Lucene search
+L

67 matches found

securityvulns
securityvulns
added 2015/02/22 12:0 a.m.110 views

[USN-2501-1] PHP vulnerabilities

========================================================================== Ubuntu Security Notice USN-2501-1 February 17, 2015 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

7.5CVSS1.7AI score0.53166EPSS
Exploits14
nessus
nessus
added 2015/02/20 12:0 a.m.75 views

openSUSE Security Update : php5 (openSUSE-2015-163)

php5 was updated to fix five security issues. These security issues were fixed : - CVE-2015-0231: Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allowed remote attackers to execute...

10CVSS8.1AI score0.53166EPSS
Exploits12References11
openvas
openvas
added 2015/02/18 12:0 a.m.53 views

Ubuntu: Security Advisory (USN-2501-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.1AI score0.53166EPSS
Exploits14References2
myhack58
myhack58
added 2015/02/11 12:0 a.m.14 views

In PHP memory corruption vulnerability use of CVE-2 0 1 4-8 1 4 2 and CVE-2 0 1 5-0 2 3 1-the vulnerability warning-the black bar safety net

Many people think that, for Web-based applications, memory corruption class of bugs is not what a serious problem. Especially nowXSSandSQL injectionthe class of vulnerabilities is still the matter of the case, not how much attention to devote to such a bug, they will be treated as“non-use”or is...

1.8AI score
Exploits0
checkpoint_advisories
checkpoint_advisories
added 2015/02/09 12:0 a.m.22 views

PHP Core unserialize process nested data Use After Free (CVE-2014-8142)

A code execution vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical keys within the unserialize function. A remote attacker can exploit the vulnerability by sending crafted serialized data to a web...

7.5CVSS3.3AI score0.53166EPSS
Exploits8
prion
prion
added 2015/01/27 8:3 p.m.32 views

Design/Logic Flaw

Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate...

7.5CVSS7.8AI score0.53166EPSS
Exploits10References23Affected Software1
cve
cve
added 2015/01/27 11:0 a.m.397 views

CVE-2015-0231

CVE-2015-0231 is a use-after-free in PHP’s unserialize handling of serialized objects with identical numeric keys within process_nested_data (ext/standard/var_unserializer.re). Affects PHP releases up to 5.4.37, 5.5.x up to 5.5.21, and 5.6.x up to 5.6.5; remote attackers could trigger arbitrary c...

7.5CVSS8.2AI score0.42593EPSS
Exploits5References23Affected Software1
archlinux
archlinux
added 2015/01/23 12:0 a.m.123 views

php: remote code execution

CVE-2014-9427 information leak, remote code execution A one-byte file containing only the '' character, not followed by any newline, causes php-cgi to do an out of bound read, potentially disclosing sensitive information present in memory or even triggering code execution if adjacent memory...

7.5CVSS3.6AI score0.53166EPSS
Exploits12References6
f5
f5
added 2015/01/22 12:0 a.m.189 views

SOL16021 - PHP vulnerability CVE-2014-8142

Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

10CVSS3.7AI score0.53166EPSS
Exploits8References5
nessus
nessus
added 2015/01/09 12:0 a.m.58 views

Amazon Linux AMI : php55 (ALAS-2015-464)

Use-after-free vulnerability in the processnesteddata function in ext/standard/varunserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys...

7.5CVSS7AI score0.53166EPSS
Exploits8References2
openvas
openvas
added 2015/01/07 12:0 a.m.59 views

PHP 5.4.x < 5.4.36, 5.5.x < 5.5.20, 5.6.x < 5.6.4 Use After Free Vulnerability (Jan 2015)

PHP is prone to an use after free vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

7.5CVSS7.6AI score0.53166EPSS
Exploits8References4
openvas
openvas
added 2015/01/05 12:0 a.m.52 views

Fedora Update for php FEDORA-2014-17241

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.53166EPSS
Exploits8References2
debian
debian
added 2014/12/31 2:47 p.m.54 views

[SECURITY] [DSA 3117-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3117-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 31, 2014 http://www.debian.org/security/faq -...

7.5CVSS8.9AI score0.53166EPSS
Exploits8
debian
debian
added 2014/12/31 2:47 p.m.82 views

[SECURITY] [DSA 3117-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3117-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 31, 2014 http://www.debian.org/security/faq -...

7.5CVSS0.8AI score0.53166EPSS
Exploits8
openvas
openvas
added 2014/12/30 12:0 a.m.48 views

Fedora Update for php FEDORA-2014-17276

Check the version of php SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868640";...

7.5CVSS8.1AI score0.53166EPSS
Exploits17References2
nessus
nessus
added 2014/12/30 12:0 a.m.64 views

Fedora 20 : php-5.5.20-2.fc20 (2014-17229)

18 Dec 2014, PHP 5.5.20\r\n\r\nCore:\r\n Fixed bug 68091 Some Zend headers lack appropriate extern 'C' blocks. Adam\r\n Fixed bug 68185 'Inconsistent insteadof definition.'- incorrectly triggered. Julien\r\n Fixed bug 68370 'unset$this' can make the program crash. Laruence\r\n Fixed bug 68545 NUL...

7.5CVSS7.2AI score0.53166EPSS
Exploits8References3
nessus
nessus
added 2014/12/30 12:0 a.m.57 views

Fedora 21 : php-5.6.4-2.fc21 (2014-17241)

18 Dec 2014, PHP 5.6.4\r\n\r\nCore:\r\n Fixed bug 68091 Some Zend headers lack appropriate extern 'C' blocks. Adam\r\n Fixed bug 68104 Segfault while pre-evaluating a disabled function. Laruence\r\n Fixed bug 68185 'Inconsistent insteadof definition.'- incorrectly triggered. Julien\r\n Fixed bug...

7.5CVSS7.1AI score0.53166EPSS
Exploits8References3
openvas
openvas
added 2014/12/30 12:0 a.m.55 views

Fedora Update for php FEDORA-2014-17229

Check the version of php SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868637";...

7.5CVSS8.1AI score0.53166EPSS
Exploits17References2
slackware
slackware
added 2014/12/23 5:38 a.m.76 views

[slackware-security] php

New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/php-5.4.36-i486-1slack14.1.txz: Upgraded. This update fixes bugs and security issues. 68545 NULL pointer dereference in...

7.5CVSS8.2AI score0.53166EPSS
Exploits8
securityvulns
securityvulns
added 2014/12/23 12:0 a.m.154 views

[slackware-security] php &#40;SSA:2014-356-02&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security php SSA:2014-356-02 New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

7.5CVSS7.9AI score0.53166EPSS
Exploits8
Rows per page
Query Builder