CVE-2014-0185
- EPSS 0.51%
- Veröffentlicht 06.05.2014 10:44:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.
- EPSS 3.04%
- Veröffentlicht 24.03.2014 16:31:08
- Zuletzt bearbeitet 06.05.2026 22:30:45
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a cra...
CVE-2014-2497
- EPSS 22.32%
- Veröffentlicht 21.03.2014 14:55:12
- Zuletzt bearbeitet 06.05.2026 22:30:45
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
CVE-2014-2270
- EPSS 4.32%
- Veröffentlicht 14.03.2014 15:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
- EPSS 5.07%
- Veröffentlicht 18.02.2014 19:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
- EPSS 2.53%
- Veröffentlicht 18.02.2014 11:55:17
- Zuletzt bearbeitet 29.04.2026 01:13:23
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function...
CVE-2013-7328
- EPSS 1.49%
- Veröffentlicht 18.02.2014 11:55:16
- Zuletzt bearbeitet 29.04.2026 01:13:23
Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a nega...
CVE-2013-7226
- EPSS 6.73%
- Veröffentlicht 18.02.2014 11:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dim...
CVE-2013-7327
- EPSS 2.68%
- Veröffentlicht 18.02.2014 11:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments t...
- EPSS 2.81%
- Veröffentlicht 15.02.2014 14:57:07
- Zuletzt bearbeitet 29.04.2026 01:13:23
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.