Search Results (Refine Search)
- CPE Product Version: cpe:/a:php:php:5.5.36
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-9426 |
The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable Published: December 30, 2014; 9:59:01 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-5459 |
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. Published: September 27, 2014; 6:55:05 AM -0400 |
V3.x:(not available) V2.0: 3.6 LOW |