VYPR

rpm package

opensuse/php8&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/php8&distro=openSUSE%20Tumbleweed

Vulnerabilities (150)

  • CVE-2014-4049Jun 18, 2014
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.

  • CVE-2014-0238Jun 1, 2014
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.

  • CVE-2014-0185May 6, 2014
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.

  • CVE-2013-7345Mar 24, 2014
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers

  • CVE-2014-2497Mar 21, 2014
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

  • CVE-2014-1943Feb 18, 2014
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.

  • CVE-2013-7327Feb 18, 2014
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL poin

  • CVE-2013-6420Dec 17, 2013
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a

  • CVE-2013-6712Nov 28, 2013
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

  • CVE-2013-4248Aug 18, 2013
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spo

  • CVE-2013-4113Jul 13, 2013
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct functio

  • CVE-2013-1643Mar 6, 2013
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlPa

  • CVE-2013-1635Mar 6, 2013
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP

  • CVE-2012-3365Jul 20, 2012
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.

  • CVE-2012-2688Jul 20, 2012
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."

  • CVE-2012-1823CriKEVMay 11, 2012
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options i

  • CVE-2012-0830Feb 6, 2012
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect

  • CVE-2011-4153Jan 18, 2012
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string

  • CVE-2011-4885Dec 30, 2011
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

  • CVE-2011-4566Nov 29, 2011
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in

Page 6 of 8