |
The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly h
|
20-07-2022 - 16:55 | 22-05-2016 - 01:59 | |
CVE-2016-5770 | 7.5 |
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large inte
|
20-07-2022 - 16:54 | 07-08-2016 - 10:59 | |
CVE-2016-5771 | 7.5 |
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-a
|
20-07-2022 - 16:52 | 07-08-2016 - 10:59 | |
CVE-2016-5772 | 7.5 |
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execu
|
20-07-2022 - 16:49 | 07-08-2016 - 10:59 | |
CVE-2015-8866 | 6.8 |
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML
|
20-07-2022 - 16:32 | 22-05-2016 - 01:59 | |
CVE-2016-4343 | 6.8 |
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly ha
|
20-07-2022 - 16:31 | 22-05-2016 - 01:59 | |
CVE-2016-7126 | 7.5 |
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-boun
|
16-11-2020 - 19:43 | 12-09-2016 - 01:59 | |
CVE-2016-7131 | 5.0 |
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is
|
16-11-2020 - 19:41 | 12-09-2016 - 01:59 | |
CVE-2016-7132 | 5.0 |
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is
|
16-11-2020 - 19:26 | 12-09-2016 - 01:59 | |
CVE-2016-6128 | 5.0 |
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
|
16-11-2020 - 19:24 | 07-08-2016 - 10:59 | |
CVE-2015-8388 | 7.5 |
PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via
|
27-12-2019 - 16:08 | 02-12-2015 - 01:59 | |
CVE-2015-8385 | 7.5 |
PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted
|
27-12-2019 - 16:08 | 02-12-2015 - 01:59 | |
CVE-2015-2328 | 7.5 |
PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular exp
|
27-12-2019 - 16:08 | 02-12-2015 - 01:59 | |
CVE-2016-5766 | 6.8 |
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based
|
22-04-2019 - 17:48 | 07-08-2016 - 10:59 | |
CVE-2015-8867 | 5.0 |
The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat
|
14-02-2019 - 18:53 | 22-05-2016 - 01:59 | |
CVE-2015-8876 | 7.5 |
Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trig
|
14-02-2019 - 18:48 | 22-05-2016 - 01:59 | |
CVE-2016-4538 | 7.5 |
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows rem
|
30-10-2018 - 16:27 | 22-05-2016 - 01:59 | |
CVE-2015-8874 | 5.0 |
Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.
|
30-10-2018 - 16:27 | 16-05-2016 - 10:59 | |
CVE-2016-4539 | 7.5 |
The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other imp
|
30-10-2018 - 16:27 | 22-05-2016 - 01:59 | |
CVE-2016-4542 | 7.5 |
The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or po
|
30-10-2018 - 16:27 | 22-05-2016 - 01:59 | |
CVE-2016-4537 | 7.5 |
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified ot
|
30-10-2018 - 16:27 | 22-05-2016 - 01:59 | |
CVE-2016-4342 | 8.3 |
ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other im
|
30-10-2018 - 16:27 | 22-05-2016 - 01:59 | |
CVE-2016-4541 | 7.5 |
The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact vi
|
30-10-2018 - 16:27 | 22-05-2016 - 01:59 | |
CVE-2016-4543 | 7.5 |
The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have uns
|
30-10-2018 - 16:27 | 22-05-2016 - 01:59 | |
CVE-2016-4540 | 7.5 |
The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact v
|
30-10-2018 - 16:27 | 22-05-2016 - 01:59 | |
CVE-2015-8865 | 7.5 |
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a de
|
30-06-2018 - 01:29 | 20-05-2016 - 10:59 | |
CVE-2015-5073 | 6.4 |
Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection me
|
18-05-2018 - 01:29 | 13-12-2016 - 16:59 | |
CVE-2015-3217 | 5.0 |
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_]
|
18-05-2018 - 01:29 | 13-12-2016 - 16:59 | |
CVE-2016-6290 | 7.5 |
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified o
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6291 | 7.5 |
The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive in
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6297 | 6.8 |
Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspeci
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-7129 | 7.5 |
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, a
|
05-01-2018 - 02:31 | 12-09-2016 - 01:59 | |
CVE-2016-6288 | 7.5 |
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-5773 | 7.5 |
php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial
|
05-01-2018 - 02:31 | 07-08-2016 - 10:59 | |
CVE-2016-5768 | 7.5 |
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial o
|
05-01-2018 - 02:31 | 07-08-2016 - 10:59 | |
CVE-2016-6294 | 7.5 |
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers t
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-5767 | 6.8 |
Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based
|
05-01-2018 - 02:31 | 07-08-2016 - 10:59 | |
CVE-2016-7127 | 7.5 |
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impa
|
05-01-2018 - 02:31 | 12-09-2016 - 01:59 | |
CVE-2016-7125 | 5.0 |
ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as dem
|
05-01-2018 - 02:31 | 12-09-2016 - 01:59 | |
CVE-2016-6289 | 6.8 |
Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecifie
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6296 | 7.5 |
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffe
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6295 | 7.5 |
ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and applicatio
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6292 | 4.3 |
The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-7130 | 5.0 |
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an inv
|
05-01-2018 - 02:31 | 12-09-2016 - 01:59 | |
CVE-2016-7124 | 7.5 |
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads
|
05-01-2018 - 02:31 | 12-09-2016 - 01:59 | |
CVE-2016-7128 | 5.0 |
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memor
|
05-01-2018 - 02:31 | 12-09-2016 - 01:59 | |
CVE-2015-8835 | 7.5 |
The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type
|
05-01-2018 - 02:30 | 16-05-2016 - 10:59 | |
CVE-2015-8935 | 4.3 |
The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XS
|
05-01-2018 - 02:30 | 07-08-2016 - 10:59 | |
CVE-2016-5096 | 7.5 |
Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.
|
05-01-2018 - 02:30 | 07-08-2016 - 10:59 | |
CVE-2015-8395 | 7.5 |
PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konque
|
05-01-2018 - 02:30 | 02-12-2015 - 01:59 | |
CVE-2016-5093 | 7.5 |
The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-
|
05-01-2018 - 02:30 | 07-08-2016 - 10:59 | |
CVE-2015-8877 | 5.0 |
The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memo
|
05-01-2018 - 02:30 | 22-05-2016 - 01:59 | |
CVE-2016-5114 | 6.4 |
sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (
|
05-01-2018 - 02:30 | 07-08-2016 - 10:59 | |
CVE-2015-8384 | 7.5 |
PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a
|
05-01-2018 - 02:30 | 02-12-2015 - 01:59 | |
CVE-2016-5094 | 7.5 |
Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string
|
05-01-2018 - 02:30 | 07-08-2016 - 10:59 | |
CVE-2015-8392 | 7.5 |
PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as d
|
05-01-2018 - 02:30 | 02-12-2015 - 01:59 | |
CVE-2015-8381 | 7.5 |
The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak
|
05-01-2018 - 02:30 | 02-12-2015 - 01:59 | |
CVE-2016-4071 | 7.5 |
Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.
|
05-01-2018 - 02:30 | 20-05-2016 - 11:00 | |
CVE-2016-2554 | 10.0 |
Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive
|
05-01-2018 - 02:30 | 16-05-2016 - 10:59 | |
CVE-2016-4072 | 7.5 |
The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar
|
05-01-2018 - 02:30 | 20-05-2016 - 11:00 | |
CVE-2016-4073 | 7.5 |
Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute
|
05-01-2018 - 02:30 | 20-05-2016 - 11:00 | |
CVE-2016-1903 | 6.4 |
The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and app
|
05-01-2018 - 02:30 | 19-01-2016 - 05:59 | |
CVE-2016-3142 | 6.4 |
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application c
|
05-01-2018 - 02:30 | 31-03-2016 - 16:59 | |
CVE-2016-3141 | 7.5 |
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by trig
|
05-01-2018 - 02:30 | 31-03-2016 - 16:59 | |
CVE-2015-2327 | 7.5 |
PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other i
|
05-01-2018 - 02:30 | 02-12-2015 - 01:59 | |
CVE-2014-9767 | 4.3 |
Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary
|
05-01-2018 - 02:29 | 22-05-2016 - 01:59 | |
CVE-2013-7456 | 6.8 |
gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified ot
|
05-01-2018 - 02:29 | 07-08-2016 - 10:59 | |
CVE-2016-4473 | 7.5 |
/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833.
|
16-06-2017 - 12:47 | 08-06-2017 - 20:29 |