CVSS: 9.8EPSS: 1%CPEs: 17EXPL: 2CVE-2015-2301 – php: use after free in phar_object.c
https://notcve.org/view.php?id=CVE-2015-2301
19 Mar 2015 — Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file. Vulnerabilidad de uso después de liberación en la función phar_rename_archive en phar_object.c en PHP anterior a 5.5.22 y 5.6.x anterior a 5.6.6 permite a atacantes remotos causar una denegació... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=b2cf3f064b8f5efef89bb084521b61318c71781b • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 1CVE-2015-2305 – regex: heap overflow in regcomp() on 32-bit architectures
https://notcve.org/view.php?id=CVE-2015-2305
19 Mar 2015 — Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow. Desbordamiento de enteros en la implementación regcomp en la librería Henry Spencer BSD regex (también conocido como rxspencer) alpha3.8.g5 en las plataformas de 32 bits, utilizado en ... • http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 94%CPEs: 49EXPL: 3CVE-2015-0273 – PHP DateTime - Use-After-Free
https://notcve.org/view.php?id=CVE-2015-0273
20 Feb 2015 — Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function. Múltiples vulnerabilidades de uso después de liberación en ext/date/php_date.c en PHP anterior a 5... • https://packetstorm.news/files/id/130471 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 1CVE-2015-1351 – php: use after free in opcache extension
https://notcve.org/view.php?id=CVE-2015-1351
17 Feb 2015 — Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación en la función _zend_shared_memdup en zend_shared_alloc.c en la extensión OPcache en PHP hasta 5.6.7 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a trav... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=777c39f4042327eac4b63c7ee87dc1c7a09a3115 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 8%CPEs: 48EXPL: 0CVE-2014-9652 – file: out of bounds read in mconvert()
https://notcve.org/view.php?id=CVE-2014-9652
17 Feb 2015 — The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. La función mconvert en softmagic.c en file anterior a 5.21, utilizado en el componente Fileinfo en PHP an... • http://bugs.gw.com/view.php?id=398 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 19%CPEs: 4EXPL: 1CVE-2015-1352 – php: NULL pointer dereference in pgsql extension
https://notcve.org/view.php?id=CVE-2015-1352
17 Feb 2015 — The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. La función build_tablename en pgsql.c en la extensión PostgreSQL (también conocido como pgsql) en PHP hasta 5.6.7 no valida la extracción de tokens para nombres de tablas, lo que permite a atacantes remotos causar una denegación de... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=124fb22a13fafa3648e4e15b4f207c7096d8155e • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 69%CPEs: 84EXPL: 2CVE-2015-0231 – php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
https://notcve.org/view.php?id=CVE-2015-0231
27 Jan 2015 — Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. Vulnerabilidad del uso después de liberación en la función process_nested_da... • https://github.com/3xp10it/php_cve-2014-8142_cve-2015-0231 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 87%CPEs: 84EXPL: 1CVE-2015-0232 – php: Free called on unitialized pointer in exif.c
https://notcve.org/view.php?id=CVE-2015-0232
27 Jan 2015 — The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. La función exif_process_unicode en ext/exif/exif.c en PHP anterior a 5.4.37, 5.5.x anterior a 5.5.21, y 5.6.x anterior a 5.6.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (liber... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-822: Untrusted Pointer Dereference •
CVSS: 10.0EPSS: 97%CPEs: 33EXPL: 39CVE-2015-0235 – Exim ESMTP 4.80 - glibc gethostbyname Denial of Service
https://notcve.org/view.php?id=CVE-2015-0235
27 Jan 2015 — Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." Desbordamiento de buffer basado en memoria dinámica en la función __nss_hostname_digits_dots en glibc 2.2, y otras versiones 2.x anteriores a 2.18, permite a atacantes dependientes de contexto ejecutar código arbitrario a través de vectores ... • https://packetstorm.news/files/id/181060 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 13%CPEs: 205EXPL: 1CVE-2014-9427 – php: out of bounds read when parsing a crafted .php file
https://notcve.org/view.php?id=CVE-2014-9427
03 Jan 2015 — sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code exec... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •