The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834.
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing.
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution.
Mozilla Thunderbird 68.1 : Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward.
The host is installed with Oracle Java SE through 11.0.4 or 13 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to 2D. Successful exploitation allows attackers to affect availability.
The host is installed with Oracle MySQL Server through 5.5.51, 5.6.32 or 5.7.14 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Error Handling. Successful exploitation allows attackers to affect Confidentiality, Integrity and Availability.
The host is installed with OpenSSH 5.7 through 8.4 and is prone to an information disclosure vulnerability. A flaw is present in application, which fails to handle algorithm negotiation. Successful exploitation could allows man-in-the-middle attackers to target initial connection attempts.
The host is installed with OpenSSH before 7.4 and is prone to a NULL pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle an issue in sshd. Successful exploitation could allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message.