| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-10159 | 5.0 |
Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PH
|
29-08-2022 - 20:43 | 24-01-2017 - 21:59 | |
| CVE-2016-10160 | 7.5 |
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archiv
|
20-07-2022 - 16:58 | 24-01-2017 - 21:59 | |
| CVE-2017-5340 | 7.5 |
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory a
|
20-07-2022 - 16:46 | 11-01-2017 - 06:59 | |
| CVE-2016-7479 | 7.5 |
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
|
04-05-2018 - 01:29 | 12-01-2017 - 00:59 | |
| CVE-2016-10168 | 6.8 |
Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.
|
04-05-2018 - 01:29 | 15-03-2017 - 15:59 | |
| CVE-2016-10162 | 5.0 |
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacke
|
04-05-2018 - 01:29 | 24-01-2017 - 21:59 | |
| CVE-2016-10167 | 4.3 |
The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
|
04-05-2018 - 01:29 | 15-03-2017 - 15:59 | |
| CVE-2016-10158 | 5.0 |
The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divid
|
04-05-2018 - 01:29 | 24-01-2017 - 21:59 | |
| CVE-2016-10161 | 5.0 |
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data
|
04-05-2018 - 01:29 | 24-01-2017 - 21:59 |