Max CVSS | 7.5 | Min CVSS | 3.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-7480 | 7.5 |
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access)
|
20-07-2022 - 16:47 | 11-01-2017 - 07:59 | |
CVE-2016-10087 | 5.0 |
The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text c
|
29-06-2021 - 15:15 | 30-01-2017 - 22:59 | |
CVE-2004-2134 | 4.6 |
Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords.
|
19-10-2018 - 15:30 | 28-01-2004 - 05:00 | |
CVE-2016-7479 | 7.5 |
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
|
04-05-2018 - 01:29 | 12-01-2017 - 00:59 | |
CVE-2016-7478 | 5.0 |
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876. <a href="http:/
|
14-01-2018 - 02:29 | 11-01-2017 - 06:59 | |
CVE-2016-9813 | 4.3 |
The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
|
05-01-2018 - 02:31 | 13-01-2017 - 16:59 | |
CVE-2017-10974 | 5.0 |
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was appa
|
14-07-2017 - 16:47 | 07-07-2017 - 11:29 | |
CVE-2016-8934 | 3.5 |
IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t
|
09-02-2017 - 21:33 | 01-02-2017 - 20:59 | |
CVE-2016-8227 | 7.2 |
Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.
|
28-01-2017 - 02:59 | 26-01-2017 - 17:59 | |
CVE-2016-9891 | 3.5 |
Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title).
|
03-01-2017 - 18:39 | 29-12-2016 - 18:59 |