CVE-2016-10162
- EPSS 5.88%
- Veröffentlicht 24.01.2017 21:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacke...
CVE-2016-7479
- EPSS 41.94%
- Veröffentlicht 12.01.2017 00:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
CVE-2016-7480
- EPSS 41.56%
- Veröffentlicht 11.01.2017 07:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access)...
CVE-2016-7478
- EPSS 42.4%
- Veröffentlicht 11.01.2017 06:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
CVE-2017-5340
- EPSS 16.69%
- Veröffentlicht 11.01.2017 06:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory a...
CVE-2014-9912
- EPSS 4.95%
- Veröffentlicht 04.01.2017 20:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp component, which allows remote attackers to cause ...
CVE-2016-9137
- EPSS 5.36%
- Veröffentlicht 04.01.2017 20:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data ...
CVE-2016-9138
- EPSS 3.86%
- Veröffentlicht 04.01.2017 20:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated b...
CVE-2016-9934
- EPSS 6.85%
- Veröffentlicht 04.01.2017 20:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.
CVE-2016-9935
- EPSS 7.03%
- Veröffentlicht 04.01.2017 20:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty bo...