CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-9114
https://notcve.org/view.php?id=CVE-2014-9114
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. Blkid en util-linux en versiones anteriores a 2.26rc-1 permite a usuarios locales ejecutar código arbitrario. • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html http://www.openwall.com/lists/oss-security/2014/11/26/21 http://www.securityfocus.com/bid/71327 https://bugzilla.redhat.com/show_bug.cgi?id=1168485 https://exchange.xforce.ibmcloud.com/vulnerabilities/98993 https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 10%CPEs: 66EXPL: 1CVE-2015-2787 – php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
https://notcve.org/view.php?id=CVE-2015-2787
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. Vulnerabilidad de uso después de liberación en la función process_nested_data en ext/standard/var_unserializer.re en PHP anterior a 5.4.39, 5.5.x anterior a 5.5.23, y 5.6.x anterior a 5.6.7 permite a atacantes remotos ejecutar código arbitrario a través de una llamada no serializada manipulada que aprovecha el uso de la función unset dentro de una función __wakeup, un problema relacionado con CVE-2015-0231. A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00015.html http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1053.html http:// • CWE-416: Use After Free •
CVSS: 5.0EPSS: 3%CPEs: 12EXPL: 1CVE-2014-9709 – gd: buffer read overflow in gd_gif_in.c
https://notcve.org/view.php?id=CVE-2014-9709
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function. La función GetCode_ en gd_gif_in.c en GD 2.1.1 y anteriores, utilizado en PHP anterior a 5.5.21 y 5.6.x anterior a 5.6.5, permite a atacantes remotos causar una denegación de servicio (sobre lectura de buffer y caída de aplicación) a través de una imagen GIF manipulada que es manejada incorrectamente por la función gdImageCreateFromGif. A buffer over-read flaw was found in the GD library. A specially crafted GIF file could cause an application using the gdImageCreateFromGif() function to crash. • http://advisories.mageia.org/MGASA-2015-0040.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1053.html http://rhn.redhat.com/errata/RHSA-2015-1066.html http://rhn.redhat.com/errata/RHS • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 60EXPL: 1CVE-2015-2348 – php: move_uploaded_file() NUL byte injection in file name
https://notcve.org/view.php?id=CVE-2015-2348
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. La implementación move_uploaded_file en ext/standard/basic_functions.c en PHP anterior a 5.4.39, 5.5.x anterior a 5.5.23, y 5.6.x anterior a 5.6.7 trunca un nombre de ruta al encontrar un caracter \x00, lo que permite a atacantes remotos evadir las restricciones de extensiones y crear ficheros con nombres no esperados a través de un segundo argumento manipulado. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2006-7243. It was found that PHP move_uploaded_file() function did not properly handle file names with a NULL character. • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=1291d6bbee93b6109eb07e8f7916ff1b7fcc13e1 http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00015.html http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://php.net/ChangeLog-5.php http://rhn.redhat.com/errata/RHSA-2015-1053.html • CWE-264: Permissions, Privileges, and Access Controls CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2014-3619
https://notcve.org/view.php?id=CVE-2014-3619
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header. La función __socket_proto_state_machine en GlusterFS 3.5 permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de una cabecera de fragmento '00000000'. • http://advisories.mageia.org/MGASA-2015-0145.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00031.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00056.html http://review.gluster.org/#/c/8662/4 http://www.mandriva.com/security/advisories?name=MDVSA-2015:211 https://bugzilla.redhat.com/show_bug.cgi?id=1138145 • CWE-399: Resource Management Errors •