Skip to main content
CVE-2017-5340 CRITICAL POC PATCH Act Now

Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow RCE PHP Denial Of Service Clustered Data Ontap
NVD GitHub
CVSS 3.1
9.8
EPSS
7.1%
CVE-2016-7480 CRITICAL POC PATCH Act Now

The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Denial Of Service PHP Buffer Overflow RCE +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2017-5209 CRITICAL PATCH Act Now

The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Apple Buffer Overflow Libplist
NVD GitHub
CVSS 3.0
9.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy