Page 314 of 2650 results (0.068 seconds)

CVSS: 5.8EPSS: 5%CPEs: 58EXPL: 1

ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions. ext/phar/phar.c en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8 permite a atacantes remotos obtener información sensible de la memoria de procesos o causar una denegación de servicio (sobre lectura de buffer y caída de aplicación) a través de un valor de longitud manipulado en conjunto con datos seializados manipulados en un archivo phar, relacionado con las funciones phar_parse_metadata y phar_parse_pharfile. A buffer over-read flaw was found in PHP's phar (PHP Archive) paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1066.html http://rhn.redhat.com/errata/RHSA-2015-1135.html http:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 71%CPEs: 67EXPL: 1

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. Múltiples desbordamientos de buffer basado en pila en la función phar_set_inode en phar_internal.h en PHP anterior a 5.4.40, 5.5.x anterior a 5.5.24, y 5.6.x anterior a 5.6.8 permiten a atacantes remotos ejecutar código arbitrario a través de un valor de longitud manipulado en un archivo (1) tar, (2) phar, o (3) ZIP. A buffer overflow flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f59b67ae50064560d7bfcdb0d6a8ab284179053c http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1066.html http://rhn.redhat.com/errata& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data. LaunchServices en Apple OS X anterior a 10.10.3 permite a usuarios locales causar una denegación de servicio (caída de Finder) a través de datos de localización manipulados. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://www.securityfocus.com/bid/73982 http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 4%CPEs: 1EXPL: 1

Use-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code by leveraging improper use of a mutex. Vulnerabilidad de uso después de liberación en CoreAnimation en Apple OS X anterior a 10.10.3 permite a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento del uso indebido de un mutex. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://www.securityfocus.com/bid/73982 http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135. fontd en Apple Type Services (ATS) en Apple OS X anterior a 10.10.3permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, y CVE-2015-1135. • http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://www.securityfocus.com/bid/73982 http://www.securitytracker.com/id/1032048 https://support.apple.com/HT204659 • CWE-20: Improper Input Validation •