CVE-2016-5420
- EPSS 14.6%
- Veröffentlicht 10.08.2016 14:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a diffe...
CVE-2016-5419
- EPSS 15.06%
- Veröffentlicht 10.08.2016 14:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
CVE-2013-7458
- EPSS 0.48%
- Veröffentlicht 10.08.2016 14:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
CVE-2016-4029
- EPSS 4.57%
- Veröffentlicht 07.08.2016 16:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.
CVE-2016-6128
- EPSS 6.81%
- Veröffentlicht 07.08.2016 10:59:22
- Zuletzt bearbeitet 06.05.2026 22:30:45
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index.
CVE-2016-5772
- EPSS 9.67%
- Veröffentlicht 07.08.2016 10:59:20
- Zuletzt bearbeitet 06.05.2026 22:30:45
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execu...
CVE-2016-5771
- EPSS 15.48%
- Veröffentlicht 07.08.2016 10:59:19
- Zuletzt bearbeitet 06.05.2026 22:30:45
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-a...
CVE-2016-5770
- EPSS 7.34%
- Veröffentlicht 07.08.2016 10:59:18
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large inte...
CVE-2016-5766
- EPSS 7.5%
- Veröffentlicht 07.08.2016 10:59:13
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based ...
CVE-2016-5116
- EPSS 3.81%
- Veröffentlicht 07.08.2016 10:59:12
- Zuletzt bearbeitet 06.05.2026 22:30:45
gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer ...