Page 59 of 589 results (0.016 seconds)

CVSS: 7.5EPSS: 2%CPEs: 110EXPL: 5

CVE-2011-1092 – PHP 5.3.6 - 'shmop_read()' Integer Overflow Denial of Service

https://notcve.org/view.php?id=CVE-2011-1092

Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function. Desbordamiento de entero en ext/shmop/shmop.c en PHP antes de v5.3.6, permite a usuarios locales o remotos provocar una denegación de servicio (caida) y posiblemente leer información sensible de la memoria a través de largos argumentos en la funcion shmop_read • https://www.exploit-db.com/exploits/16966 http://bugs.php.net/bug.php?id=54193 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://securityreason.com/securityalert/8130 http://support.apple.com/kb/HT5002 http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/shmop/shmop.c?r1=306939&r2=309018&pathrev=309018 http://www.exploit-db.com/exploits/16966 http://www.mandriva.com/secur • CWE-189: Numeric Errors •

CVSS: 4.3EPSS: 8%CPEs: 110EXPL: 4

CVE-2011-0708 – PHP 'Exif' Extension - 'exif_read_data()' Remote Denial of Service

https://notcve.org/view.php?id=CVE-2011-0708

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read. exif.c en la extensión Exif en PHP anterior a v5.3.6 en plataformas de 64 bits realiza una asociación incorrecta, lo que permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una imagen con una Image File Directory (IFD) que provoca una sobre lectura del búfer. PHP versions 5.3.5 and below are susceptible to a denial of service condition in the Exif extension exif_read_data() function. • https://www.exploit-db.com/exploits/16261 http://bugs.php.net/bug.php?id=54002 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057709.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057710.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056642.html http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://openwall.com/lists/oss-security/2011&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 5

CVE-2011-0420 – PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference

https://notcve.org/view.php?id=CVE-2011-0420

The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference. La función grapheme_extract en la extensión de Internacionalización (Intl) para ICU para PHP v5.3.5 permite provocar una denegación de servicio (con caída de la aplicación) a atacantes dependientes del contexto a través de un argumento de tamaño no válido, lo que provoca una desreferencia de puntero NULL. PHP version 5.2.5 suffers from a grapheme_extract() null pointer dereference vulnerability. • https://www.exploit-db.com/exploits/16182 https://www.exploit-db.com/exploits/35354 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://securityreason.com/achievement_securityalert/94 http://securityreason.com/securityalert/8087 http://support.apple.com/kb/HT5002 http://svn.php.net/viewvc/php/php-src/trunk/ext/intl/grapheme/grapheme_string.c?r1=306449&r2=306448&pathrev=306449 http://www.debian.org/security/2011/dsa-2266 http://www.exploit-db.com& •

CVSS: 4.3EPSS: 0%CPEs: 69EXPL: 0

CVE-2011-0753

https://notcve.org/view.php?id=CVE-2011-0753

Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals. Condición de carrera en la extensión PCNTL en PHP anteriores a 5.3.4, cuando existe un gestor de señal definido por el usuario, podría permitir a atacantes dependiendo del contexto provocar una denegación de servicio (corrupción de memoria) a través de un número de señales muy grande. • http://bugs.php.net/52784 http://www.php.net/ChangeLog-5.php https://exchange.xforce.ibmcloud.com/vulnerabilities/65431 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12271 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.0EPSS: 0%CPEs: 99EXPL: 0

CVE-2011-0752

https://notcve.org/view.php?id=CVE-2011-0752

The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758. La función Extract en PHP anteriores a v5.2.15 no previenen la utilización del parámetro EXTR_OVERWRITE para sobreescribir (1) la tabla superglobal GLOBALS y (2) la variable this, lo que permite a atacantes dependientes de contexto eludir las restricciones de acceso previsto por la modificación de estructuras de datos que no estaban destinadas a depender de entradas externas, relacionado con CVE-2005-2691 y CVE-2006 3758. • http://marc.info/?l=bugtraq&m=133469208622507&w=2 http://www.openwall.com/lists/oss-security/2010/12/13/4 http://www.php.net/ChangeLog-5.php http://www.php.net/archive/2010.php#id2010-12-10-1 http://www.php.net/releases/5_2_15.php https://exchange.xforce.ibmcloud.com/vulnerabilities/65432 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12016 • CWE-20: Improper Input Validation •