CVE-2014-3669
- EPSS 28.86%
- Veröffentlicht 29.10.2014 10:55:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary...
CVE-2014-3670
- EPSS 22.63%
- Veröffentlicht 29.10.2014 10:55:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory ...
CVE-2014-5459
- EPSS 0.64%
- Veröffentlicht 27.09.2014 10:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache...
CVE-2014-3597
- EPSS 15.43%
- Veröffentlicht 23.08.2014 01:55:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS re...
CVE-2014-5120
- EPSS 16.93%
- Veröffentlicht 23.08.2014 01:55:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) ...
CVE-2014-3587
- EPSS 20.24%
- Veröffentlicht 23.08.2014 01:55:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a craf...
CVE-2014-4698
- EPSS 0.68%
- Veröffentlicht 10.07.2014 11:06:29
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applicatio...
CVE-2014-4670
- EPSS 0.71%
- Veröffentlicht 10.07.2014 11:06:28
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications i...
CVE-2014-0207
- EPSS 16.85%
- Veröffentlicht 09.07.2014 11:07:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a craft...
- EPSS 15.18%
- Veröffentlicht 09.07.2014 11:07:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal...