Skip to main content

Linux Enterprise Module For Web Scripting

2 CVEs product

Monthly

CVE-2016-4473 CRITICAL POC THREAT Emergency

/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.8%.

Memory Corruption PHP Use After Free RCE Linux Enterprise Module For Web Scripting +1
NVD
CVSS 3.0
9.8
EPSS
16.8%
Threat
4.0
CVE-2015-8866 CRITICAL POC PATCH Act Now

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE PHP Ubuntu Linux Leap Opensuse +2
NVD
CVSS 3.1
9.6
EPSS
3.5%
EPSS 17% 4.0 CVSS 9.8
CRITICAL POC THREAT Emergency

/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.8%.

Memory Corruption PHP Use After Free +3
NVD
EPSS 4% CVSS 9.6
CRITICAL POC PATCH Act Now

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE PHP Ubuntu Linux +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy