rpm package
almalinux/php-pdo
pkg:rpm/almalinux/php-pdo
Vulnerabilities (87)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-9637 | — | < 7.2.24-1.module_el8.4.0+2228+7c76a223 | 7.2.24-1.module_el8.4.0+2228+7c76a223 | Mar 8, 2019 | An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unau | ||
| CVE-2019-9024 | — | < 7.2.24-1.module_el8.4.0+2228+7c76a223 | 7.2.24-1.module_el8.4.0+2228+7c76a223 | Feb 22, 2019 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c. | ||
| CVE-2019-9023 | — | < 7.2.24-1.module_el8.4.0+2228+7c76a223 | 7.2.24-1.module_el8.4.0+2228+7c76a223 | Feb 22, 2019 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstr | ||
| CVE-2019-9022 | — | < 7.2.24-1.module_el8.4.0+2228+7c76a223 | 7.2.24-1.module_el8.4.0+2228+7c76a223 | Feb 22, 2019 | An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. Thi | ||
| CVE-2019-9021 | — | < 7.2.24-1.module_el8.4.0+2228+7c76a223 | 7.2.24-1.module_el8.4.0+2228+7c76a223 | Feb 22, 2019 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when tryi | ||
| CVE-2019-9020 | — | < 7.2.24-1.module_el8.4.0+2228+7c76a223 | 7.2.24-1.module_el8.4.0+2228+7c76a223 | Feb 22, 2019 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in | ||
| CVE-2018-20783 | — | < 7.2.24-1.module_el8.4.0+2228+7c76a223 | 7.2.24-1.module_el8.4.0+2228+7c76a223 | Feb 21, 2019 | In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_ |
- CVE-2019-9637Mar 8, 2019affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unau
- CVE-2019-9024Feb 22, 2019affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.
- CVE-2019-9023Feb 22, 2019affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstr
- CVE-2019-9022Feb 22, 2019affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. Thi
- CVE-2019-9021Feb 22, 2019affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when tryi
- CVE-2019-9020Feb 22, 2019affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in
- CVE-2018-20783Feb 21, 2019affected < 7.2.24-1.module_el8.4.0+2228+7c76a223fixed 7.2.24-1.module_el8.4.0+2228+7c76a223
In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_
Page 5 of 5