VYPR

rpm package

suse/php5&distro=SUSE Linux Enterprise Software Development Kit 12 SP2

pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2

Vulnerabilities (35)

  • CVE-2016-10166CriMar 15, 2017
    affected < 5.5.14-96.1fixed 5.5.14-96.1

    Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.

  • CVE-2015-8994HigMar 2, 2017
    affected < 5.5.14-99.1fixed 5.5.14-99.1

    An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vuln

  • CVE-2016-10161HigJan 24, 2017
    affected < 5.5.14-96.1fixed 5.5.14-96.1

    The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finis

  • CVE-2016-10160CriJan 24, 2017
    affected < 5.5.14-96.1fixed 5.5.14-96.1

    Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.

  • CVE-2016-10159HigJan 24, 2017
    affected < 5.5.14-96.1fixed 5.5.14-96.1

    Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.

  • CVE-2016-10158HigJan 24, 2017
    affected < 5.5.14-96.1fixed 5.5.14-96.1

    The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable ne

  • CVE-2016-7478HigJan 11, 2017
    affected < 5.5.14-96.1fixed 5.5.14-96.1

    Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.

  • CVE-2016-9935CriJan 4, 2017
    affected < 5.5.14-89.2fixed 5.5.14-89.2

    The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket

  • CVE-2016-9934HigJan 4, 2017
    affected < 5.5.14-89.2fixed 5.5.14-89.2

    ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.

  • CVE-2016-9933HigJan 4, 2017
    affected < 5.5.14-89.2fixed 5.5.14-89.2

    Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefi

  • CVE-2016-9137CriJan 4, 2017
    affected < 5.5.14-86.2fixed 5.5.14-86.2

    Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wa

  • CVE-2016-5773CriAug 7, 2016
    affected < 5.5.14-86.2fixed 5.5.14-86.2

    php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and

  • CVE-2016-5766HigAug 7, 2016
    affected < 5.5.14-109.5.1fixed 5.5.14-109.5.1

    Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and applicatio

  • CVE-2016-6294CriJul 25, 2016
    affected < 5.5.14-108.1fixed 5.5.14-108.1

    The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (o

  • CVE-2015-4025Jun 9, 2015
    affected < 5.5.14-109.13.1fixed 5.5.14-109.13.1

    PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafte

Page 2 of 2