Page 38 of 254 results (0.022 seconds)

CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 1

CVE-2015-2305 – regex: heap overflow in regcomp() on 32-bit architectures

https://notcve.org/view.php?id=CVE-2015-2305

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow. Desbordamiento de enteros en la implementación regcomp en la librería Henry Spencer BSD regex (también conocido como rxspencer) alpha3.8.g5 en las plataformas de 32 bits, utilizado en NetBSD hasta 6.1.5 y otros productos, podría permitir a atacantes dependientes de contexto ejecutar código arbitrario a través de una expresión regular grande que conlleva a un desbordamiento de buffer basado en memoria dinámica. A heap buffer overflow flaw was found in the regcomp() function of Henry Spencer's regular expression library. An attacker able to make an application process a specially crafted regular expression pattern with the regcomp() function could cause that application to crash and possibly execute arbitrary code. • http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://openwall.com&#x • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 94%CPEs: 49EXPL: 2

CVE-2015-0273 – PHP DateTime - Use-After-Free

https://notcve.org/view.php?id=CVE-2015-0273

Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function. Múltiples vulnerabilidades de uso después de liberación en ext/date/php_date.c en PHP anterior a 5.4.38, 5.5.x anterior a 5.5.22, y 5.6.x anterior a 5.6.6 permiten a atacantes remotos ejecutar código arbitrario a través de entradas serializadas manipuladas que contienen un especificador de tipo (1) R o (2) r en (a) datos de DateTimeZone manejados por la función php_date_timezone_initialize_from_hash o (b) datos de DateTime manejados por la función php_date_initialize_from_hash. A use-after-free flaw was found in the unserialize() function of PHP's DateTimeZone implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory. PHP versions below 5.6.6, below 5.5.22, and below 5.4.38 suffer from a use-after-free vulnerability in DateTime. • https://www.exploit-db.com/exploits/36158 http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=71335e6ebabc1b12c057d8017fd811892ecdfd24 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html http& • CWE-416: Use After Free •

CVSS: 5.0EPSS: 8%CPEs: 48EXPL: 0

CVE-2014-9652 – file: out of bounds read in mconvert()

https://notcve.org/view.php?id=CVE-2014-9652

The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file. La función mconvert en softmagic.c en file anterior a 5.21, utilizado en el componente Fileinfo en PHP anterior a 5.4.37, 5.5.x anterior a 5.5.21, y 5.6.x anterior a 5.6.5, no maneja correctamente cierto campo de longitud de cadenas durante una copia de una versión trucada de una cadena Pascal, lo que podría permitir a atacantes remotos causar una denegación de servicio (acceso a memoria fuera de rango y caída de aplicación) a través de un fichero manipulado. An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility (for example, PHP using the fileinfo module) to crash if it was used to identify the type of the attacker-supplied file. • http://bugs.gw.com/view.php?id=398 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00004.html http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://openwall.com/lists/oss-security/2015/02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 14%CPEs: 7EXPL: 1

CVE-2015-1351 – php: use after free in opcache extension

https://notcve.org/view.php?id=CVE-2015-1351

Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación en la función _zend_shared_memdup en zend_shared_alloc.c en la extensión OPcache en PHP hasta 5.6.7 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of a portion of the server memory. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=777c39f4042327eac4b63c7ee87dc1c7a09a3115 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://openwall.com/lists/oss-security/2015/01/24/9 http://rhn.redhat.com/errata/RHSA-2015-1053.html http://rhn.redhat.com/errata/RHSA-2015-1066.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:079 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/to • CWE-416: Use After Free •

CVSS: 5.0EPSS: 18%CPEs: 4EXPL: 1

CVE-2015-1352 – php: NULL pointer dereference in pgsql extension

https://notcve.org/view.php?id=CVE-2015-1352

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. La función build_tablename en pgsql.c en la extensión PostgreSQL (también conocido como pgsql) en PHP hasta 5.6.7 no valida la extracción de tokens para nombres de tablas, lo que permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de aplicación) a través de un nombre manipulado. A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to a function such as pg_insert() or pg_select() could cause a PHP application to crash. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=124fb22a13fafa3648e4e15b4f207c7096d8155e http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://openwall.com/lists/oss-security/2015/01/24/9 http://rhn.redhat.com/errata/RHSA-2015-1053.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:079 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.oracle.com/technetwork • CWE-476: NULL Pointer Dereference •