VYPR

rpm package

opensuse/php7&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/php7&distro=openSUSE%20Tumbleweed

Vulnerabilities (121)

  • CVE-2015-3152MedMay 16, 2016
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack

  • CVE-2015-3416Apr 24, 2015
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possi

  • CVE-2015-3415Apr 24, 2015
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as

  • CVE-2015-3414Apr 24, 2015
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE cla

  • CVE-2015-2331Mar 30, 2015
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash)

  • CVE-2015-2305Mar 30, 2015
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular express

  • CVE-2015-1352Mar 30, 2015
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.

  • CVE-2015-1351Mar 30, 2015
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2015-0273Mar 30, 2015
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handl

  • CVE-2015-0235Jan 28, 2015
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

  • CVE-2015-0232Jan 27, 2015
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG

  • CVE-2015-0231Jan 27, 2015
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling

  • CVE-2014-9427Jan 3, 2015
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a ne

  • CVE-2014-9426HigDec 31, 2014
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possi

  • CVE-2014-3670Oct 29, 2014
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application cra

  • CVE-2014-3669Oct 29, 2014
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the u

  • CVE-2014-3668Oct 29, 2014
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a craf

  • CVE-2014-5459Sep 27, 2014
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.

  • CVE-2014-5120Aug 23, 2014
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) ima

  • CVE-2014-3597Aug 23, 2014
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_r

Page 3 of 7