Lucene search
GoogleOSV:DLA-444-1HistoryFeb 29, 2016 - 12:00 a.m.
php5 - security update
2016-02-2900:00:00
Google
osv.dev
9
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
79.6%
- CVE-2015-2305
Integer overflow in the regcomp implementation in the Henry
Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on
32-bit platforms, as used in NetBSD through 6.1.5 and other
products, might allow context-dependent attackers to execute
arbitrary code via a large regular expression that leads to
a heap-based buffer overflow. - CVE-2015-2348
The move_uploaded_file implementation in
ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x
before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon
encountering a \x00 character, which allows remote attackers to
bypass intended extension restrictions and create files with
unexpected names via a crafted second argument.
Note: this vulnerability exists because of an incomplete fix for
CVE-2006-7243.
- CVE-2016-tmp, Bug #71039
exec functions ignore length but look for NULL termination - CVE-2016-tmp, Bug #71089
No check to duplicate zend_extension - CVE-2016-tmp, Bug #71201
round() segfault on 64-bit builds - CVE-2016-tmp, Bug #71459
Integer overflow in iptcembed() - CVE-2016-tmp, Bug #71354
Heap corruption in tar/zip/phar parser - CVE-2016-tmp, Bug #71391
NULL Pointer Dereference in phar_tar_setupmetadata() - CVE-2016-tmp, Bug #70979
Crash on bad SOAP request
References
Related
nessus
nessus
Debian DLA-444-1 : php5 security update
2016-03-01 00:00:00
FreeBSD : php -- NULL byte poisoning (3761df02-0f9c-11e0-becc-0022156e8794)
2011-01-13 00:00:00
Amazon Linux AMI : php (ALAS-2015-524)
2015-05-18 00:00:00
debian
debian
[SECURITY] [DLA 444-1] php5 security update
2016-02-29 18:41:39
[SECURITY] [DSA 3195-1] php5 security update
2015-03-18 11:56:46
ubuntucve
ubuntucve
prion
prion
Information disclosure
2015-03-30 10:59:00
Integer overflow
2015-03-30 10:59:00
Design/Logic Flaw
2015-06-09 18:59:00
cve
cve
veracode
veracode
Authorization Bypass
2019-01-15 08:51:41
Heap-based Buffer Overflow
2019-05-02 05:39:23
Remote Code Execution (RCE) Via Memory Corruption
2019-05-02 05:39:23
openvas
openvas
FreeBSD Ports: php5
2011-01-24 00:00:00
FreeBSD Ports: php5
2011-01-24 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-524)
2015-09-08 00:00:00
seebug
seebug
PHP多版本(5.2,5.4.38~5.6.6)任意文件上传漏洞
2015-10-10 00:00:00
PHP空字符安全限制绕过漏洞(CVE-2006-7243)
2012-04-12 00:00:00
freebsd
freebsd
php -- NULL byte poisoning
2010-12-10 00:00:00
Several vulnerabilities found in PHP
2015-03-19 00:00:00
clamav -- multiple vulnerabilities
2015-04-29 00:00:00
debiancve
debiancve
CVE-2015-2305
2015-03-30 10:59:00
f5
f5
SOL16831 - BSD regex library vulnerability CVE-2015-2305
2015-07-01 00:00:00
K16831 : BSD regex library vulnerability CVE-2015-2305
2015-07-01 00:00:00
K16993 : PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026
2015-07-22 00:00:00
amazon
amazon
Medium: php
2015-05-14 14:31:00
Important: php56
2015-04-15 21:50:00
Important: php55
2015-04-15 21:49:00
ubuntu
ubuntu
PHP vulnerabilities
2015-04-20 00:00:00
ClamAV vulnerabilities
2015-05-05 00:00:00
oraclelinux
oraclelinux
php security update
2014-03-18 00:00:00
php security, bug fix, and enhancement update
2013-11-25 00:00:00
php53 security, bug fix and enhancement update
2013-10-02 00:00:00
redhat
redhat
(RHSA-2014:0311) Critical: php security update
2014-03-18 00:00:00
(RHSA-2013:1615) Moderate: php security, bug fix, and enhancement update
2013-11-21 00:00:00
(RHSA-2013:1307) Moderate: php53 security, bug fix and enhancement update
2013-09-30 16:52:28
thn
thn
Seagate NAS Zero-Day Vulnerability allows Unauthorized Root Access Remotely
2015-03-01 00:50:00
centos
centos
php security update
2014-03-19 01:15:26
php security update
2013-11-26 13:32:36
php53 security update
2013-10-07 12:42:03
redhatcve
redhatcve
CVE-2019-11044
2020-03-28 20:00:41
mageia
mageia
Updated php and libzip packages fix security vulnerabilities
2015-04-04 14:13:35
Updated clamav packages fix security vulnerabilities
2015-05-05 16:36:50
suse
suse
Security update for php5 (important)
2015-05-13 15:07:04
kaspersky
kaspersky
KLA10515 Multiple vulnerabilities in PHP and extensions
2015-03-30 00:00:00
KLA10514 Multiple vulnerabilities in PHP and plugins
2015-03-30 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: clamav-0.98.7-1.fc21
2015-05-02 18:12:06
[SECURITY] Fedora 22 Update: clamav-0.98.7-1.fc22
2015-05-03 17:21:27
[SECURITY] Fedora 20 Update: clamav-0.98.7-1.fc20
2015-05-12 20:46:17
securityvulns
securityvulns
ClamAV multiple security vulnerabilities
2015-05-04 00:00:00
[ MDVSA-2015:221 ] clamav
2015-05-04 00:00:00
PHP multiple security vulnerabilities
2015-03-21 00:00:00
osv
osv
php5 - security update
2015-03-18 00:00:00
archlinux
archlinux
clamav: multiple issues
2015-05-03 00:00:00
openwrt
openwrt
php: Security update (7 CVEs)
2016-01-28 12:23:45
slackware
slackware
[slackware-security] php
2015-06-11 23:01:25
[slackware-security] php
2015-04-22 01:22:40
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
79.6%
Related for OSV:DLA-444-1