Page 39 of 254 results (0.012 seconds)

CVSS: 10.0EPSS: 97%CPEs: 33EXPL: 20

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." Desbordamiento de buffer basado en memoria dinámica en la función __nss_hostname_digits_dots en glibc 2.2, y otras versiones 2.x anteriores a 2.18, permite a atacantes dependientes de contexto ejecutar código arbitrario a través de vectores relacionados con la funciín (1) gethostbyname o (2) gethostbyname2, también conocido como 'GHOST.' A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. • https://www.exploit-db.com/exploits/35951 https://www.exploit-db.com/exploits/36421 https://github.com/aaronfay/CVE-2015-0235-test https://github.com/makelinux/CVE-2015-0235-workaround https://github.com/sUbc0ol/CVE-2015-0235 https://github.com/mikesplain/CVE-2015-0235-cookbook https://github.com/tobyzxj/CVE-2015-0235 https://github.com/adherzog/ansible-CVE-2015-0235-GHOST http://blogs.sophos.com/2015/01/29/sophos-products-and-the-ghost-vulnerability-affecting-linux http:/ • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 6.8EPSS: 88%CPEs: 84EXPL: 1

The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. La función exif_process_unicode en ext/exif/exif.c en PHP anterior a 5.4.37, 5.5.x anterior a 5.5.21, y 5.6.x anterior a 5.6.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (liberación de puntero no inicializado y caída de la aplicación) a través de datos EXIF manipulados en una imagen JPEG. An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. • http://advisories.mageia.org/MGASA-2015-0040.html http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=21bc7464f454fec18a9ec024c738f195602fee2a http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=2fc178cf448d8e1b95d1314e47eeef610729e0df http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=55001de6d8c6ed2aada870a76de1e4b4558737bf http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html http://lists.opensuse.org/opensuse-updates/2015& • CWE-822: Untrusted Pointer Dereference •

CVSS: 7.5EPSS: 72%CPEs: 84EXPL: 1

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142. Vulnerabilidad del uso después de liberación en la función process_nested_data en ext/standard/var_unserializer.re en PHP anterior a 5.4.37, 5.5.x anterior a 5.5.21, y 5.6.x anterior a 5.6.5 permite a atacantes remotos ejecutar código arbitrario a través de una llamada de no serializar manipulada que aprovecha el manejo incorrecto de claves numéricas duplicadas dentro de las propiedades serializadas de un objeto. NOTA: este vulnerabilidad existe debido a una solución incompleta para CVE-2014-8142. A use-after-free flaw was found in the way PHP's unserialize() function processed data. • http://advisories.mageia.org/MGASA-2015-0040.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://rhn.redhat.com/errata/RHSA-2015-1053.html http://rhn& • CWE-416: Use After Free •

CVSS: 7.5EPSS: 11%CPEs: 205EXPL: 1

sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping. sapi/cgi/cgi_main.c en el componente CGI en PHP hasta 5.4.36, 5.5.x hasta 5.5.20, y 5.6.x hasta 5.6.4, cuando mmap está utilizado para leer un fichero .php, no considera correctamente la longitud de las asignaciones durante el procesamiento de un fichero inválido que empieza por un caracter # y le falta un caracter nueva línea, lo que causa una lectura fuera de rango y podría (1) permitir a atacantes remotos obtener información sensible de la memoria de procesos php-cgi mediante el aprovechamiento de la habilidad de subir un fichero .php o (2) provocar la ejecución de código no esperado si una secuencia de comandos PHP válida está presente en las localizaciones de memoria ajuntas a las asignaciones. A flaw was found in the way PHP handled malformed source files when running in CGI mode. A specially crafted PHP file could cause PHP CGI to crash. • http://advisories.mageia.org/MGASA-2015-0040.html http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=f9ad3086693fce680fbe246e4a45aa92edd2ac35 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://openwall.com/lists/oss-security • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable ** DISPUTADA ** La función apprentice_load en libmagic/apprentice.c en el componente Fileinfo en PHP hasta 5.6.4 intenta realizar una operación libre sobre un array de caracteres basado en pila, lo que permite a atacantes remotos causar una denegación de servicio (corrupción de memoria o caída de la aplicación) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. NOTA: esto lo disputa el proveedor porque el comportamiento erealloc estándar hace que la operación libre sea inalcanzable. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=a72cd07f2983dc43a6bb35209dc4687852e53c09 http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=ef89ab2f99fbd9b7b714556d4f1f50644eb54191 http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html https://bugs.php.net/bug.php?id=68665 • CWE-17: DEPRECATED: Code •