VYPR

rpm package

suse/php5&distro=SUSE Linux Enterprise Module for Web and Scripting 12

pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012

Vulnerabilities (196)

  • CVE-2015-3329Jun 9, 2015
    affected < 5.5.14-22.1fixed 5.5.14-22.1

    Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

  • CVE-2015-2783Jun 9, 2015
    affected < 5.5.14-22.1fixed 5.5.14-22.1

    ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with craft

  • CVE-2015-2787Mar 30, 2015
    affected < 5.5.14-22.1fixed 5.5.14-22.1

    Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset

  • CVE-2015-2348Mar 30, 2015
    affected < 5.5.14-22.1fixed 5.5.14-22.1

    The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create fi

  • CVE-2015-2305Mar 30, 2015
    affected < 5.5.14-22.1fixed 5.5.14-22.1

    Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular express

  • CVE-2015-2301Mar 30, 2015
    affected < 5.5.14-22.1fixed 5.5.14-22.1

    Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar ar

  • CVE-2015-1351Mar 30, 2015
    affected < 5.5.14-109.63.2fixed 5.5.14-109.63.2

    Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2015-0273Mar 30, 2015
    affected < 5.5.14-15.1fixed 5.5.14-15.1

    Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handl

  • CVE-2014-9709Mar 30, 2015
    affected < 5.5.14-22.1fixed 5.5.14-22.1

    The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreate

  • CVE-2014-9705Mar 30, 2015
    affected < 5.5.14-22.1fixed 5.5.14-22.1

    Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

  • CVE-2014-9652Mar 30, 2015
    affected < 5.5.14-15.1fixed 5.5.14-15.1

    The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which mig

  • CVE-2015-0232Jan 27, 2015
    affected < 5.5.14-11.3fixed 5.5.14-11.3

    The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG

  • CVE-2015-0231Jan 27, 2015
    affected < 5.5.14-11.3fixed 5.5.14-11.3

    Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling

  • CVE-2014-9427Jan 3, 2015
    affected < 5.5.14-11.3fixed 5.5.14-11.3

    sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a ne

  • CVE-2014-8142Dec 20, 2014
    affected < 5.5.14-11.3fixed 5.5.14-11.3

    Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling

  • CVE-2014-3587Aug 23, 2014
    affected < 5.5.14-73.1fixed 5.5.14-73.1

    Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vuln

Page 10 of 10