Amazon Linux: Security Advisory (ALAS-2014-313)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2014-314)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2014-362)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Out-of-bounds

The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service out-of-bounds read and application crash via 1 a large Size value in the Archive Member Header of a COFF Archive Library file, 2 a large Number Of Symbols value in the 1st Linker Membe...

CVE-2015-2869

The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service out-of-bounds read and application crash via 1 a large Size value in the Archive Member Header of a COFF Archive Library file, 2 a large Number Of Symbols value in the 1st Linker Membe...

CVE-2015-2869

The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service out-of-bounds read and application crash via 1 a large Size value in the Archive Member Header of a COFF Archive Library file, 2 a large Number Of Symbols value in the 1st Linker Membe...

CVE-2015-2869

Affected software: Total Commander FileInfo plugin (version 2.21 affected, fixed in 2.22 per TALOS report). Vulnerability type: Out‑of‑bounds read leading to denial of service and possible application termination. Root cause: Attacker-controlled fields in COFF Archive and LE structures (Archive M...

SOL16954 - Multiple PHP CDF vulnerabilities CVE-2014-0237 and CVE-2014-0238

CVE-2014-0237 The cdfunpacksummaryinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service performance degradation by triggering many fileprintf calls. CVE-2014-0238 The cdfreadpropertyinfo function in cdf.c...

Ubuntu: Security Advisory (USN-2658-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2658-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2658-1 advisory. Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass...

USN-2658-1 php5 vulnerabilities

Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass intended restrictions and create or obtain access to sensitive files. CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026, CVE-2015-4598...

php: denial of service when processing a crafted file with Fileinfo

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service application crash or possibly execute...

php: denial of service when processing a crafted file with Fileinfo

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service application crash or possibly execute...

Important: Red Hat Security Advisory: php55-php security update

Updated php55-php packages that fix multiple security issues are now available for Red Hat Software Collections 2. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

php security update

CentOS Errata and Security Advisory CESA-2015:1135 Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS...

Oracle Linux 7 : php (ELSA-2015-1135)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1135 advisory. - core: fix multipart/form-data request can use excessive amount of CPU usage CVE-2015-4024 - fix various functions accept paths with NUL character...

RHEL 7 : php (RHSA-2015:1135)

Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...

php: denial of service when processing a crafted file with Fileinfo

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service application crash or possibly...

php: denial of service when processing a crafted file with Fileinfo

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service application crash or possibly execute...

PHP libmagick 'libmagic/softmagic.c' denial of service vulnerability (CNVD-2015-03966)

PHP is a general-purpose scripting language. A security vulnerability in the PHP Fileinfo extension when handling constructed files allows remote attackers to exploit the vulnerability to crash the PHP process, resulting in a denial of service...