EUVD-2016-6706

splarray.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash via crafted...

CVE-2016-5773

CVE-2016-5773 affects php_zip.c in the PHP zip extension; PHP versions before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 interact with unserialize and garbage collection, enabling remote attackers to execute arbitrary code or cause a denial of service via crafted serialized data containing...

pDNS2 - Passive DNS V2

pDNS2 is yet another implementation of a passive DNS tool working with Redis as the database. pDNS2 means ‘passive DNS version2’ and favors speed in query over other database features. pDNS2 is based on Florian Weimer’s original dnslogger with improved features for speed and specialization for...

CVE-2016-5255

Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection...

Design/Logic Flaw

Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection...

CVE-2016-5255

CVE-2016-5255 is a use-after-free in Mozilla Firefox’s js::PreliminaryObjectArray::sweep during incremental garbage collection that could allow remote code execution via crafted JavaScript. Affected product: Firefox (pre-48.0); the openSUSE advisory indicates fix in version 48.0. The connected do...

CVE-2016-5255

Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection...

CVE-2016-5255

Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection...

OS X Forensic Evidence Collection: OSXCollector

OS X Forensic Evidence Collection: OSXCollector Forensic Collection The collection script runs on a potentially infected machine and outputs a JSON file that describes the target machine. OSXCollector gathers information from plists, SQLite databases and the local file system. Forensic Analysis...

CVE-2016-5255

Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection...

UBUNTU-CVE-2016-5255

Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection...

CVE-2016-5255

Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection...

Crash in incremental garbage collection in JavaScript — Mozilla

Security researcher Jukka Jylänki reported a use-after-free in JavaScript caused by how objects and pointers are handled during incremental garbage collection in some circumstances working with object groups. When triggered, this causes a potential exploitable crash but is mitigated by the...

PHP < 5.5.38, 5.6.x < 5.6.24, 7.0.x < 7.0.9 Multiple Vulnerabilities (Jul 2016) - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PHP ext/snmp/snmp.c Denial of Service Vulnerability

PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. Versions of PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 do not properly handle deserialization and garbage collection in ext/snmp/snmp.c. With...

CVE-2016-6295

CVE-2016-6295 affects PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9. The issue arises from PHP ext/snmp/snmp.c interacting improperly with unserialize and garbage collection, enabling remote attackers to trigger a denial of service (use-after-free and crash) or potentially other im...

UBUNTU-CVE-2016-6295

ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impac...

PHP GC algorithm and anti-serialization mechanism after the release of the reuse vulnerability

Description: A critical use after free vulnerability was discovered when PHP's garbage collection algorithm interacts with other specific PHP objects. This vulnerability has wide reaching effects like allowing the exploitation of unserialize to gain remote code execution on a target system. While...

France warns Microsoft to Stop Collecting Windows 10 Users' Personal Data

We have heard a lot about privacy concerns surrounding Windows 10 and accusations on Microsoft of collecting too much data about users without their consent. Now, the French data protection authority has ordered Microsoft to stop it. France's National Data Protection Commission CNIL issued a form...

Internet Bug Bounty: Use After Free/Double Free in Garbage Collection

https://bugs.php.net/bug.php?id=72605 I don't know if the bug is qualified. I reported this bug since php some guys added this commit: https://github.com/php/php-src/commit/1c84b55adea936b065a20102202bea3d1d243225 Then they had reverted this commit before PHP updates release:...