1683 matches found
PHP ext/snmp/snmp.c Denial of Service Vulnerability
PHP is a widely used general-purpose scripting language that is particularly well suited for web development and can be embedded in HTML. Versions of PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 do not properly handle deserialization and garbage collection in ext/snmp/snmp.c. With...
CVE-2016-6295
CVE-2016-6295 affects PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9. The issue arises from PHP ext/snmp/snmp.c interacting improperly with unserialize and garbage collection, enabling remote attackers to trigger a denial of service (use-after-free and crash) or potentially other im...
PHP GC algorithm and anti-serialization mechanism after the release of the reuse vulnerability
Description: A critical use after free vulnerability was discovered when PHP's garbage collection algorithm interacts with other specific PHP objects. This vulnerability has wide reaching effects like allowing the exploitation of unserialize to gain remote code execution on a target system. While...
UBUNTU-CVE-2016-6295
ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impac...
Internet Bug Bounty: Use After Free/Double Free in Garbage Collection
https://bugs.php.net/bug.php?id=72605 I don't know if the bug is qualified. I reported this bug since php some guys added this commit: https://github.com/php/php-src/commit/1c84b55adea936b065a20102202bea3d1d243225 Then they had reverted this commit before PHP updates release:...
The vulnerability of the Firefox browser, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.
A vulnerability exists in the mozilla::dom::TextTrack::AddCue function in Mozilla Firefox and SeaMonkey due to improper garbage collection of text track management variables. Exploiting this vulnerability allows malicious actors to execute arbitrary code or cause service failures e.g., errors whe...
The vulnerability of the SeaMonkey software allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.
A vulnerability exists in the mozilla::dom::TextTrack::AddCue function in Mozilla Firefox and SeaMonkey due to improper garbage collection of text track management variables. Exploiting this vulnerability allows malicious actors to execute arbitrary code or cause service failures e.g., errors whe...
The vulnerability of the Firefox browser, which allows a malicious individual to execute arbitrary code or trigger a service denial
The Mozilla Firefox browser contains a vulnerability related to memory usage during JavaScript execution when working with the TypeObject class. Exploiting this vulnerability allows malicious actors to execute arbitrary code, resulting in excessive memory consumption during garbage collection...
The vulnerability of the Firefox ESR browser allows a malicious individual to execute arbitrary code or trigger a service failure.
The Mozilla Firefox ESR browser contains a vulnerability related to memory usage during JavaScript execution when working with the TypeObject class. Exploiting this vulnerability allows malicious actors to execute arbitrary code, resulting in excessive memory consumption during garbage collection...
The vulnerability of the Thunderbird email client, which allows a malicious individual to execute arbitrary code or trigger a service failure.
Mozilla Thunderbird’s email client contains a vulnerability related to the use of memory after it is freed in the JavaScript engine when working with the TypeObject class. Exploiting this vulnerability allows malicious actors to execute arbitrary code, resulting in excessive memory consumption...
PHP memory misreference vulnerability (CNVD-2016-04370)
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A memory misreference vulnerability exists in PHP's GC algorithm and unserialize function, which can be exploited by remote attackers to execute...
CVE-2016-5773
phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...
UBUNTU-CVE-2016-5773
phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash...
Adobe Flash - Type Confusion in FileReference Constructor
Adobe Flash - Type Confusion in FileReference Constructor Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=799 There is a type confusion issue in the FileReference constructor. The constructor adds several properties to the constructed object before setting the type and data. If ...
Adobe Flash - Type Confusion in FileReference Constructor
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=799 There is a type confusion issue in the FileReference constructor. The constructor adds several properties to the constructed object before setting the type and data. If a watch...
Adobe Flash - Type Confusion in FileReference Constructor
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=799 There is a type confusion issue in the FileReference constructor. The constructor adds several properties to the constructed object before setting the type and data. If a watch is set on one of these properties, code can be...
CVE-2016-1662
extensions/renderer/gccallback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via unknown vectors...
CVE-2016-1662
extensions/renderer/gccallback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via unknown vectors...
UBUNTU-CVE-2016-1662
extensions/renderer/gccallback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via unknown vectors...
CVE-2016-1662
extensions/renderer/gccallback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via unknown vectors...