CVSS: 9.8EPSS: 10%CPEs: 5EXPL: 0CVE-2016-10160 – php: Off-by-one error in phar_parse_pharfile when loading crafted phar archive
https://notcve.org/view.php?id=CVE-2016-10160
24 Jan 2017 — Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. Error por un paso en la función phar_parse_pharfile en ext/phar/phar.c en PHP en versiones anteriores a 5.6.30 y 7.0.x en versiones anteriores a 7.0.15 permite a atacantes remotos provocar una denegación de servicio (corrupción de memor... • http://php.net/ChangeLog-5.php • CWE-193: Off-by-one Error •
CVSS: 7.5EPSS: 25%CPEs: 17EXPL: 0CVE-2016-10161 – php: Out-of-bounds heap read on unserialize in finish_nested_data()
https://notcve.org/view.php?id=CVE-2016-10161
24 Jan 2017 — The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. La función object_common1 en ext/standard/var_unserializer.c en PHP en versiones anteriores a 5.6.30, 7.0.x en versiones anteriores a 7.0.15 y 7.1.x en versiones anteriores a 7.1.1 permite a atacantes remotos pro... • http://php.net/ChangeLog-5.php • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 2%CPEs: 16EXPL: 0CVE-2016-10162 – php: Null pointer dereference when unserializing PHP object
https://notcve.org/view.php?id=CVE-2016-10162
24 Jan 2017 — The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call. La función php_wddx_pop_element en ext/wddx/wddx.c en PHP 7.0.x en versiones anteriores a 7.0.15 y 7.1.x en versiones anteriores a 7.1.1 permite a atacantes remotos provocar una denegación de ser... • http://php.net/ChangeLog-7.php • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 15EXPL: 1CVE-2016-7479 – php: Use-after-free vulnerability when resizing the 'properties' hash table of a serialized object
https://notcve.org/view.php?id=CVE-2016-7479
12 Jan 2017 — In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. En todas las versiones de PHP 7, durante el proceso no serializado, redimensionando las "propiedades" de la tabla hash de un objeto serializado puede conducir a un uso después de liberación de memoria. Un atacante remoto puede explotar este error para obtener ejecución de código arbitrari... • http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 9%CPEs: 3EXPL: 1CVE-2017-5340 – php: Use of uninitialized memory in unserialize()
https://notcve.org/view.php?id=CVE-2017-5340
11 Jan 2017 — Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access, and use of arbitrary destructor function pointers) via crafted serialized data. Zend/zend_hash.c en PHP en versiones anteriores a 7.0.15 y 7.1.x en versiones anteriores a 7.1.1 no maneja adecuadamente ciertos casos que requieren asignaciones de array gran... • http://www.securityfocus.com/bid/95371 • CWE-190: Integer Overflow or Wraparound CWE-456: Missing Initialization of a Variable •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 1CVE-2016-9936 – php: Use After Free in unserialize()
https://notcve.org/view.php?id=CVE-2016-9936
04 Jan 2017 — The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834. La implementación no serializada en ext/standard/var.c en PHP 7.x en versiones anteriores a 7.0.14 permite a atacantes remotos provocar una denegación de servicio (uso después de liberación) o posiblemente tener o... • http://lists.opensuse.org/opensuse-updates/2017-01/msg00034.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 15EXPL: 0CVE-2016-9935 – php: Invalid read when wddx decodes empty boolean element
https://notcve.org/view.php?id=CVE-2016-9935
13 Dec 2016 — The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. La función php_wddx_push_element en ext/wddx/wddx.c en PHP en versiones anteriores a 5.6.29 y 7.x en versiones anteriores a 7.0.14 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html • CWE-125: Out-of-bounds Read •
CVSS: 9.6EPSS: 1%CPEs: 13EXPL: 1CVE-2015-8866 – php: libxml_disable_entity_loader setting is shared between threads
https://notcve.org/view.php?id=CVE-2015-8866
22 May 2016 — ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161. ext/libxml/libxml.c en PHP en versiones anteriores a 5.5.22 y 5.6.x en versiones anteriores a 5.6.6, cuando se utiliza PHP-FPM, no aisla cada hilo de cambios libxml_dis... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=de31324c221c1791b26350ba106cc26bad23ace9 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 3%CPEs: 7EXPL: 1CVE-2016-1283 – pcre: heap buffer overflow in handling of duplicate named groups (8.39/14)
https://notcve.org/view.php?id=CVE-2016-1283
03 Jan 2016 — The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(? • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 4%CPEs: 85EXPL: 0CVE-2006-3017
https://notcve.org/view.php?id=CVE-2006-3017
14 Jun 2006 — zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U •