1683 matches found
CVE-2014-9529
Race condition in the keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service memory corruption or panic or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during...
PHP < 5.5.37, 5.6.23 Use-After-Free Remote Code Execution.
Binary data 802011.prm...
Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3044-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3044-1 advisory. Gustavo Grieco discovered an out-of-bounds read during XML parsing in some circumstances. If a user were tricked in to opening a specially...
Design/Logic Flaw
phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...
Design/Logic Flaw
splarray.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash via crafted...
CVE-2016-5771
splarray.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash via crafted...
CVE-2016-5773
phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...
CVE-2016-5773
CVE-2016-5773 affects php_zip.c in the PHP zip extension; PHP versions before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 interact with unserialize and garbage collection, enabling remote attackers to execute arbitrary code or cause a denial of service via crafted serialized data containing...
EUVD-2016-6706
splarray.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash via crafted...
CVE-2016-5771
CVE-2016-5771 affects the PHP SPL extension (spl_array.c) in PHP before 5.5.37 and 5.6.x before 5.6.23. The issue arises from how unserialize interacts with garbage collection, enabling remote attackers to trigger a use-after-free and cause a denial of service or potentially execute arbitrary cod...
CVE-2016-5255
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection...
Design/Logic Flaw
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection...
CVE-2016-5255
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection...
CVE-2016-5255
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection...
CVE-2016-5255
CVE-2016-5255 is a use-after-free in Mozilla Firefox’s js::PreliminaryObjectArray::sweep during incremental garbage collection that could allow remote code execution via crafted JavaScript. Affected product: Firefox (pre-48.0); the openSUSE advisory indicates fix in version 48.0. The connected do...
CVE-2016-5255
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection...
CVE-2016-5255
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection...
UBUNTU-CVE-2016-5255
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection...
Crash in incremental garbage collection in JavaScript — Mozilla
Security researcher Jukka Jylänki reported a use-after-free in JavaScript caused by how objects and pointers are handled during incremental garbage collection in some circumstances working with object groups. When triggered, this causes a potential exploitable crash but is mitigated by the...
PHP < 5.5.38, 5.6.x < 5.6.24, 7.0.x < 7.0.9 Multiple Vulnerabilities (Jul 2016) - Windows
PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...