CVSS: 9.8EPSS: 49%CPEs: 79EXPL: 2CVE-2016-4071 – PHP 5.5.33/7.0.4 - SNMP Format String
https://notcve.org/view.php?id=CVE-2016-4071
Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call. Vulnerabilidad de formato de cadena en la función php_snmp_erro en ext/snmp/snmp.c en PHP en versiones anteriores a 5.5.34, 5.6.x en versiones anteriores a 5.6.20 y 7.x en versiones anteriores a 7.0.5 permite a atacantes remotos ejecutar código arbitrario a través de especificadores de formato de cadena en una llamada SNMP::get. • https://www.exploit-db.com/exploits/39645 http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3560 http://www.openwall.com/lists/oss-security/2016/04/2 • CWE-20: Improper Input Validation CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 4%CPEs: 76EXPL: 1CVE-2016-4073 – php: mb_strcut() Negative size parameter in memcpy
https://notcve.org/view.php?id=CVE-2016-4073
Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call. Múltiples desbordamientos de entero en la función mbfl_strcut en ext/mbstreng/libmbfl/mbfl/mbfilter.c en PHP en versiones anteriores a 5.5.34, 5.6.x en versiones anteriores a 5.6.20 y 7.x en versiones anteriores a 7.0.5 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de una llamada mb_strcut manipulada. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00056.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3560 http://www.openwall.com/lists/oss-security/2016/04/24/1 http://www.php.net/ChangeLog-5.php • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 6%CPEs: 21EXPL: 1CVE-2016-3141 – php: Use after free in WDDX Deserialize when processing XML data
https://notcve.org/view.php?id=CVE-2016-3141
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. Vulnerabilidad de uso después de liberación de memoria en wddx.c en la extensión WDDX en PHP en versiones anteriores a 5.5.33 y 5.6.x en versiones anteriores a 5.6.19 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente tener otro impacto no especificado desencadenando una llamada wddx_deserialize sobre datos XML que contienen un elemento var manipulado. • https://github.com/peternguyen93/CVE-2016-3141 http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=b1bd4119bcafab6f9a8f84d92cd65eec3afeface http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 8.2EPSS: 11%CPEs: 21EXPL: 0CVE-2016-3142 – php: Out-of-bounds read in phar_parse_zipfile()
https://notcve.org/view.php?id=CVE-2016-3142
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location. La función phar_parse_zipfile en zip.c en la extensión PHAR en PHP en versiones anteriores a 5.5.33 y 5.6.x en versiones anteriores a 5.6.19 permite a atacantes remotos obtener información sensible de la memoria de proceso o causar una denegación de servicio (lectura fuera de rango y cáida de aplicación) colocando una firma PK\x05\x06 en una localización no válida. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.securitytracker.com/id/1035255 http://www.ubuntu.com/usn/USN- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 22%CPEs: 1EXPL: 1CVE-2016-1769 – Apple QuickTime < 7.7.79.80.95 - '.PSD' Parsing Memory Corruption
https://notcve.org/view.php?id=CVE-2016-1769
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file. QuickTime en Apple OS X en versiones anteriores a 10.11.4 permite a atacantes remotos ejecutar código arbitrario o causar un denegación de servicio (corrupción de memoria) a través de un archivo Photoshop manipulado. • https://www.exploit-db.com/exploits/39635 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035363 https://support.apple.com/HT206167 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •