|
273611
|
7.5 |
HIGH
Network
|
libgd
php
|
libgd
php
|
The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows …
|
CWE-399
Resource Management Errors
|
CVE-2015-8877
|
2024-11-21 11:39 |
2016-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273612
|
9.8 |
CRITICAL
Network
|
php
|
php
|
Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL…
|
NVD-CWE-Other
|
CVE-2015-8876
|
2024-11-21 11:39 |
2016-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273613
|
7.5 |
HIGH
Network
|
php
canonical
|
php
ubuntu_linux
|
The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, w…
|
CWE-310
Cryptographic Issues
|
CVE-2015-8867
|
2024-11-21 11:39 |
2016-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273614
|
6.1 |
MEDIUM
Network
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored…
|
CWE-79
Cross-site Scripting
|
CVE-2015-8834
|
2024-11-21 11:39 |
2016-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273615
|
9.6 |
CRITICAL
Network
|
php
canonical
suse
opensuse
|
php
ubuntu_linux
linux_enterprise_software_development_kit
linux_enterprise_module_for_web_scripting
leap
opensuse
|
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote att…
|
CWE-611
XXE
|
CVE-2015-8866
|
2024-11-21 11:39 |
2016-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273616
|
7.3 |
HIGH
Local
|
php
apple
|
php
mac_os_x
|
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, whi…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8865
|
2024-11-21 11:39 |
2016-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273617
|
7.5 |
HIGH
Network
|
opensuse
php
|
leap
php
|
Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2015-8874
|
2024-11-21 11:39 |
2016-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273618
|
7.5 |
HIGH
Network
|
php
opensuse
|
php
leap
|
Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) …
|
CWE-20
Improper Input Validation
|
CVE-2015-8873
|
2024-11-21 11:39 |
2016-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273619
|
5.9 |
MEDIUM
Network
|
php
|
php
|
ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof serve…
|
CWE-284
Improper Access Control
|
CVE-2015-8838
|
2024-11-21 11:39 |
2016-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273620
|
9.8 |
CRITICAL
Network
|
php
|
php
|
The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a…
|
NVD-CWE-Other
|
CVE-2015-8835
|
2024-11-21 11:39 |
2016-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
