VYPR

rpm package

suse/php5&distro=SUSE Linux Enterprise Module for Web and Scripting 12

pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012

Vulnerabilities (196)

  • CVE-2016-6288CriJul 25, 2016
    affected < 5.5.14-73.1fixed 5.5.14-73.1

    The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.

  • CVE-2016-3587CriJul 21, 2016
    affected < 5.5.14-73.1fixed 5.5.14-73.1

    Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.

  • CVE-2016-5385HigJul 19, 2016
    affected < 5.5.14-68.1fixed 5.5.14-68.1

    PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's

  • CVE-2016-4544CriMay 22, 2016
    affected < 5.5.14-59.2fixed 5.5.14-59.2

    The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact v

  • CVE-2016-4543CriMay 22, 2016
    affected < 5.5.14-59.2fixed 5.5.14-59.2

    The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via craf

  • CVE-2016-4542CriMay 22, 2016
    affected < 5.5.14-59.2fixed 5.5.14-59.2

    The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other

  • CVE-2016-4541CriMay 22, 2016
    affected < 5.5.14-59.2fixed 5.5.14-59.2

    The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.

  • CVE-2016-4540CriMay 22, 2016
    affected < 5.5.14-59.2fixed 5.5.14-59.2

    The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.

  • CVE-2016-4539CriMay 22, 2016
    affected < 5.5.14-59.2fixed 5.5.14-59.2

    The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in th

  • CVE-2016-4538CriMay 22, 2016
    affected < 5.5.14-59.2fixed 5.5.14-59.2

    The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denia

  • CVE-2016-4537CriMay 22, 2016
    affected < 5.5.14-59.2fixed 5.5.14-59.2

    The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.

  • CVE-2016-4346CriMay 22, 2016
    affected < 5.5.14-59.2fixed 5.5.14-59.2

    Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.

  • CVE-2016-4342HigMay 22, 2016
    affected < 5.5.14-59.2fixed 5.5.14-59.2

    ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2

  • CVE-2015-8879HigMay 22, 2016
    affected < 5.5.14-64.5fixed 5.5.14-64.5

    The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array func

  • CVE-2015-8877HigMay 22, 2016
    affected < 5.5.14-64.5fixed 5.5.14-64.5

    The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted

  • CVE-2015-8876CriMay 22, 2016
    affected < 5.5.14-64.5fixed 5.5.14-64.5

    Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method executio

  • CVE-2015-8867HigMay 22, 2016
    affected < 5.5.14-56.1fixed 5.5.14-56.1

    The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mech

  • CVE-2015-8866CriMay 22, 2016
    affected < 5.5.14-56.1fixed 5.5.14-56.1

    ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attack

  • CVE-2014-9767MedMay 22, 2016
    affected < 5.5.14-53.1fixed 5.5.14-53.1

    Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafte

  • CVE-2016-4073CriMay 20, 2016
    affected < 5.5.14-56.1fixed 5.5.14-56.1

    Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted

Page 7 of 10