CVSS: 9.8EPSS: 5%CPEs: 5EXPL: 0CVE-2015-8383 – pcre: Buffer overflow caused by repeated conditional group (8.38/3)
https://notcve.org/view.php?id=CVE-2015-8383
02 Dec 2015 — PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.38 no maneja correctamente ciertos grupos condicionales repetidos, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer) o posiblemente tener otro ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 0CVE-2015-8386 – pcre: Buffer overflow caused by lookbehind assertion (8.38/6)
https://notcve.org/view.php?id=CVE-2015-8386
02 Dec 2015 — PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.38 no maneja correctamente la interacción de aserciones lookbehind y de subpatrones mutuamente recursivos, lo que permite a atacantes remotos causar ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2015-8387 – Ubuntu Security Notice USN-2943-1
https://notcve.org/view.php?id=CVE-2015-8387
02 Dec 2015 — PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.38 no maneja correctamente las llamadas de subrutina (?123) y las llamadas de subrutina relacionadas, lo que permite a atacantes remotos causar una denegación de servicio ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 0CVE-2015-8389 – Ubuntu Security Notice USN-2943-1
https://notcve.org/view.php?id=CVE-2015-8389
02 Dec 2015 — PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.38 no maneja correctamente el patrón /(?:|a|){100}x/ y patrones relacionados, lo que permite a atacantes remotos causar una denegación de servicio (recursión infinita) o pos... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-185: Incorrect Regular Expression •
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 0CVE-2015-8390 – Ubuntu Security Notice USN-2943-1
https://notcve.org/view.php?id=CVE-2015-8390
02 Dec 2015 — PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.38 no maneja correctamente las subcadenas [: and \\ en clases carácter, lo que permite a atacantes remotos causar una denegación de servicio (lectura de memoria no inici... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html • CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 2%CPEs: 24EXPL: 0CVE-2015-8391 – pcre: inefficient posix character class syntax check (8.38/16)
https://notcve.org/view.php?id=CVE-2015-8391
02 Dec 2015 — The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. La función pcre_compile en pcre_compile.c en PCRE en versiones anteriores a 8.38 no maneja correctamente cierta anidación [: , lo que permite a atacantes remotos causar una denegación de servi... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-8393 – Ubuntu Security Notice USN-2943-1
https://notcve.org/view.php?id=CVE-2015-8393
02 Dec 2015 — pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client. pcregrep en PCRE en versiones anteriores a 8.38 no maneja correctamente la opción -q para archivos binarios, lo que podría permitir a atacantes remotos obtener información sensible a través de un archivo manipulado, según lo demostrado por una secuencia de comandos CGI que envía datos... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2015-8394 – Ubuntu Security Notice USN-2943-1
https://notcve.org/view.php?id=CVE-2015-8394
02 Dec 2015 — PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.38 no maneja correctamente las condiciones (?() y (? • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 2CVE-2007-1287 – PHP 4.4.3 < 4.4.6 - 'PHPinfo()' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1287
06 Mar 2007 — A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388. Un error de regresión en la función phpinfo de PHP 4.4.3 a 4.4.6, y PHP 6.0 en CVS, permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) mediante valores en los vectores GET, POST, o CO... • https://www.exploit-db.com/exploits/3405 •
CVSS: 9.3EPSS: 2%CPEs: 85EXPL: 0CVE-2006-3017
https://notcve.org/view.php?id=CVE-2006-3017
14 Jun 2006 — zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U •