VYPR

rpm package

opensuse/php8&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/php8&distro=openSUSE%20Tumbleweed

Vulnerabilities (150)

  • CVE-2011-3379Nov 3, 2011
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.

  • CVE-2011-2202Jun 16, 2011
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a cra

  • CVE-2011-1466Mar 20, 2011
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function.

  • CVE-2011-0708Mar 20, 2011
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.

  • CVE-2011-0421Mar 20, 2011
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive

  • CVE-2011-1153Mar 16, 2011
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via form

  • CVE-2011-1092Mar 15, 2011
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash) and possibly read sensitive memory via a large third argument to the shmop_read function.

  • CVE-2011-0420Feb 19, 2011
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.

  • CVE-2006-7243Jan 18, 2011
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists functio

  • CVE-2010-4645Jan 11, 2011
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handle

  • CVE-2010-4150Dec 7, 2010
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.

  • CVE-2010-3709Nov 9, 2010
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.

  • CVE-2010-3436Nov 9, 2010
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related to the length of a filename.

  • CVE-2010-3710Oct 25, 2010
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address strin

  • CVE-2010-2950Sep 28, 2010
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_str

  • CVE-2010-2225Jun 24, 2010
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute arbitrary code or obtain sensitive information via serialized data, related to the PHP unserialize function.

  • CVE-2008-0599CriMay 5, 2008
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

  • CVE-2007-4887Sep 14, 2007
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.

  • CVE-2007-4783Sep 10, 2007
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary

  • CVE-2006-1991Apr 24, 2006
    affected < 8.0.11-1.1fixed 8.0.11-1.1

    The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument.

Page 7 of 8