Max CVSS 10.0 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2016-5766 6.8
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based
22-04-2019 - 17:48 07-08-2016 - 10:59
CVE-2016-1238 7.2
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpa
16-12-2018 - 11:29 02-08-2016 - 14:59
CVE-2016-4544 7.5
The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly h
30-10-2018 - 16:27 22-05-2016 - 01:59
CVE-2016-4543 7.5
The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have uns
30-10-2018 - 16:27 22-05-2016 - 01:59
CVE-2016-4542 7.5
The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or po
30-10-2018 - 16:27 22-05-2016 - 01:59
CVE-2016-4541 7.5
The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact vi
30-10-2018 - 16:27 22-05-2016 - 01:59
CVE-2016-4540 7.5
The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact v
30-10-2018 - 16:27 22-05-2016 - 01:59
CVE-2016-4539 7.5
The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other imp
30-10-2018 - 16:27 22-05-2016 - 01:59
CVE-2016-4538 7.5
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows rem
30-10-2018 - 16:27 22-05-2016 - 01:59
CVE-2016-4537 7.5
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified ot
30-10-2018 - 16:27 22-05-2016 - 01:59
CVE-2016-4342 8.3
ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other im
30-10-2018 - 16:27 22-05-2016 - 01:59
CVE-2015-8874 5.0
Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.
30-10-2018 - 16:27 16-05-2016 - 10:59
CVE-2016-3074 7.5
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflo
09-10-2018 - 19:59 26-04-2016 - 14:59
CVE-2014-4330 2.1
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers
09-10-2018 - 19:49 30-09-2014 - 16:55
CVE-2015-8865 7.5
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a de
30-06-2018 - 01:29 20-05-2016 - 10:59
CVE-2015-8853 5.0
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."
02-05-2018 - 01:29 25-05-2016 - 15:59
CVE-2016-5773 7.5
php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial
05-01-2018 - 02:31 07-08-2016 - 10:59
CVE-2016-5772 7.5
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execu
05-01-2018 - 02:31 07-08-2016 - 10:59
CVE-2016-5771 7.5
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-a
05-01-2018 - 02:31 07-08-2016 - 10:59
CVE-2016-5770 7.5
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large inte
05-01-2018 - 02:31 07-08-2016 - 10:59
CVE-2016-5768 7.5
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial o
05-01-2018 - 02:31 07-08-2016 - 10:59
CVE-2016-5767 6.8
Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based
05-01-2018 - 02:31 07-08-2016 - 10:59
CVE-2016-5114 6.4
sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (
05-01-2018 - 02:30 07-08-2016 - 10:59
CVE-2016-5096 7.5
Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.
05-01-2018 - 02:30 07-08-2016 - 10:59
CVE-2016-5094 7.5
Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string
05-01-2018 - 02:30 07-08-2016 - 10:59
CVE-2016-5093 7.5
The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-
05-01-2018 - 02:30 07-08-2016 - 10:59
CVE-2016-4343 6.8
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly ha
05-01-2018 - 02:30 22-05-2016 - 01:59
CVE-2016-4073 7.5
Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute
05-01-2018 - 02:30 20-05-2016 - 11:00
CVE-2016-4072 7.5
The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar
05-01-2018 - 02:30 20-05-2016 - 11:00
CVE-2016-4071 7.5
Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.
05-01-2018 - 02:30 20-05-2016 - 11:00
CVE-2016-4070 5.0
** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the
05-01-2018 - 02:30 20-05-2016 - 11:00
CVE-2016-2554 10.0
Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive
05-01-2018 - 02:30 16-05-2016 - 10:59
CVE-2016-1903 6.4
The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and app
05-01-2018 - 02:30 19-01-2016 - 05:59
CVE-2015-8391 9.0
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as
05-01-2018 - 02:30 02-12-2015 - 01:59
CVE-2015-8386 7.5
PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expr
05-01-2018 - 02:30 02-12-2015 - 01:59
CVE-2015-8383 7.5
PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript
05-01-2018 - 02:30 02-12-2015 - 01:59
CVE-2013-7456 6.8
gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified ot
05-01-2018 - 02:29 07-08-2016 - 10:59
CVE-2016-2381 5.0
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
20-10-2017 - 01:29 08-04-2016 - 15:59
CVE-2015-8607 7.5
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted st
09-08-2017 - 01:29 13-01-2016 - 15:59
CVE-2015-8394 7.5
PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a
01-07-2017 - 01:29 02-12-2015 - 01:59
CVE-2015-8393 5.0
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.
01-07-2017 - 01:29 02-12-2015 - 01:59
CVE-2015-8390 7.5
PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstra
01-07-2017 - 01:29 02-12-2015 - 01:59
CVE-2015-8389 7.5
PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated
01-07-2017 - 01:29 02-12-2015 - 01:59
CVE-2015-8387 7.5
PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrate
01-07-2017 - 01:29 02-12-2015 - 01:59
CVE-2016-5769 7.5
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have uns
28-11-2016 - 20:29 07-08-2016 - 10:59
Back to Top Mark selected
Back to Top