Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-5399 | 6.8 |
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
|
12-02-2023 - 23:23 | 21-04-2017 - 20:59 | |
CVE-2016-6290 | 7.5 |
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified o
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6291 | 7.5 |
The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive in
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6297 | 6.8 |
Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspeci
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6288 | 7.5 |
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6294 | 7.5 |
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers t
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6289 | 6.8 |
Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecifie
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6296 | 7.5 |
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffe
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6295 | 7.5 |
ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and applicatio
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 | |
CVE-2016-6292 | 4.3 |
The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.
|
05-01-2018 - 02:31 | 25-07-2016 - 14:59 |