CVSS: 9.8EPSS: 8%CPEs: 48EXPL: 0CVE-2014-9652 – file: out of bounds read in mconvert()
https://notcve.org/view.php?id=CVE-2014-9652
17 Feb 2015 — The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. La función mconvert en softmagic.c en file anterior a 5.21, utilizado en el componente Fileinfo en PHP an... • http://bugs.gw.com/view.php?id=398 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 19%CPEs: 4EXPL: 1CVE-2015-1352 – php: NULL pointer dereference in pgsql extension
https://notcve.org/view.php?id=CVE-2015-1352
17 Feb 2015 — The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. La función build_tablename en pgsql.c en la extensión PostgreSQL (también conocido como pgsql) en PHP hasta 5.6.7 no valida la extracción de tokens para nombres de tablas, lo que permite a atacantes remotos causar una denegación de... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=124fb22a13fafa3648e4e15b4f207c7096d8155e • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 69%CPEs: 84EXPL: 2CVE-2015-0231 – php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
https://notcve.org/view.php?id=CVE-2015-0231
27 Jan 2015 — Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. Vulnerabilidad del uso después de liberación en la función process_nested_da... • https://github.com/3xp10it/php_cve-2014-8142_cve-2015-0231 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 87%CPEs: 84EXPL: 1CVE-2015-0232 – php: Free called on unitialized pointer in exif.c
https://notcve.org/view.php?id=CVE-2015-0232
27 Jan 2015 — The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. La función exif_process_unicode en ext/exif/exif.c en PHP anterior a 5.4.37, 5.5.x anterior a 5.5.21, y 5.6.x anterior a 5.6.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (liber... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-822: Untrusted Pointer Dereference •
CVSS: 9.8EPSS: 13%CPEs: 205EXPL: 1CVE-2014-9427 – php: out of bounds read when parsing a crafted .php file
https://notcve.org/view.php?id=CVE-2014-9427
03 Jan 2015 — sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code exec... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9426
https://notcve.org/view.php?id=CVE-2014-9426
31 Dec 2014 — The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable ** DISPUTADA ** La función apprentice_load en libmagic/apprentic... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=a72cd07f2983dc43a6bb35209dc4687852e53c09 • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0CVE-2014-9425 – php: Double-free in zend_ts_hash_graceful_destroy()
https://notcve.org/view.php?id=CVE-2014-9425
31 Dec 2014 — Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de doble liberación en la función zend_ts_hash_graceful_destroy en zend_ts_hash.c en Zend Engine en PHP hasta 5.5.20 y 5.6.x hasta 5.6.4 permite a atacantes remotos causar una denegación de servicio o la posibilidad de tener o... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 79%CPEs: 46EXPL: 2CVE-2014-8142 – php: use after free vulnerability in unserialize()
https://notcve.org/view.php?id=CVE-2014-8142
20 Dec 2014 — Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019. Vulnerabilidad de uso después de liberación en la función process_nested_data en core/dom/ProcessingInstruction.cpp en e... • https://github.com/3xp10it/php_cve-2014-8142_cve-2015-0231 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 6%CPEs: 7EXPL: 1CVE-2014-8626 – php: xmlrpc ISO8601 date format parsing buffer overflow
https://notcve.org/view.php?id=CVE-2014-8626
07 Nov 2014 — Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding. Desbordamiento de buffer basado en memoria dinámica en la función date_from_ISO8601 en ext/xmlrpc/libxmlrpc/xmlrpc.c en PHP anterior a 5.2.7 permite a atacantes remotos causar una denegación de servicio (caída ... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c818d0d01341907fee82bdb81cab07b7d93bb9db • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 11%CPEs: 70EXPL: 1CVE-2014-3668 – php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
https://notcve.org/view.php?id=CVE-2014-3668
29 Oct 2014 — Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation. Desbordamiento de buffer en la función date_from_ISO8601 en la implementación mk... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88412772d295ebf7dd34409534507dc9bcac726e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •