Page 27 of 315 results (0.003 seconds)

CVSS: 9.8EPSS: 6%CPEs: 21EXPL: 1

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. Vulnerabilidad de uso después de liberación de memoria en wddx.c en la extensión WDDX en PHP en versiones anteriores a 5.5.33 y 5.6.x en versiones anteriores a 5.6.19 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente tener otro impacto no especificado desencadenando una llamada wddx_deserialize sobre datos XML que contienen un elemento var manipulado. • https://github.com/peternguyen93/CVE-2016-3141 http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=b1bd4119bcafab6f9a8f84d92cd65eec3afeface http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •

CVSS: 8.2EPSS: 11%CPEs: 21EXPL: 0

The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location. La función phar_parse_zipfile en zip.c en la extensión PHAR en PHP en versiones anteriores a 5.5.33 y 5.6.x en versiones anteriores a 5.6.19 permite a atacantes remotos obtener información sensible de la memoria de proceso o causar una denegación de servicio (lectura fuera de rango y cáida de aplicación) colocando una firma PK\x05\x06 en una localización no válida. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.securitytracker.com/id/1035255 http://www.ubuntu.com/usn/USN- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 9.1EPSS: 8%CPEs: 28EXPL: 1

The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function. La función gdImageRotateInterpolated en ext/gd/libgd/gd_interpolation.c en PHP en versiones anteriores a 5.5.31, 5.6.x en versiones anteriores a 5.6.17 y 7.x en versiones anteriores a 7.0.2 permite a atacantes remotos obtener información sensible o causar una denegación de servicio (lectura fuera de rango y caída de aplicación) a través de un argumento bgd_color de gran tamaño para la función imagerotate. A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted image file could cause a PHP application using the imagerotate() function to disclose portions of the server memory or crash the PHP application. • http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.openwall.com/lists/oss-security/2016/01/14/8 http://www.php.net/ChangeLog-5.php http://www.php.net/ChangeLog-7.php http://www.securityfocus.com/bid/79916 http://www.securitytracker.com/id/1034608 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 4%CPEs: 16EXPL: 0

Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive. Error por un paso en la función phar_parse_zipfile en ext/phar/zip.c en PHP en versiones anteriores a 5.5.30 y 5.6.x en versiones anteriores a 5.6.14 permite a atacantes remotos causar una denegación de servicio (referencia a un puntero no inicializado y caída de aplicación) incluyendo el nombre de archivo / en un archivo PHAR .zip. A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1ddf72180a52d247db88ea42a3e35f824a8fbda1 http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html http://www.debian.org/security/2015/dsa-3380 http://www.openwall.com/lists/oss-security/2015/10/05/8 http://www.php.net/ChangeLog-5.php http://www.securityfocus.com/bid/76959 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=sla • CWE-189: Numeric Errors CWE-822: Untrusted Pointer Dereference •

CVSS: 6.8EPSS: 6%CPEs: 15EXPL: 0

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. La función phar_get_entry_data en ext/phar/util.c en PHP en versiones anteriores a 5.5.30 y 5.6.x en versiones anteriores a 5.6.14 permite a atacantes remotos causar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de un archivo .phar con una entrada de archivo TAR manipulada en la cual el indicador Link referencia a un archivo que no existe. A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=d698f0ae51f67c9cce870b09c59df3d6ba959244 http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00099.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00037.html http://www.debian.org/security/2015/dsa-3380 http://www.openwall.com/lists/oss-security/2015/10/05/8 http://www.php.net& • CWE-476: NULL Pointer Dereference •