| Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-4070 | 5.0 |
Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode f
|
11-04-2024 - 00:55 | 20-05-2016 - 11:00 | |
| CVE-2016-1238 | 7.2 |
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpa
|
22-09-2023 - 16:58 | 02-08-2016 - 14:59 | |
| CVE-2015-8391 | 9.0 |
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as
|
16-02-2023 - 14:15 | 02-12-2015 - 01:59 | |
| CVE-2015-8394 | 7.5 |
PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a
|
16-02-2023 - 14:15 | 02-12-2015 - 01:59 | |
| CVE-2015-8386 | 7.5 |
PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expr
|
16-02-2023 - 14:15 | 02-12-2015 - 01:59 | |
| CVE-2015-8390 | 7.5 |
PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstra
|
16-02-2023 - 14:15 | 02-12-2015 - 01:59 | |
| CVE-2015-8389 | 7.5 |
PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated
|
16-02-2023 - 14:15 | 02-12-2015 - 01:59 | |
| CVE-2015-8383 | 7.5 |
PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript
|
16-02-2023 - 14:15 | 02-12-2015 - 01:59 | |
| CVE-2015-8393 | 5.0 |
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
|
16-02-2023 - 14:15 | 02-12-2015 - 01:59 | |
| CVE-2015-8387 | 7.5 |
PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrate
|
16-02-2023 - 14:15 | 02-12-2015 - 01:59 | |
| CVE-2016-3074 | 7.5 |
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflo
|
20-07-2022 - 16:57 | 26-04-2016 - 14:59 | |
| CVE-2016-4544 | 7.5 |
The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly h
|
20-07-2022 - 16:55 | 22-05-2016 - 01:59 | |
| CVE-2016-5770 | 7.5 |
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large inte
|
20-07-2022 - 16:54 | 07-08-2016 - 10:59 | |
| CVE-2016-5771 | 7.5 |
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-a
|
20-07-2022 - 16:52 | 07-08-2016 - 10:59 | |
| CVE-2016-5772 | 7.5 |
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execu
|
20-07-2022 - 16:49 | 07-08-2016 - 10:59 | |
| CVE-2016-4343 | 6.8 |
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly ha
|
20-07-2022 - 16:31 | 22-05-2016 - 01:59 | |
| CVE-2016-2381 | 5.0 |
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
|
10-09-2020 - 13:20 | 08-04-2016 - 15:59 | |
| CVE-2015-8607 | 7.5 |
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted st
|
15-07-2020 - 03:15 | 13-01-2016 - 15:59 | |
| CVE-2016-5766 | 6.8 |
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based
|
22-04-2019 - 17:48 | 07-08-2016 - 10:59 | |
| CVE-2016-4538 | 7.5 |
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows rem
|
30-10-2018 - 16:27 | 22-05-2016 - 01:59 | |
| CVE-2015-8874 | 5.0 |
Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.
|
30-10-2018 - 16:27 | 16-05-2016 - 10:59 | |
| CVE-2016-4539 | 7.5 |
The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other imp
|
30-10-2018 - 16:27 | 22-05-2016 - 01:59 | |
| CVE-2016-4542 | 7.5 |
The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or po
|
30-10-2018 - 16:27 | 22-05-2016 - 01:59 | |
| CVE-2016-4537 | 7.5 |
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified ot
|
30-10-2018 - 16:27 | 22-05-2016 - 01:59 | |
| CVE-2016-4342 | 8.3 |
ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other im
|
30-10-2018 - 16:27 | 22-05-2016 - 01:59 | |
| CVE-2016-4541 | 7.5 |
The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact vi
|
30-10-2018 - 16:27 | 22-05-2016 - 01:59 | |
| CVE-2016-4543 | 7.5 |
The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have uns
|
30-10-2018 - 16:27 | 22-05-2016 - 01:59 | |
| CVE-2016-4540 | 7.5 |
The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact v
|
30-10-2018 - 16:27 | 22-05-2016 - 01:59 | |
| CVE-2014-4330 | 2.1 |
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers
|
09-10-2018 - 19:49 | 30-09-2014 - 16:55 | |
| CVE-2015-8865 | 7.5 |
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a de
|
30-06-2018 - 01:29 | 20-05-2016 - 10:59 | |
| CVE-2015-8853 | 5.0 |
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."
|
02-05-2018 - 01:29 | 25-05-2016 - 15:59 | |
| CVE-2016-5773 | 7.5 |
php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial
|
05-01-2018 - 02:31 | 07-08-2016 - 10:59 | |
| CVE-2016-5768 | 7.5 |
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial o
|
05-01-2018 - 02:31 | 07-08-2016 - 10:59 | |
| CVE-2016-5767 | 6.8 |
Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based
|
05-01-2018 - 02:31 | 07-08-2016 - 10:59 | |
| CVE-2016-5096 | 7.5 |
Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.
|
05-01-2018 - 02:30 | 07-08-2016 - 10:59 | |
| CVE-2016-5093 | 7.5 |
The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-
|
05-01-2018 - 02:30 | 07-08-2016 - 10:59 | |
| CVE-2016-5114 | 6.4 |
sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (
|
05-01-2018 - 02:30 | 07-08-2016 - 10:59 | |
| CVE-2016-5094 | 7.5 |
Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string
|
05-01-2018 - 02:30 | 07-08-2016 - 10:59 | |
| CVE-2016-4071 | 7.5 |
Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.
|
05-01-2018 - 02:30 | 20-05-2016 - 11:00 | |
| CVE-2016-2554 | 10.0 |
Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive
|
05-01-2018 - 02:30 | 16-05-2016 - 10:59 | |
| CVE-2016-4072 | 7.5 |
The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar
|
05-01-2018 - 02:30 | 20-05-2016 - 11:00 | |
| CVE-2016-4073 | 7.5 |
Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute
|
05-01-2018 - 02:30 | 20-05-2016 - 11:00 | |
| CVE-2016-1903 | 6.4 |
The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and app
|
05-01-2018 - 02:30 | 19-01-2016 - 05:59 | |
| CVE-2013-7456 | 6.8 |
gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified ot
|
05-01-2018 - 02:29 | 07-08-2016 - 10:59 | |
| CVE-2016-5769 | 7.5 |
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have uns
|
28-11-2016 - 20:29 | 07-08-2016 - 10:59 |