CVSS: 7.5EPSS: 8%CPEs: 14EXPL: 0CVE-2016-9933 – gd: Stack overflow in gdImageFillToBorder on truecolor images
https://notcve.org/view.php?id=CVE-2016-9933
13 Dec 2016 — Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. Vulnerabilidad de consumo de pila en la función gdImageFillToBorder en gd.c en la GD Graphics Library (también conocida como libgd) en versiones anteriores a 2.2.2, como s... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00133.html • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 10%CPEs: 14EXPL: 0CVE-2016-9934 – php: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow
https://notcve.org/view.php?id=CVE-2016-9934
13 Dec 2016 — ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. ext/wddx/wddx.c en PHP en versiones anteriores a 5.6.28 y 7.x en versiones anteriores a 7.0.13 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través datos serializados manipulados en un documento wddxPacket XML, como se demuestra po... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 2%CPEs: 15EXPL: 0CVE-2016-9935 – php: Invalid read when wddx decodes empty boolean element
https://notcve.org/view.php?id=CVE-2016-9935
13 Dec 2016 — The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. La función php_wddx_push_element en ext/wddx/wddx.c en PHP en versiones anteriores a 5.6.29 y 7.x en versiones anteriores a 7.0.14 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00142.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 15EXPL: 0CVE-2016-8670 – Apple Security Advisory 2017-01-23-2
https://notcve.org/view.php?id=CVE-2016-8670
01 Nov 2016 — Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call. Error de firma de enteros en la función dynamicGetbuf en gd_io_dp.c en la librería de gráficos GD (también conocido como libgd) hasta la versión 2.2.3 como se utiliza en ... • http://www.debian.org/security/2016/dsa-3693 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-7568 – Gentoo Linux Security Advisory 201612-09
https://notcve.org/view.php?id=CVE-2016-7568
28 Sep 2016 — Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls. Desbordamiento de entero en la función gdImageWebpCtx en gd_webp.c en la GD Graphics Library (también conocido como libgd) hasta la versión 2.2.3, tal como se utiliza en PHP hasta la versión 7.0.1... • http://www.debian.org/security/2016/dsa-3693 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.6EPSS: 1%CPEs: 13EXPL: 1CVE-2015-8866 – php: libxml_disable_entity_loader setting is shared between threads
https://notcve.org/view.php?id=CVE-2015-8866
22 May 2016 — ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161. ext/libxml/libxml.c en PHP en versiones anteriores a 5.5.22 y 5.6.x en versiones anteriores a 5.6.6, cuando se utiliza PHP-FPM, no aisla cada hilo de cambios libxml_dis... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=de31324c221c1791b26350ba106cc26bad23ace9 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 3%CPEs: 7EXPL: 1CVE-2016-1283 – pcre: heap buffer overflow in handling of duplicate named groups (8.39/14)
https://notcve.org/view.php?id=CVE-2016-1283
03 Jan 2016 — The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(? • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 4%CPEs: 85EXPL: 0CVE-2006-3017
https://notcve.org/view.php?id=CVE-2006-3017
14 Jun 2006 — zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U •