Page 26 of 130 results (0.011 seconds)

CVSS: 9.8EPSS: 3%CPEs: 30EXPL: 1

CVE-2016-4538 – php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition

https://notcve.org/view.php?id=CVE-2016-4538

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call. La función bcpowmod en ext/bcmath/bcmath.c en PHP en versiones anteriores a 5.5.35, 5.6.x en versiones anteriores a 5.6.21 y 7.x en versiones anteriores a 7.0.6 modifica ciertas estructuras de datos sin considerar si son copias de la variable global _zero_, _one_, o _two_, lo que permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de una llamada manipulada. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183736.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00086.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3602 http://www.openwall.com/lists/oss-security/2016/05/05/21 http://www.securityfocus.com/bid/90173 https:/ • CWE-20: Improper Input Validation CWE-122: Heap-based Buffer Overflow •

CVSS: 9.8EPSS: 34%CPEs: 1EXPL: 3

CVE-2016-3078 – PHP 7.0.5 - ZipArchive::getFrom* Integer Overflow

https://notcve.org/view.php?id=CVE-2016-3078

Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class. Multiples desbordamientos de entero en PHP en versiones anteriores a 7.0.8 permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica y caída de aplicación) o posiblemente tener otro impacto no especificado a través de una llamada manipulada a (1) getFromIndex o (2) getFromName en la clase ZipArchive. • https://www.exploit-db.com/exploits/39742 http://www.openwall.com/lists/oss-security/2016/04/28/1 http://www.securitytracker.com/id/1035701 https://bugs.php.net/bug.php?id=71923 https://github.com/php/php-src/commit/3b8d4de300854b3517c7acb239b84f7726c1353c?w=1 https://php.net/ChangeLog-7.php https://security-tracker.debian.org/tracker/CVE-2016-3078 • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 46%CPEs: 13EXPL: 3

CVE-2016-3074 – libgd 2.1.1 - Signedness Heap Overflow

https://notcve.org/view.php?id=CVE-2016-3074

Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. Error de entero sin signo en GD Graphics Library 2.1.1 (también conocida como libgd o libgd2) permite a atacantes remotos provocar una denegación de servicio (caída) o potencialmente ejecutar código arbitrario a través de datos gd2 comprimidos manipulados, lo que desencadena un desbordamiento de buffer basado en memoria dinámica. A signedness vulnerability exists in libgd version 2.1.1 which may result in a heap overflow when processing compressed gd2 data. • https://www.exploit-db.com/exploits/39736 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183263.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183724.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00031.html http://packetstormsecurity.com/files/136757/libgd-2.1.1-Signedness.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://seclists.org/fulldisclosure/2016/Apr/72 http://www.debian.org/security/2016/dsa-3556 http& • CWE-122: Heap-based Buffer Overflow CWE-681: Incorrect Conversion between Numeric Types •

CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 1

CVE-2016-1283 – pcre: heap buffer overflow in handling of duplicate named groups (8.39/14)

https://notcve.org/view.php?id=CVE-2016-1283

The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(? • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178193.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178955.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/79825 http://www.securitytracker.com/id/1034555 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.343110 https://access.redhat.com/errata/RHSA-2016:1132 https://bto.bluecoat.com/security-ad • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 9.3EPSS: 5%CPEs: 85EXPL: 0

CVE-2006-3017

https://notcve.org/view.php?id=CVE-2006-3017

zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2 http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/19927 http://secunia.com/advisories/21031 http://secunia.com/advisories/21050 •