|
267661
|
7.5 |
HIGH
Network
|
php
|
php
|
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other imp…
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-7132
|
2024-11-21 11:57 |
2016-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267662
|
7.5 |
HIGH
Network
|
php
|
php
|
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other imp…
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-7131
|
2024-11-21 11:57 |
2016-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267663
|
7.5 |
HIGH
Network
|
php
|
php
|
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) o…
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-7130
|
2024-11-21 11:57 |
2016-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267664
|
9.8 |
CRITICAL
Network
|
php
|
php
|
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified…
|
CWE-20
Improper Input Validation
|
CVE-2016-7129
|
2024-11-21 11:57 |
2016-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267665
|
5.3 |
MEDIUM
Network
|
php
|
php
|
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers…
|
CWE-200
Information Exposure
|
CVE-2016-7128
|
2024-11-21 11:57 |
2016-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267666
|
9.8 |
CRITICAL
Network
|
php
|
php
|
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bo…
|
CWE-787
Out-of-bounds Write
|
CVE-2016-7127
|
2024-11-21 11:57 |
2016-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267667
|
9.8 |
CRITICAL
Network
|
php
|
php
|
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of serv…
|
CWE-787
Out-of-bounds Write
|
CVE-2016-7126
|
2024-11-21 11:57 |
2016-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267668
|
7.5 |
HIGH
Network
|
php
|
php
|
ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session d…
|
CWE-74
Injection
|
CVE-2016-7125
|
2024-11-21 11:57 |
2016-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267669
|
9.8 |
CRITICAL
Network
|
php
|
php
|
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2016-7124
|
2024-11-21 11:57 |
2016-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267670
|
8.8 |
HIGH
Network
|
google
|
chrome
|
SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, does not properly validate the return values of ChopMonoAtY calls, which allows …
|
CWE-19
Data Processing Errors
|
CVE-2016-7395
|
2024-11-21 11:57 |
2016-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
