CVSS: 9.8EPSS: 8%CPEs: 40EXPL: 0CVE-2016-6290 – php: Use after free in unserialize() with Unexpected Session Deserialization
https://notcve.org/view.php?id=CVE-2016-6290
25 Jul 2016 — ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization. ext/session/session.c en PHP en versiones anteriores a 5.5.38, 5.6.x en versiones anteriores a 5.6.24 y 7.x en versiones anteriores a 7.0.9 no mantiene correctamente una determinada estructura de datos ... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=3798eb6fd5dddb211b01d41495072fd9858d4e32 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 6%CPEs: 40EXPL: 1CVE-2016-6292 – php: Null pointer dereference in exif_process_user_comment
https://notcve.org/view.php?id=CVE-2016-6292
25 Jul 2016 — The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image. La función exif_process_user_comment en ext/exif/exif.c en PHP en versiones anteriores a 5.5.38, 5.6.x en versiones anteriores a 5.6.24 y 7.x en versiones anteriores a 7.0.9 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NU... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=41131cd41d2fd2e0c2f332a27988df75659c42e4 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 8%CPEs: 6EXPL: 0CVE-2016-6207 – php,gd: Integer overflow error within _gdContributionsAlloc()
https://notcve.org/view.php?id=CVE-2016-6207
22 Jul 2016 — Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors. Desbordamiento de entero en la función _gdContributionsAlloc en gd_interpolation.c en GD Graphics Library (también conocida como libgd) en versiones anteriores a 2.2.3 permite a atacantes remotos causar una denegación de servicio (escritura de memoria fuera ... • http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 18%CPEs: 3EXPL: 6CVE-2016-5399 – PHP 5.5.37/5.6.23/7.0.8 - 'bzread()' Out-of-Bounds Write
https://notcve.org/view.php?id=CVE-2016-5399
21 Jul 2016 — The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive. La función bzread en ext/bz2/bz2.c en PHP en versiones anteriores a 5.5.38, 5.6.x en versiones anteriores a 5.6.24, y 7.x en versiones anteriores a 7.0.9 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de limites) o ejecutar código arbitrario a travé... • https://packetstorm.news/files/id/137998 • CWE-390: Detection of Error Condition Without Action CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 79%CPEs: 21EXPL: 0CVE-2016-5385 – PHP: sets environmental variable based on user supplied Proxy request header
https://notcve.org/view.php?id=CVE-2016-5385
19 Jul 2016 — PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issu... • http://lists.opensuse.org/opensuse-updates/2016-08/msg00003.html • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 11%CPEs: 9EXPL: 0CVE-2016-6128 – gd: Invalid color index not properly handled
https://notcve.org/view.php?id=CVE-2016-6128
11 Jul 2016 — The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index. La función gdImageCropThreshold en gd_crop.c en la GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.2.3, como se utiliza en PHP en versiones anteriores a 7.0.9, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a trav... • http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 16%CPEs: 6EXPL: 1CVE-2016-5770 – php: Int/size_t confusion in SplFileObject::fread
https://notcve.org/view.php?id=CVE-2016-5770
26 Jun 2016 — Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096. Desbordamiento de entero en la función SplFileObject::fread en spl_directory.c en la extensión SPL en PHP en versiones anteriores a 5.5.37 y 5.6.x en versiones anteriores 5.6.23 permite a atacantes remotos provocar... • http://github.com/php/php-src/commit/7245bff300d3fa8bacbef7897ff080a6f1c23eba?w=1 • CWE-190: Integer Overflow or Wraparound CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 16%CPEs: 40EXPL: 1CVE-2016-5768 – php: Double free in _php_mb_regex_ereg_replace_exec
https://notcve.org/view.php?id=CVE-2016-5768
26 Jun 2016 — Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception. Vulnerabilidad de liberación doble en la función _php_mb_regex_ereg_replace_exec en php_mbregex.c en la extensión mbstring en PHP en versiones anteriores a 5.5.37, 5.6.x en versiones anteriores a ... • http://github.com/php/php-src/commit/5b597a2e5b28e2d5a52fc1be13f425f08f47cb62?w=1 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 41EXPL: 0CVE-2016-5767 – gd: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow
https://notcve.org/view.php?id=CVE-2016-5767
26 Jun 2016 — Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions. Desbordamiento de entero en la función gdImageCreate en gd.c en la GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.0.34... • http://github.com/php/php-src/commit/c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6?w=1 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 20%CPEs: 6EXPL: 1CVE-2016-5771 – php: Use After Free Vulnerability in PHP's GC algorithm and unserialize
https://notcve.org/view.php?id=CVE-2016-5771
26 Jun 2016 — spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data. spl_array.c en la extension SPL en PHP en versiones anteriores a 5.5.37 y 5.6.x en versiones anteriores a 5.6.23 interactúa incorrectamente con la implementación no serializada y la recolección de bas... • http://github.com/php/php-src/commit/3f627e580acfdaf0595ae3b115b8bec677f203ee?w=1 • CWE-416: Use After Free •