CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 1CVE-2015-4643 – php: integer overflow in ftp_genlist() resulting in heap overflow (improved fix for CVE-2015-4022)
https://notcve.org/view.php?id=CVE-2015-4643
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022. Desbordamiento de entero en la función ftp_genlist en ext/ftp/ftp.c en PHP en versiones anteriores a 5.4.42, 5.5.x en versiones anteriores a 5.5.26 y 5.6.x en versiones anteriores a 5.6.10 permite a servidores FTP remotos ejecutar código arbitrario a través de una respuesta larga para un comando LIST, encabezando un desbordamiento de buffer basado en memoria dinámica. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-4022. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 http://openwall.com/lists/oss-security/2015/06/18/6 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015-1186.html http://rhn.redhat.com/errata/RHSA-2015-1187.html http://rhn.redhat.com/errata/RHSA-2015-1218.html http://www.debian.org/security/2015/dsa-3344 http://www.oracle.com/technetwork/topics/security/lin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 5.0EPSS: 71%CPEs: 65EXPL: 1CVE-2015-4024 – php: multipart/form-data request parsing CPU usage DoS
https://notcve.org/view.php?id=CVE-2015-4024
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. Vulnerabilidad de complejidad algorítmica en la función multipart_buffer_headers en main/rfc1867.c en PHP anterior a 5.4.41, 5.5.x anterior a 5.5.25, y 5.6.x anterior a 5.6.9 permiten a atacantes remotos causar una denegación de servicio (consumo de CPU) a través de datos de formularios manipulados que provocan un resultado de orden de crecimiento incorrecto. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158616.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158915.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/159031.html http://lists.opensuse.org/opensuse-updates/2015-06/msg00002.html http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1135.html http://rhn.redhat.com/errata/RHSA-2015&# • CWE-399: Resource Management Errors CWE-407: Inefficient Algorithmic Complexity •
CVSS: 6.8EPSS: 5%CPEs: 61EXPL: 1CVE-2015-3330 – php: pipelined request executed in deinitialized interpreter under httpd 2.4
https://notcve.org/view.php?id=CVE-2015-3330
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter." La función php_handler en sapi/apache2handler/sapi_apache2.c en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8, cuando Apache HTTP Server 2.4.x está utilizado, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de solicitudes HTTP segmentadas que resultan en un 'interprete desconfigurado.' A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=809610f5ea38a83b284e1125d1fff129bdd615e7 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html http://openwall.com/lists/oss-security/2015/04/17/7 http://php.net/ChangeLog-5.php http://rhn.redhat.com&# • CWE-20: Improper Input Validation CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 71%CPEs: 67EXPL: 1CVE-2015-3329 – php: buffer overflow in phar_set_inode()
https://notcve.org/view.php?id=CVE-2015-3329
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. Múltiples desbordamientos de buffer basado en pila en la función phar_set_inode en phar_internal.h en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8 permiten a atacantes remotos ejecutar código arbitrario a través de un valor de longitud manipulado en un archivo (1) tar, (2) phar, o (3) ZIP. A buffer overflow flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f59b67ae50064560d7bfcdb0d6a8ab284179053c http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1066.html http://rhn.redhat.com/errata& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 1CVE-2013-7421 – kernel: crypto api unprivileged arbitrary module load via request_module()
https://notcve.org/view.php?id=CVE-2013-7421
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. La API Crypto en el kernel de Linux anterior a 3.18.5 permite a usuarios locales cargar módulos del kernel arbitrarios a través de una llamada al sistema de enlaces para un socket AF_ALG con un nombre de módulo en el campo salg_name, una vulnerabilidad diferente a CVE-2014-9644. A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d26a105b5a73e5635eae0629b42fa0a90e07b7b http://rhn.redhat.com/errata/RHSA-2016-0068.html http://www.debian.org/security/2015/dsa-3170 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5 http://www.mandriva.com/security/advisories?name=MDVSA-2015:057 http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 http://www.openwall.com/lists/oss-security/2015/01/24/4 http://www. • CWE-269: Improper Privilege Management CWE-749: Exposed Dangerous Method or Function •