VYPR

rpm package

opensuse/php7&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/php7&distro=openSUSE%20Tumbleweed

Vulnerabilities (121)

  • CVE-2022-37454Oct 21, 2022
    affected < 7.4.33-1.1fixed 7.4.33-1.1

    The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

  • CVE-2022-31628Sep 28, 2022
    affected < 7.4.32-1.1fixed 7.4.32-1.1

    In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

  • CVE-2021-21708Feb 27, 2022
    affected < 7.4.28-1.1fixed 7.4.28-1.1

    In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes,

  • CVE-2021-21707Nov 29, 2021
    affected < 7.4.26-1.1fixed 7.4.26-1.1

    In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as

  • CVE-2021-21703Oct 25, 2021
    affected < 7.4.25-1.1fixed 7.4.25-1.1

    In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memor

  • CVE-2021-21706Oct 4, 2021
    affected < 7.4.24-1.1fixed 7.4.24-1.1

    In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritt

  • CVE-2021-21702Feb 15, 2021
    affected < 7.4.24-2.1fixed 7.4.24-2.1

    In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.

  • CVE-2020-7068Sep 9, 2020
    affected < 7.4.24-2.1fixed 7.4.24-2.1

    In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

  • CVE-2020-7063Feb 27, 2020
    affected < 7.4.24-1.1fixed 7.4.24-1.1

    In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more re

  • CVE-2020-7062Feb 27, 2020
    affected < 7.4.24-1.1fixed 7.4.24-1.1

    In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to cle

  • CVE-2014-3622Feb 19, 2020
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value.

  • CVE-2015-2326Jan 14, 2020
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference,

  • CVE-2015-2325Jan 14, 2020
    affected < 7.0.14-1.4fixed 7.0.14-1.4

    The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward refere

  • CVE-2019-11046Dec 23, 2019
    affected < 7.4.24-1.1fixed 7.4.24-1.1

    In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS b

  • CVE-2019-11043KEVOct 28, 2019
    affected < 7.4.24-1.1fixed 7.4.24-1.1

    In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code exec

  • CVE-2019-11042Aug 9, 2019
    affected < 7.4.24-1.1fixed 7.4.24-1.1

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may

  • CVE-2019-11041Aug 9, 2019
    affected < 7.4.24-1.1fixed 7.4.24-1.1

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may

  • CVE-2019-11040Jun 18, 2019
    affected < 7.4.24-1.1fixed 7.4.24-1.1

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may

  • CVE-2019-11039Jun 18, 2019
    affected < 7.4.24-1.1fixed 7.4.24-1.1

    Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.

  • CVE-2019-11036May 3, 2019
    affected < 7.4.24-1.1fixed 7.4.24-1.1

    When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

Page 1 of 7