rpm package

suse/php5&distro=SUSE Linux Enterprise Server 11 SP2-LTSS

pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Vulnerabilities (15)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-5399	Hig	7.8	< 5.2.14-0.7.30.89.1	5.2.14-0.7.30.89.1	Apr 21, 2017	The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
CVE-2016-5772	Cri	9.8	< 5.2.14-0.7.30.89.1	5.2.14-0.7.30.89.1	Aug 7, 2016	Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted
CVE-2016-5769	Cri	9.8	< 5.2.14-0.7.30.89.1	5.2.14-0.7.30.89.1	Aug 7, 2016	Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a cr
CVE-2016-5767	Hig	8.8	< 5.2.14-0.7.30.89.1	5.2.14-0.7.30.89.1	Aug 7, 2016	Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and applicatio
CVE-2016-5766	Hig	8.8	< 5.2.14-0.7.30.89.1	5.2.14-0.7.30.89.1	Aug 7, 2016	Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and applicatio
CVE-2015-8935	Med	6.1	< 5.2.14-0.7.30.89.1	5.2.14-0.7.30.89.1	Aug 7, 2016	The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Ex
CVE-2016-6297	Hig	8.8	< 5.2.14-0.7.30.89.1	5.2.14-0.7.30.89.1	Jul 25, 2016	Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafte
CVE-2016-6296	Cri	9.8	< 5.2.14-0.7.30.89.1	5.2.14-0.7.30.89.1	Jul 25, 2016	Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have u
CVE-2016-6291	Cri	9.8	< 5.2.14-0.7.30.89.1	5.2.14-0.7.30.89.1	Jul 25, 2016	The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory,
CVE-2016-6290	Cri	9.8	< 5.2.14-0.7.30.89.1	5.2.14-0.7.30.89.1	Jul 25, 2016	ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors relate
CVE-2016-6289	Hig	7.8	< 5.2.14-0.7.30.89.1	5.2.14-0.7.30.89.1	Jul 25, 2016	Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted e
CVE-2016-6288	Cri	9.8	< 5.2.14-0.7.30.89.1	5.2.14-0.7.30.89.1	Jul 25, 2016	The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.
CVE-2015-6838	Hig	7.5	< 5.2.14-0.7.30.72.1	5.2.14-0.7.30.72.1	May 16, 2016	The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the
CVE-2015-6837	Hig	7.5	< 5.2.14-0.7.30.72.1	5.2.14-0.7.30.72.1	May 16, 2016	The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during ini
CVE-2015-6836	Hig	7.3	< 5.2.14-0.7.30.72.1	5.2.14-0.7.30.72.1	Jan 19, 2016	The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the seriali

CVE-2016-5399HigApr 21, 2017
affected < 5.2.14-0.7.30.89.1fixed 5.2.14-0.7.30.89.1
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
CVE-2016-5772CriAug 7, 2016
affected < 5.2.14-0.7.30.89.1fixed 5.2.14-0.7.30.89.1
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted
CVE-2016-5769CriAug 7, 2016
affected < 5.2.14-0.7.30.89.1fixed 5.2.14-0.7.30.89.1
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a cr
CVE-2016-5767HigAug 7, 2016
affected < 5.2.14-0.7.30.89.1fixed 5.2.14-0.7.30.89.1
Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and applicatio
CVE-2016-5766HigAug 7, 2016
affected < 5.2.14-0.7.30.89.1fixed 5.2.14-0.7.30.89.1
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and applicatio
CVE-2015-8935MedAug 7, 2016
affected < 5.2.14-0.7.30.89.1fixed 5.2.14-0.7.30.89.1
The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Ex
CVE-2016-6297HigJul 25, 2016
affected < 5.2.14-0.7.30.89.1fixed 5.2.14-0.7.30.89.1
Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafte
CVE-2016-6296CriJul 25, 2016
affected < 5.2.14-0.7.30.89.1fixed 5.2.14-0.7.30.89.1
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have u
CVE-2016-6291CriJul 25, 2016
affected < 5.2.14-0.7.30.89.1fixed 5.2.14-0.7.30.89.1
The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory,
CVE-2016-6290CriJul 25, 2016
affected < 5.2.14-0.7.30.89.1fixed 5.2.14-0.7.30.89.1
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors relate
CVE-2016-6289HigJul 25, 2016
affected < 5.2.14-0.7.30.89.1fixed 5.2.14-0.7.30.89.1
Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted e
CVE-2016-6288CriJul 25, 2016
affected < 5.2.14-0.7.30.89.1fixed 5.2.14-0.7.30.89.1
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data type.
CVE-2015-6838HigMay 16, 2016
affected < 5.2.14-0.7.30.72.1fixed 5.2.14-0.7.30.72.1
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the
CVE-2015-6837HigMay 16, 2016
affected < 5.2.14-0.7.30.72.1fixed 5.2.14-0.7.30.72.1
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during ini
CVE-2015-6836HigJan 19, 2016
affected < 5.2.14-0.7.30.72.1fixed 5.2.14-0.7.30.72.1
The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the seriali