Total
706 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-8383 | 3 Fedoraproject, Pcre, Php | 3 Fedora, Perl Compatible Regular Expression Library, Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | |||||
CVE-2015-7804 | 2 Apple, Php | 2 Mac Os X, Php | 2024-11-21 | 6.8 MEDIUM | N/A |
Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive. | |||||
CVE-2015-7803 | 2 Apple, Php | 2 Mac Os X, Php | 2024-11-21 | 6.8 MEDIUM | N/A |
The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. | |||||
CVE-2015-7774 | 2 Pc-egg, Php | 2 Pwebmanager, Php | 2024-11-21 | 6.5 MEDIUM | N/A |
PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role. | |||||
CVE-2015-6838 | 2 Php, Xmlsoft | 2 Php, Libxml2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837. | |||||
CVE-2015-6837 | 2 Php, Xmlsoft | 2 Php, Libxml2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838. | |||||
CVE-2015-6836 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function. | |||||
CVE-2015-6835 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content. | |||||
CVE-2015-6834 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization. | |||||
CVE-2015-6833 | 1 Php | 1 Php | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call. | |||||
CVE-2015-6832 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field. | |||||
CVE-2015-6831 | 2 Debian, Php | 2 Debian Linux, Php | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization. | |||||
CVE-2015-6527 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function. | |||||
CVE-2015-6497 | 2 Magento, Php | 2 Magento, Php | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap. | |||||
CVE-2015-5590 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension. | |||||
CVE-2015-5589 | 1 Php | 1 Php | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call. | |||||
CVE-2015-4644 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352. | |||||
CVE-2015-4643 | 4 Debian, Oracle, Php and 1 more | 9 Debian Linux, Linux, Php and 6 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022. | |||||
CVE-2015-4642 | 2 Microsoft, Php | 2 Windows, Php | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function. | |||||
CVE-2015-4605 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a "Python script text executable" rule. |