CVSS: 9.8EPSS: 69%CPEs: 84EXPL: 2CVE-2015-0231 – php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
https://notcve.org/view.php?id=CVE-2015-0231
27 Jan 2015 — Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. Vulnerabilidad del uso después de liberación en la función process_nested_da... • https://github.com/3xp10it/php_cve-2014-8142_cve-2015-0231 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 87%CPEs: 84EXPL: 1CVE-2015-0232 – php: Free called on unitialized pointer in exif.c
https://notcve.org/view.php?id=CVE-2015-0232
27 Jan 2015 — The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. La función exif_process_unicode en ext/exif/exif.c en PHP anterior a 5.4.37, 5.5.x anterior a 5.5.21, y 5.6.x anterior a 5.6.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (liber... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-822: Untrusted Pointer Dereference •
CVSS: 10.0EPSS: 97%CPEs: 33EXPL: 39CVE-2015-0235 – Exim ESMTP 4.80 - glibc gethostbyname Denial of Service
https://notcve.org/view.php?id=CVE-2015-0235
27 Jan 2015 — Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." Desbordamiento de buffer basado en memoria dinámica en la función __nss_hostname_digits_dots en glibc 2.2, y otras versiones 2.x anteriores a 2.18, permite a atacantes dependientes de contexto ejecutar código arbitrario a través de vectores ... • https://packetstorm.news/files/id/181060 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 13%CPEs: 205EXPL: 1CVE-2014-9427 – php: out of bounds read when parsing a crafted .php file
https://notcve.org/view.php?id=CVE-2014-9427
03 Jan 2015 — sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code exec... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9426
https://notcve.org/view.php?id=CVE-2014-9426
31 Dec 2014 — The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable ** DISPUTADA ** La función apprentice_load en libmagic/apprentic... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=a72cd07f2983dc43a6bb35209dc4687852e53c09 • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0CVE-2014-9425 – php: Double-free in zend_ts_hash_graceful_destroy()
https://notcve.org/view.php?id=CVE-2014-9425
31 Dec 2014 — Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de doble liberación en la función zend_ts_hash_graceful_destroy en zend_ts_hash.c en Zend Engine en PHP hasta 5.5.20 y 5.6.x hasta 5.6.4 permite a atacantes remotos causar una denegación de servicio o la posibilidad de tener o... • http://advisories.mageia.org/MGASA-2015-0040.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 79%CPEs: 46EXPL: 2CVE-2014-8142 – php: use after free vulnerability in unserialize()
https://notcve.org/view.php?id=CVE-2014-8142
20 Dec 2014 — Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019. Vulnerabilidad de uso después de liberación en la función process_nested_data en core/dom/ProcessingInstruction.cpp en e... • https://github.com/3xp10it/php_cve-2014-8142_cve-2015-0231 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 6%CPEs: 7EXPL: 1CVE-2014-8626 – php: xmlrpc ISO8601 date format parsing buffer overflow
https://notcve.org/view.php?id=CVE-2014-8626
07 Nov 2014 — Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding. Desbordamiento de buffer basado en memoria dinámica en la función date_from_ISO8601 en ext/xmlrpc/libxmlrpc/xmlrpc.c en PHP anterior a 5.2.7 permite a atacantes remotos causar una denegación de servicio (caída ... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=c818d0d01341907fee82bdb81cab07b7d93bb9db • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 9%CPEs: 9EXPL: 0CVE-2014-3710 – file: out-of-bounds read in elf note headers
https://notcve.org/view.php?id=CVE-2014-3710
30 Oct 2014 — The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. La función donote en readelf.c en file hasta 5.20, utilizado en el componente Fileinfo en PHP 5.4.34, no asegura que suficientes cabeceras de notas están presentes, lo que permite a atacantes remotos causar una denegación de... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1803228597e82218a8c105e67975bc50e6f5bf0d • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 11%CPEs: 70EXPL: 1CVE-2014-3668 – php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()
https://notcve.org/view.php?id=CVE-2014-3668
29 Oct 2014 — Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation. Desbordamiento de buffer en la función date_from_ISO8601 en la implementación mk... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=88412772d295ebf7dd34409534507dc9bcac726e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •