CVE-2015-8879
- EPSS 3.42%
- Veröffentlicht 22.05.2016 01:59:11
- Zuletzt bearbeitet 06.05.2026 22:30:45
The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging us...
CVE-2015-8878
- EPSS 1.25%
- Veröffentlicht 22.05.2016 01:59:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote attackers to cause a denial of service (race condition and heap memory corruption) by leveraging an application that perfor...
CVE-2015-8877
- EPSS 3.65%
- Veröffentlicht 22.05.2016 01:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memo...
CVE-2015-8876
- EPSS 7.71%
- Veröffentlicht 22.05.2016 01:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trig...
CVE-2015-8867
- EPSS 4.35%
- Veröffentlicht 22.05.2016 01:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat...
CVE-2015-8866
- EPSS 4.03%
- Veröffentlicht 22.05.2016 01:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML...
CVE-2014-9767
- EPSS 4.54%
- Veröffentlicht 22.05.2016 01:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary ...
CVE-2016-4073
- EPSS 7.29%
- Veröffentlicht 20.05.2016 11:00:18
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute...
CVE-2016-4072
- EPSS 5.93%
- Veröffentlicht 20.05.2016 11:00:16
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar...
CVE-2016-4071
- EPSS 19.46%
- Veröffentlicht 20.05.2016 11:00:15
- Zuletzt bearbeitet 06.05.2026 22:30:45
Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.