| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-7480 | 7.5 |
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access)
|
20-07-2022 - 16:47 | 11-01-2017 - 07:59 | |
| CVE-2016-7479 | 7.5 |
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
|
04-05-2018 - 01:29 | 12-01-2017 - 00:59 | |
| CVE-2016-7478 | 5.0 |
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. <a href="http:/
|
14-01-2018 - 02:29 | 11-01-2017 - 06:59 |