CVSS: 10.0EPSS: 8%CPEs: 30EXPL: 1CVE-2016-2554 – php: buffer overflow in handling of long link names in tar phar archives
https://notcve.org/view.php?id=CVE-2016-2554
Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive. Desbordamiento de buffer basado en pila en ext/phar/tar.c en PHP en versiones anteriores a 5.5.32, 5.6.x en versiones anteriores a 5.6.18 y 7.x en versiones anteriores a 7.0.3 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o tener un posible impacto no especificado a través de un archivo TAR manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.ubuntu.com/usn/USN-2952-1 http://www.ubuntu.com/usn/USN-2952-2 https://bugs.php.net/bug.php?id=71488 https://h20566. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 10%CPEs: 61EXPL: 0CVE-2015-8835 – php: type confusion issue in Soap Client call() method
https://notcve.org/view.php?id=CVE-2015-8835
The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c. La función make_http_soap_request en ext/soap/php_http.c en PHP en versiones anteriores a 5.5.44, 5.5.x en versiones anteriores a 5.5.28 y 5.6.x en versiones anteriores a 5.6.12 no recupera claves correctamente, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL, confusión de tipo y caída de aplicación) o posiblemente ejecutar un código arbitrario a través de datos manipulados que representan una matriz numérica indexed_cookies, relacionada con el método SoapClient::__call en ext/soap/soap.c. • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.securityfocus.com/bid/84426 http://www.ubuntu.com/usn/USN-2952-1 http://www.ubuntu.com/usn& • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.1EPSS: 4%CPEs: 102EXPL: 0CVE-2016-3171
https://notcve.org/view.php?id=CVE-2016-3171
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation. Drupal 6.x en versiones anteriores a 6.38, cuando se utiliza con PHP en versiones anteriores a 5.4.45, 5.5.x en versiones anteriores a 5.5.29 o 5.6.x en versiones anteriores a 5.6.13, podría permitir a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con el truncado de datos de sesión. • http://www.debian.org/security/2016/dsa-3498 http://www.openwall.com/lists/oss-security/2016/02/24/19 http://www.openwall.com/lists/oss-security/2016/03/15/10 https://www.drupal.org/SA-CORE-2016-001 • CWE-19: Data Processing Errors •
CVSS: 8.2EPSS: 11%CPEs: 21EXPL: 0CVE-2016-3142 – php: Out-of-bounds read in phar_parse_zipfile()
https://notcve.org/view.php?id=CVE-2016-3142
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location. La función phar_parse_zipfile en zip.c en la extensión PHAR en PHP en versiones anteriores a 5.5.33 y 5.6.x en versiones anteriores a 5.6.19 permite a atacantes remotos obtener información sensible de la memoria de proceso o causar una denegación de servicio (lectura fuera de rango y cáida de aplicación) colocando una firma PK\x05\x06 en una localización no válida. • http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.securitytracker.com/id/1035255 http://www.ubuntu.com/usn/USN- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 6%CPEs: 21EXPL: 1CVE-2016-3141 – php: Use after free in WDDX Deserialize when processing XML data
https://notcve.org/view.php?id=CVE-2016-3141
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. Vulnerabilidad de uso después de liberación de memoria en wddx.c en la extensión WDDX en PHP en versiones anteriores a 5.5.33 y 5.6.x en versiones anteriores a 5.6.19 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente tener otro impacto no especificado desencadenando una llamada wddx_deserialize sobre datos XML que contienen un elemento var manipulado. • https://github.com/peternguyen93/CVE-2016-3141 http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=b1bd4119bcafab6f9a8f84d92cd65eec3afeface http://lists.apple.com/archives/security-announce/2016/May/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •