CVSS: 9.1EPSS: 73%CPEs: 5EXPL: 0CVE-2014-3515 – php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw
https://notcve.org/view.php?id=CVE-2014-3515
09 Jul 2014 — The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage. El componente SPL en PHP anterior a 5.4.30 y 5.5.x anterior a 5.5.14 anticipa incorrectamente que ciertas estructuras de datos tendrán el tip... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88223c5245e9b470e1e6362bfd96829562ffe6ab • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 1CVE-2014-4721 – php: type confusion issue in phpinfo() leading to information leak
https://notcve.org/view.php?id=CVE-2014-4721
06 Jul 2014 — The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_... • http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 6.2EPSS: 1%CPEs: 23EXPL: 4CVE-2014-3538 – file: unrestricted regular expression matching
https://notcve.org/view.php?id=CVE-2014-3538
03 Jul 2014 — file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345. file anterior a 5.19 no restringe debidamente la cantidad de datos leídos durante una búsqueda regex, lo que permite a atacantes remotos causar una denegación de servicio (consumo de C... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 94%CPEs: 14EXPL: 0CVE-2014-4049 – php: heap-based buffer overflow in DNS TXT record parsing
https://notcve.org/view.php?id=CVE-2014-4049
17 Jun 2014 — Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function. Desbordamiento de buffer basado en memoria dinámica en la función php_parserr en ext/standard/dns.c en PHP 5.6.0beta4 y anteriores permite a servidores remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitra... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-3981 – HP Security Bulletin HPSBUX03150 SSRT101681
https://notcve.org/view.php?id=CVE-2014-3981
08 Jun 2014 — acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. acinclude.m4, utilizado en la secuencia de comandos de configuración en PHP 5.5.13 y anteriores, permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico sobre el archivo /tmp/phpglibccheck. Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomca... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=91bcadd85e20e50d3f8c2e9721327681640e6f16 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.1EPSS: 4%CPEs: 5EXPL: 0CVE-2014-0238 – file: CDF property info parsing nelements infinite loop
https://notcve.org/view.php?id=CVE-2014-0238
01 Jun 2014 — The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long. La función cdf_read_property_info en cdf.c en el componente Fileinfo en PHP anterior a 5.4.29 y 5.5.x anterior a 5.5.13 permite a atacantes remotos causar una denegación de servicio (bucle infinito o acceso a memoria fuera de rango) a tra... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.1EPSS: 4%CPEs: 5EXPL: 0CVE-2014-0237 – file: cdf_unpack_summary_info() excessive looping DoS
https://notcve.org/view.php?id=CVE-2014-0237
01 Jun 2014 — The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls. La función cdf_unpack_summary_info en cdf.c en el componente Fileinfo en PHP anterior a 5.4.29 y 5.5.x anterior a 5.5.13 permite a atacantes remotos causar una denegación de servicio (degradación de rendimiento) mediante la provocación de muchas llamadas file_printf. A denial o... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html • CWE-399: Resource Management Errors CWE-407: Inefficient Algorithmic Complexity •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2014-0185 – Ubuntu Security Notice USN-2254-2
https://notcve.org/view.php?id=CVE-2014-0185
06 May 2014 — sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client. sapi/fpm/fpm/fpm_unix.c en FastCGI Process Manager (FPM) en PHP anterior a 5.4.28 y 5.5.x anterior a 5.5.12 utiliza permisos 0666 para el socket UNIX, lo que permite a usuarios locales ganar privilegios a través de un cliente FastCGI manipulado. USN-2254-1 fixed vulnerabilities in PHP. Th... • http://lists.opensuse.org/opensuse-updates/2015-10/msg00012.html • CWE-269: Improper Privilege Management •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 2CVE-2013-7345 – file: extensive backtracking in awk rule regular expression
https://notcve.org/view.php?id=CVE-2013-7345
23 Mar 2014 — The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters. La expresión regular BEGIN en el detector de script de awk en el archivo magic/Magdir/commands anterior a 5.15 utiliza múltiples comodines con ... • http://bugs.gw.com/view.php?id=164 • CWE-407: Inefficient Algorithmic Complexity •
CVSS: 6.5EPSS: 0%CPEs: 32EXPL: 1CVE-2014-2497 – gd: NULL pointer dereference in gdImageCreateFromXpm()
https://notcve.org/view.php?id=CVE-2014-2497
21 Mar 2014 — The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. La función gdImageCreateFromXpm en gdxpm.c en libgd, utilizado en PHP 5.4.26 y anteriores, permite a atacantes remotos causar una denegación de servicio (referencia a puntero cero y caída de aplicación) a través de una tabla de color manipulada en un archivo XPM. A NULL pointer... • http://advisories.mageia.org/MGASA-2014-0288.html • CWE-476: NULL Pointer Dereference •