CVE-2015-3330
- EPSS 14.08%
- Veröffentlicht 09.06.2015 18:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or p...
CVE-2015-3329
- EPSS 38.43%
- Veröffentlicht 09.06.2015 18:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) ph...
CVE-2015-3307
- EPSS 7.7%
- Veröffentlicht 09.06.2015 18:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a craf...
CVE-2015-2783
- EPSS 10.88%
- Veröffentlicht 09.06.2015 18:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length v...
CVE-2015-3416
- EPSS 5.53%
- Veröffentlicht 24.04.2015 17:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-b...
CVE-2015-3415
- EPSS 4.85%
- Veröffentlicht 24.04.2015 17:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact v...
CVE-2015-3414
- EPSS 4.85%
- Veröffentlicht 24.04.2015 17:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other im...
CVE-2015-2787
- EPSS 12.22%
- Veröffentlicht 30.03.2015 10:59:15
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call th...
- EPSS 8.59%
- Veröffentlicht 30.03.2015 10:59:14
- Zuletzt bearbeitet 06.05.2026 22:30:45
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extens...
CVE-2015-2331
- EPSS 27.69%
- Veröffentlicht 30.03.2015 10:59:12
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial ...