NVD List
Id | Name | Description | Reject | CVSS Version | CVSS Score | Severity | Pub Date | Modified Date | Actions |
---|---|---|---|---|---|---|---|---|---|
19775 | CVE-2016-4072 | The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of characters by the phar_analyze_path function in ext/phar/phar.c. | 2 | 7.5 | High | 2017-01-19 | 2016-11-30 | View | |
19774 | CVE-2016-4071 | Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call. | 2 | 7.5 | High | 2017-01-19 | 2016-11-30 | View | |
19773 | CVE-2016-4070 | ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not)." | 2 | 5 | Medium | 2017-01-19 | 2016-11-30 | View | |
19772 | CVE-2016-4069 | Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors. | 2 | 6.8 | Medium | 2017-01-19 | 2016-11-28 | View | |
85301 | CVE-2016-4068 | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864. | 2 | 4.3 | Medium | 2017-04-27 | 2017-04-19 | View |
Page 1788 of 17672, showing 5 records out of 88360 total, starting on record 8936, ending on 8940