VYPR

rpm package

opensuse/php8&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/php8&distro=openSUSE%20Tumbleweed

Vulnerabilities (150)

  • CVE-2018-1000222HigAug 20, 2018
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed

  • CVE-2018-14851MedAug 2, 2018
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.

  • CVE-2017-9120CriAug 2, 2018
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.

  • CVE-2018-12882CriJun 26, 2018
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.

  • CVE-2015-3152MedMay 16, 2016
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack

  • CVE-2015-3415Apr 24, 2015
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as

  • CVE-2015-3414Apr 24, 2015
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE cla

  • CVE-2015-1351Mar 30, 2015
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2015-0273Mar 30, 2015
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handl

  • CVE-2015-0235Jan 28, 2015
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

  • CVE-2015-0231Jan 27, 2015
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling

  • CVE-2014-9427Jan 3, 2015
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a ne

  • CVE-2014-9426HigDec 31, 2014
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possi

  • CVE-2014-3670Oct 29, 2014
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application cra

  • CVE-2014-3668Oct 29, 2014
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a craf

  • CVE-2014-5459Sep 27, 2014
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.

  • CVE-2014-3597Aug 23, 2014
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_r

  • CVE-2014-4698Jul 10, 2014
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting envi

  • CVE-2014-4670Jul 10, 2014
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environm

  • CVE-2014-3538Jul 3, 2014
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists

Page 5 of 8