rpm package

suse/php5&distro=SUSE Linux Enterprise Software Development Kit 12

pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012

Vulnerabilities (75)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-5096	Hig	8.6	< 5.5.14-64.5	5.5.14-64.5	Aug 7, 2016	Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.
CVE-2016-5095	Hig	8.6	< 5.5.14-64.5	5.5.14-64.5	Aug 7, 2016	Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTER_SANITI
CVE-2016-5094	Hig	8.6	< 5.5.14-64.5	5.5.14-64.5	Aug 7, 2016	Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars func
CVE-2016-5093	Hig	8.6	< 5.5.14-64.5	5.5.14-64.5	Aug 7, 2016	The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly ha
CVE-2013-7456	Hig	7.6	< 5.5.14-64.5	5.5.14-64.5	Aug 7, 2016	gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image
CVE-2016-4544	Cri	9.8	< 5.5.14-59.2	5.5.14-59.2	May 22, 2016	The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact v
CVE-2016-4543	Cri	9.8	< 5.5.14-59.2	5.5.14-59.2	May 22, 2016	The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via craf
CVE-2016-4542	Cri	9.8	< 5.5.14-59.2	5.5.14-59.2	May 22, 2016	The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other
CVE-2016-4541	Cri	9.8	< 5.5.14-59.2	5.5.14-59.2	May 22, 2016	The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.
CVE-2016-4540	Cri	9.8	< 5.5.14-59.2	5.5.14-59.2	May 22, 2016	The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.
CVE-2016-4539	Cri	9.8	< 5.5.14-59.2	5.5.14-59.2	May 22, 2016	The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in th
CVE-2016-4538	Cri	9.8	< 5.5.14-59.2	5.5.14-59.2	May 22, 2016	The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denia
CVE-2016-4537	Cri	9.8	< 5.5.14-59.2	5.5.14-59.2	May 22, 2016	The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.
CVE-2016-4346	Cri	9.8	< 5.5.14-59.2	5.5.14-59.2	May 22, 2016	Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.
CVE-2016-4342	Hig	8.8	< 5.5.14-59.2	5.5.14-59.2	May 22, 2016	ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2
CVE-2015-8879	Hig	7.5	< 5.5.14-64.5	5.5.14-64.5	May 22, 2016	The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array func
CVE-2015-8877	Hig	7.5	< 5.5.14-64.5	5.5.14-64.5	May 22, 2016	The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted
CVE-2015-8876	Cri	9.8	< 5.5.14-64.5	5.5.14-64.5	May 22, 2016	Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method executio
CVE-2015-8867	Hig	7.5	< 5.5.14-56.1	5.5.14-56.1	May 22, 2016	The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mech
CVE-2015-8866	Cri	9.6	< 5.5.14-56.1	5.5.14-56.1	May 22, 2016	ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attack

CVE-2016-5096HigAug 7, 2016
affected < 5.5.14-64.5fixed 5.5.14-64.5
Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.
CVE-2016-5095HigAug 7, 2016
affected < 5.5.14-64.5fixed 5.5.14-64.5
Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTER_SANITI
CVE-2016-5094HigAug 7, 2016
affected < 5.5.14-64.5fixed 5.5.14-64.5
Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars func
CVE-2016-5093HigAug 7, 2016
affected < 5.5.14-64.5fixed 5.5.14-64.5
The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly ha
CVE-2013-7456HigAug 7, 2016
affected < 5.5.14-64.5fixed 5.5.14-64.5
gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.1.1, as used in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted image
CVE-2016-4544CriMay 22, 2016
affected < 5.5.14-59.2fixed 5.5.14-59.2
The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact v
CVE-2016-4543CriMay 22, 2016
affected < 5.5.14-59.2fixed 5.5.14-59.2
The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via craf
CVE-2016-4542CriMay 22, 2016
affected < 5.5.14-59.2fixed 5.5.14-59.2
The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other
CVE-2016-4541CriMay 22, 2016
affected < 5.5.14-59.2fixed 5.5.14-59.2
The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.
CVE-2016-4540CriMay 22, 2016
affected < 5.5.14-59.2fixed 5.5.14-59.2
The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.
CVE-2016-4539CriMay 22, 2016
affected < 5.5.14-59.2fixed 5.5.14-59.2
The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in th
CVE-2016-4538CriMay 22, 2016
affected < 5.5.14-59.2fixed 5.5.14-59.2
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denia
CVE-2016-4537CriMay 22, 2016
affected < 5.5.14-59.2fixed 5.5.14-59.2
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.
CVE-2016-4346CriMay 22, 2016
affected < 5.5.14-59.2fixed 5.5.14-59.2
Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.
CVE-2016-4342HigMay 22, 2016
affected < 5.5.14-59.2fixed 5.5.14-59.2
ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2
CVE-2015-8879HigMay 22, 2016
affected < 5.5.14-64.5fixed 5.5.14-64.5
The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array func
CVE-2015-8877HigMay 22, 2016
affected < 5.5.14-64.5fixed 5.5.14-64.5
The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service (memory consumption) via a crafted
CVE-2015-8876CriMay 22, 2016
affected < 5.5.14-64.5fixed 5.5.14-64.5
Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger unintended method executio
CVE-2015-8867HigMay 22, 2016
affected < 5.5.14-56.1fixed 5.5.14-56.1
The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mech
CVE-2015-8866CriMay 22, 2016
affected < 5.5.14-56.1fixed 5.5.14-56.1
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attack

Page 1 of 4