CRITICAL9.8CVE-2016-7417ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and…
from 0, < 5.6.27-r0
CRITICAL9.8CVE-2016-7414The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is l…
from 0, < 5.6.27-r0
CRITICAL9.8CVE-2016-7413Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote…
from 0, < 5.6.27-r0
CRITICAL9.8ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a…
from 0, < 5.6.27-r0
HIGH8.1ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag,…
from 0, < 5.6.27-r0
HIGH7.5The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial…
from 0, < 5.6.27-r0
HIGH7.5ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to t…