CVSS: 7.5EPSS: 0%CPEs: 35EXPL: 1CVE-2015-8865 – file: Buffer over-write in finfo_open with malformed magic file
https://notcve.org/view.php?id=CVE-2015-8865
28 Apr 2016 — The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file. La función file_check_mem en funcs.c en file en versiones anteriores a 5.23, cómo se utiliza en el componente Fileinfo en PHP en versiones anteri... • http://bugs.gw.com/view.php?id=522 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 24%CPEs: 34EXPL: 1CVE-2016-4070 – php: Integer overflow in php_raw_url_encode
https://notcve.org/view.php?id=CVE-2016-4070
28 Apr 2016 — Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not). ** EN DISPUTA ** Desbordamiento de entero en la función php_raw_url_encode en ext/styard/url.c en PHP en versiones anteriores a 5.5.34, 5.6.x en versiones anteriores a 5... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 6%CPEs: 79EXPL: 0CVE-2016-4072 – php: Invalid memory write in phar on filename containing \0 inside name
https://notcve.org/view.php?id=CVE-2016-4072
28 Apr 2016 — The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c. La extensión Phar en PHP en versiones anteriores a 5.5.34, 5.6.x en versiones anteriores a 5.6.20 y 7.x en versiones anteriores a 7.0.5 permite a atacantes remotos ejecutar código arbitrario a través del nombre de un archivo manipulado, como se demuestr... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 4%CPEs: 76EXPL: 1CVE-2016-4073 – php: mb_strcut() Negative size parameter in memcpy
https://notcve.org/view.php?id=CVE-2016-4073
28 Apr 2016 — Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call. Múltiples desbordamientos de entero en la función mbfl_strcut en ext/mbstreng/libmbfl/mbfl/mbfilter.c en PHP en versiones anteriores a 5.5.34, 5.6.x en versiones anteriores a 5.6.20 y 7.x en versiones anteriores a 7.... • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 59%CPEs: 79EXPL: 2CVE-2016-4071 – PHP 5.5.33/7.0.4 - SNMP Format String
https://notcve.org/view.php?id=CVE-2016-4071
28 Apr 2016 — Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call. Vulnerabilidad de formato de cadena en la función php_snmp_erro en ext/snmp/snmp.c en PHP en versiones anteriores a 5.5.34, 5.6.x en versiones anteriores a 5.6.20 y 7.x en versiones anteriores a 7.0.5 permite a atacantes remotos ejecutar código arbitrario a través de e... • https://www.exploit-db.com/exploits/39645 • CWE-20: Improper Input Validation CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.3EPSS: 0%CPEs: 41EXPL: 2CVE-2014-9767 – php: ZipArchive:: extractTo allows for directory traversal when creating directories
https://notcve.org/view.php?id=CVE-2014-9767
21 Apr 2016 — Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive. Vulnerabilidad de salto de directorio en la función ZipArchive::extractTo en ext/zip/php_zip.c en PHP en versiones anteriores a 5.4.45, 5.5.x en versiones anteriores a 5.5.29 y 5.6.x en versiones anteriores a 5.6.13 y... • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 29%CPEs: 13EXPL: 5CVE-2016-3074 – libgd 2.1.1 - Signedness Heap Overflow
https://notcve.org/view.php?id=CVE-2016-3074
21 Apr 2016 — Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. Error de entero sin signo en GD Graphics Library 2.1.1 (también conocida como libgd o libgd2) permite a atacantes remotos provocar una denegación de servicio (caída) o potencialmente ejecutar código arbitrario a través de datos gd2 comprimidos manipulados, lo... • https://packetstorm.news/files/id/140537 • CWE-122: Heap-based Buffer Overflow CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 7.1EPSS: 0%CPEs: 65EXPL: 0CVE-2016-3185 – Ubuntu Security Notice USN-2952-1
https://notcve.org/view.php?id=CVE-2016-3185
21 Apr 2016 — The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c. La función make_http_soap_request en ext/soap/php_http.c en PHP en versiones anteriores a 5.5.44, 5.5.x en versiones anterior... • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 8%CPEs: 30EXPL: 1CVE-2016-2554 – php: buffer overflow in handling of long link names in tar phar archives
https://notcve.org/view.php?id=CVE-2016-2554
21 Apr 2016 — Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive. Desbordamiento de buffer basado en pila en ext/phar/tar.c en PHP en versiones anteriores a 5.5.32, 5.6.x en versiones anteriores a 5.6.18 y 7.x en versiones anteriores a 7.0.3 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación... • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 8.1EPSS: 2%CPEs: 102EXPL: 0CVE-2016-3171
https://notcve.org/view.php?id=CVE-2016-3171
12 Apr 2016 — Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation. Drupal 6.x en versiones anteriores a 6.38, cuando se utiliza con PHP en versiones anteriores a 5.4.45, 5.5.x en versiones anteriores a 5.5.29 o 5.6.x en versiones anteriores a 5.6.13, podría permitir a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con el truncado de datos ... • http://www.debian.org/security/2016/dsa-3498 • CWE-19: Data Processing Errors •