Lucene search
+L

47 matches found

Tenable Nessus
Tenable Nessus
added 2016/10/05 12:0 a.m.48 views

openSUSE Security Update : php5 (openSUSE-2016-1150)

This update for php5 fixes the following security issues : - CVE-2016-7411: Memory corruption when destructing deserialized object - CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNEDFLAG in BIT field - CVE-2016-7413: Use after free in wddxdeserialize - CVE-2016-7414: Out of boun...

9.8CVSS8.3AI score0.11402EPSS
Exploits7References14
OpenVAS
OpenVAS
added 2016/10/05 12:0 a.m.52 views

Ubuntu: Security Advisory (USN-3095-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.1AI score0.16482EPSS
Exploits17References2
Check Point Advisories
Check Point Advisories
added 2016/09/27 12:0 a.m.17 views

PHP WDDX Deserialization Use After Free (CVE-2016-7413)

A Use-After-Free vulnerability exists in PHP during deserialization of WDDX elements. A remote attacker can exploit this vulnerability by supplying a crafted wddxPacket XML document. A successful attack can result in a denial of service...

7.5CVSS3.5AI score0.06654EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2016/09/26 12:0 a.m.48 views

Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-267-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2016-267-01. The text itself is copyright...

9.8CVSS8AI score0.11402EPSS
Exploits7References8
CVE
CVE
added 2016/09/17 9:0 p.m.311 views

CVE-2016-7413

CVE-2016-7413 is a Use-After-Free vulnerability in PHP’s WDDX deserialization path. The issue resides in wddx_stack_destroy in ext/wddx/wddx.c and can be triggered by a wddxPacket XML document that lacks an end-tag for a recordset field, leading to denial of service or potentially other impact. A...

9.8CVSS8.4AI score0.06654EPSS
Exploits1References10Affected Software1
Cvelist
Cvelist
added 2015/12/21 11:0 a.m.18 views

CVE-2015-7413

Cross-site scripting XSS vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

5.5AI score0.01171EPSS
Exploits0References3
CVE
CVE
added 2014/10/19 10:0 a.m.43 views

CVE-2014-7413

CVE-2014-7413 affects the Android app “The Rajendra Suriji” (package com.rajendrasuriji.nakodabhairav.com), version 1.1, where X.509 certificates from SSL servers are not verified. This allows MITM attackers to spoof servers and capture sensitive data with a crafted certificate. Documentation con...

5.4CVSS6AI score0.00266EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder