VYPR

rpm package

opensuse/php5&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/php5&distro=openSUSE%20Tumbleweed

Vulnerabilities (71)

  • CVE-2014-3622CriFeb 19, 2020
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.

  • CVE-2015-2326MedJan 14, 2020
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference,

  • CVE-2015-2325HigJan 14, 2020
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward refere

  • CVE-2015-3152MedMay 16, 2016
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack

  • CVE-2015-4024Jun 9, 2015
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper

  • CVE-2015-3416Apr 24, 2015
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possi

  • CVE-2015-3415Apr 24, 2015
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as

  • CVE-2015-3414Apr 24, 2015
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE cla

  • CVE-2015-2331Mar 30, 2015
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash)

  • CVE-2015-2305Mar 30, 2015
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular express

  • CVE-2015-1352Mar 30, 2015
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.

  • CVE-2015-1351Mar 30, 2015
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2015-0273Mar 30, 2015
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handl

  • CVE-2015-0235Jan 28, 2015
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

  • CVE-2015-0232Jan 27, 2015
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG

  • CVE-2015-0231Jan 27, 2015
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling

  • CVE-2014-9427Jan 3, 2015
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a ne

  • CVE-2014-9426HigDec 31, 2014
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possi

  • CVE-2014-3670Oct 29, 2014
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application cra

  • CVE-2014-3669Oct 29, 2014
    affected < 5.6.28-1.1fixed 5.6.28-1.1

    Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the u

Page 1 of 4