Lucene search
K

19 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2015-6833

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to...

7.5CVSS8.1AI score0.04837EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.37 views

Debian: Security Advisory (DLA-341-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.8AI score0.46801EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.52 views

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-2221)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.2AI score0.35438EPSS
Exploits15References2
Veracode
Veracode
added 2019/05/02 5:27 a.m.50 views

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrar...

9.8CVSS9.1AI score0.46801EPSS
Exploits8References8Affected Software1
Veracode
Veracode
added 2019/05/02 5:27 a.m.57 views

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrar...

9.8CVSS9.2AI score0.46801EPSS
Exploits8References9Affected Software1
Veracode
Veracode
added 2019/05/02 5:27 a.m.40 views

Use-After-Free

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrar...

9.8CVSS9.2AI score0.46801EPSS
Exploits8References10Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/01/02 12:0 a.m.62 views

SUSE SLES12 Security Update : php5 (SUSE-SU-2015:1633-1)

This update of PHP5 brings several security fixes. Security fixes : - CVE-2015-6831: A use after free vulnerability in unserialize has been fixed which could be used to crash php or potentially execute code. bnc942291 bnc942294 bnc942295 - CVE-2015-6832: A dangling pointer in the unserialization ...

9.8CVSS9.1AI score0.46801EPSS
Exploits7References28
RedHat Linux
RedHat Linux
added 2016/11/15 11:40 a.m.5 views

php: Invalid free() instead of efree() in phar_extract_file()

/ext/phar/pharobject.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833...

9.8CVSS7.5AI score0.07753EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2015/10/01 12:0 a.m.58 views

Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2758-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2758-1 advisory. It was discovered that the PHP phar extension incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting ...

10CVSS8.9AI score0.46801EPSS
Exploits8References11
OpenVAS
OpenVAS
added 2015/10/01 12:0 a.m.72 views

Ubuntu: Security Advisory (USN-2758-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9AI score0.46801EPSS
Exploits8References2
Ubuntu
Ubuntu
added 2015/09/30 8:10 p.m.107 views

USN-2758-1: PHP vulnerabilities

It was discovered that the PHP phar extension incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service. CVE-2015-5589 It was discovered that the PHP phar extension incorrectly handled certain filepaths. A remote attacker cou...

10CVSS8.7AI score0.46801EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2015/09/28 12:0 a.m.59 views

openSUSE Security Update : php5 (openSUSE-2015-609)

The PHP5 script interpreter was updated to fix various security issues : - CVE-2015-6831: A use after free vulnerability in unserialize has been fixed which could be used to crash php or potentially execute code. bnc942291 bnc942294 bnc942295 - CVE-2015-6832: A dangling pointer in the...

9.8CVSS8.9AI score0.46801EPSS
Exploits7References17
OpenVAS
OpenVAS
added 2015/09/26 12:0 a.m.44 views

openSUSE: Security Advisory for php5 (openSUSE-SU-2015:1628-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.8AI score0.46801EPSS
Exploits7References1
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.50 views

Amazon Linux: Security Advisory (ALAS-2015-583)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.3AI score0.07083EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.65 views

Amazon Linux: Security Advisory (ALAS-2015-584)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.3AI score0.07083EPSS
Exploits2References4
UbuntuCve
UbuntuCve
added 2015/08/27 12:0 a.m.42 views

CVE-2015-6833

Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. dot dot in a ZIP archive entry that is mishandled during an extractTo call...

7.5CVSS7.2AI score0.04837EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/08/18 12:0 a.m.47 views

Amazon Linux AMI : php54 (ALAS-2015-583) (BACKRONYM)

PHP process crashes when processing an invalid file with the 'phar' extension. CVE-2015-5589 As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. CVE-2015-3152 PHP versions before 5.5.27 and 5.4.43 contain buffer...

10CVSS8AI score0.07083EPSS
Exploits2References9
Tenable Nessus
Tenable Nessus
added 2015/08/18 12:0 a.m.67 views

Amazon Linux AMI : php55 (ALAS-2015-584) (BACKRONYM)

PHP process crashes when processing an invalid file with the 'phar' extension. CVE-2015-5589 As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. CVE-2015-3152 PHP versions before 5.5.27 and 5.4.43 contain buffer...

10CVSS8AI score0.07083EPSS
Exploits2References9
Amazon
Amazon
added 2015/08/17 12:0 a.m.69 views

Medium: php54

Issue Overview: PHP process crashes when processing an invalid file with the "phar" extension. CVE-2015-5589 As discussed upstream https://bugs.php.net/bug.php?id=69669, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. CVE-2015-3152...

10CVSS9AI score0.07083EPSS
Exploits2
Rows per page
Query Builder