CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2016-1904
https://notcve.org/view.php?id=CVE-2016-1904
19 Jan 2016 — Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow. Múltiples desbordamientos de entero en ext/standard/exec.c en PHP 7.x en versiones anteriores a 7.0.2 permiten a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado ... • http://www.openwall.com/lists/oss-security/2016/01/14/8 • CWE-189: Numeric Errors •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2015-8616
https://notcve.org/view.php?id=CVE-2015-8616
19 Jan 2016 — Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging the relationships between a key buffer and a destroyed array. Vulnerabilidad de uso después de liberación de memoria en la función Collator::sortWithSortKeys en ext/intl/collator/collator_sort.c en PHP 7.x en versiones anteriores a 7.0.1 permite a at... • http://php.net/ChangeLog-7.php •
CVSS: 10.0EPSS: 34%CPEs: 1EXPL: 2CVE-2015-8617 – PHP 7.0.0 - Format String
https://notcve.org/view.php?id=CVE-2015-8617
19 Jan 2016 — Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling. Vulnerabilidad de formato de cadena en la función zend_throw_or_error en Zend/zend_execute_API.c en PHP 7.x en versiones anteriores a 7.0.1 permite a atacantes remotos ejecutar código arbitrario a través de especificadores de formato de... • https://www.exploit-db.com/exploits/39082 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 3%CPEs: 7EXPL: 1CVE-2016-1283 – pcre: heap buffer overflow in handling of duplicate named groups (8.39/14)
https://notcve.org/view.php?id=CVE-2016-1283
03 Jan 2016 — The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(? • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 0CVE-2015-8383 – pcre: Buffer overflow caused by repeated conditional group (8.38/3)
https://notcve.org/view.php?id=CVE-2015-8383
02 Dec 2015 — PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.38 no maneja correctamente ciertos grupos condicionales repetidos, lo que permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer) o posiblemente tener otro ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 6%CPEs: 6EXPL: 0CVE-2015-8386 – pcre: Buffer overflow caused by lookbehind assertion (8.38/6)
https://notcve.org/view.php?id=CVE-2015-8386
02 Dec 2015 — PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.38 no maneja correctamente la interacción de aserciones lookbehind y de subpatrones mutuamente recursivos, lo que permite a atacantes remotos causar ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2015-8387 – Ubuntu Security Notice USN-2943-1
https://notcve.org/view.php?id=CVE-2015-8387
02 Dec 2015 — PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.38 no maneja correctamente las llamadas de subrutina (?123) y las llamadas de subrutina relacionadas, lo que permite a atacantes remotos causar una denegación de servicio ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 0CVE-2015-8389 – Ubuntu Security Notice USN-2943-1
https://notcve.org/view.php?id=CVE-2015-8389
02 Dec 2015 — PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.38 no maneja correctamente el patrón /(?:|a|){100}x/ y patrones relacionados, lo que permite a atacantes remotos causar una denegación de servicio (recursión infinita) o pos... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-185: Incorrect Regular Expression •
CVSS: 9.8EPSS: 3%CPEs: 5EXPL: 0CVE-2015-8390 – Ubuntu Security Notice USN-2943-1
https://notcve.org/view.php?id=CVE-2015-8390
02 Dec 2015 — PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. PCRE en versiones anteriores a 8.38 no maneja correctamente las subcadenas [: and \\ en clases carácter, lo que permite a atacantes remotos causar una denegación de servicio (lectura de memoria no inici... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html • CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 9%CPEs: 24EXPL: 0CVE-2015-8391 – pcre: inefficient posix character class syntax check (8.38/16)
https://notcve.org/view.php?id=CVE-2015-8391
02 Dec 2015 — The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. La función pcre_compile en pcre_compile.c en PCRE en versiones anteriores a 8.38 no maneja correctamente cierta anidación [: , lo que permite a atacantes remotos causar una denegación de servi... • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174931.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-407: Inefficient Algorithmic Complexity •