Page 18 of 252 results (0.013 seconds)

CVSS: 9.8EPSS: 2%CPEs: 40EXPL: 1

CVE-2016-6296 – php: Heap buffer overflow vulnerability in simplestring_addn in simplestring.c

https://notcve.org/view.php?id=CVE-2016-6296

Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a long first argument to the PHP xmlrpc_encode_request function. Error de firma de entero en la función simplestring_addn en simplestring.c en xmlrpc-epi hasta la versión 0.54.2, tal como se utiliza en PHP en versiones anteriores a 5.5.38, 5.6.x en versiones anteriores a 5.6.24 y 7.x en versiones anteriores a 7.0.9, permite a atacantes remotos provocar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica) o posiblemente tener otro impacto no especificado a través de un primer argumento largo para la función xmlrpc_encode_request de PHP. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=e6c48213c22ed50b2b987b479fcc1ac709394caa http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://openwall.com/lists/oss-security/2016/07/24/2 http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3631 http://www.securityfocus.com/bid/92095 http://www.securitytracker.com/id/1036430 http://www.ubuntu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0

CVE-2016-6288 – php: Buffer over-read in php_url_parse_ex

https://notcve.org/view.php?id=CVE-2016-6288

The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type. La función php_url_parse_ex en ext/standard/url.c en PHP en versiones anteriores a 5.5.38 permite a atacantes remotos provocar una denegación de servicio (sobrelectura de buffer) o posiblemente tener otro impacto no especificado a través de vectores que involucran el tipo de datos smart_str. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=629e4da7cc8b174acdeab84969cbfc606a019b31 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://openwall.com/lists/oss-security/2016/07/24/2 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.securityfocus.com/bid/92111 http://www.securitytracker.com/id/1036430 https://bugs.php.net/70480 https://support.apple.com/HT207170 https://access.redhat.com/security/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 3%CPEs: 40EXPL: 0

CVE-2016-6290 – php: Use after free in unserialize() with Unexpected Session Deserialization

https://notcve.org/view.php?id=CVE-2016-6290

ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization. ext/session/session.c en PHP en versiones anteriores a 5.5.38, 5.6.x en versiones anteriores a 5.6.24 y 7.x en versiones anteriores a 7.0.9 no mantiene correctamente una determinada estructura de datos hash, lo que permite a atacantes remotos provocar una denegación de servicio (uso después de liberación) o posiblemente tener otro impacto no especificado a través de vectores relacionados con deserialización de sesión. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=3798eb6fd5dddb211b01d41495072fd9858d4e32 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://openwall.com/lists/oss-security/2016/07/24/2 http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3631 http://www.securityfocus.com/bid/92097 http://www.securitytracker.com/id/1036430 https://bugs.php& • CWE-416: Use After Free •

CVSS: 9.8EPSS: 2%CPEs: 40EXPL: 1

CVE-2016-6295 – php: Use after free in SNMP with GC and unserialize()

https://notcve.org/view.php?id=CVE-2016-6295

ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773. ext/snmp/snmp.c en PHP en versiones anteriores a 5.5.38, 5.6.x en versiones anteriores a 5.6.24 y 7.x en versiones anteriores a 7.0.9 no interactúa correctamente con la implementación no serializada y la recolección de basura, lo que permite a atacantes remotos provocar una denegación de servicio (uso después de liberación y caída de aplicación) o posiblemente tener otro impacto no especificado a través de datos serializados, un problema relacionado con CVE-2016-5773. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=cab1c3b3708eead315e033359d07049b23b147a3 http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://openwall.com/lists/oss-security/2016/07/24/2 http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3631 http://www.securityfocus.com/bid/92094 http://www.securitytracker.com/id/1036430 https://bugs.php& • CWE-416: Use After Free •

CVSS: 6.5EPSS: 2%CPEs: 6EXPL: 0

CVE-2016-6207 – php,gd: Integer overflow error within _gdContributionsAlloc()

https://notcve.org/view.php?id=CVE-2016-6207

Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors. Desbordamiento de entero en la función _gdContributionsAlloc en gd_interpolation.c en GD Graphics Library (también conocida como libgd) en versiones anteriores a 2.2.3 permite a atacantes remotos causar una denegación de servicio (escritura de memoria fuera de límites o consumo de memoria) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html http://packetstormsecurity.com/files/138174/LibGD-2.2.2-Integer-Overflow-Denial-Of-Service.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3630 http://www.securityfocus.com/archive/1/539100/100/0/threaded http://www.securityfocus.com/bid/92080 http://www.securitytracker.com/id/1036535 http://www.ubuntu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •