Redhat

Enterprise Linux Server Eus

622 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2015-4643

Exploit
  • EPSS 10.69%
  • Veröffentlicht 16.05.2016 10:59:15
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer ov...

7.5

CVE-2015-4605

Exploit
  • EPSS 9.11%
  • Veröffentlicht 16.05.2016 10:59:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of ...

7.5

CVE-2015-4604

Exploit
  • EPSS 9.11%
  • Veröffentlicht 16.05.2016 10:59:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a den...

10

CVE-2015-4603

Exploit
  • EPSS 8.13%
  • Veröffentlicht 16.05.2016 10:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.

10

CVE-2015-4602

Exploit
  • EPSS 12.86%
  • Veröffentlicht 16.05.2016 10:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a...

10

CVE-2015-4601

  • EPSS 21.38%
  • Veröffentlicht 16.05.2016 10:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c,...

10

CVE-2015-4600

Exploit
  • EPSS 10.74%
  • Veröffentlicht 16.05.2016 10:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type ...

10

CVE-2015-4599

Exploit
  • EPSS 6.57%
  • Veröffentlicht 16.05.2016 10:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrar...

7.5

CVE-2015-4598

  • EPSS 1.19%
  • Veröffentlicht 16.05.2016 10:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument...

5.3

CVE-2015-3412

Exploit
  • EPSS 1.01%
  • Veröffentlicht 16.05.2016 10:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_pat...