rpm package

suse/php53&distro=SUSE Linux Enterprise Server 11 SP2-LTSS

pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Vulnerabilities (109)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-5399	Hig	7.8	< 5.3.17-55.1	5.3.17-55.1	Apr 21, 2017	The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
CVE-2016-7418	Hig	7.5	< 5.3.17-58.1	5.3.17-58.1	Sep 17, 2016	The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wd
CVE-2016-7417	Cri	9.8	< 5.3.17-58.1	5.3.17-58.1	Sep 17, 2016	ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.
CVE-2016-7416	Hig	7.5	< 5.3.17-58.1	5.3.17-58.1	Sep 17, 2016	ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecifi
CVE-2016-7414	Cri	9.8	< 5.3.17-58.1	5.3.17-58.1	Sep 17, 2016	The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impa
CVE-2016-7413	Cri	9.8	< 5.3.17-58.1	5.3.17-58.1	Sep 17, 2016	Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a r
CVE-2016-7412	Hig	8.1	< 5.3.17-58.1	5.3.17-58.1	Sep 17, 2016	ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via cra
CVE-2016-7411	Cri	9.8	< 5.3.17-58.1	5.3.17-58.1	Sep 17, 2016	ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially construct
CVE-2016-7132	Hig	7.5	< 5.3.17-55.1	5.3.17-55.1	Sep 12, 2016	ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deseriali
CVE-2016-7131	Hig	7.5	< 5.3.17-55.1	5.3.17-55.1	Sep 12, 2016	ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserial
CVE-2016-7130	Hig	7.5	< 5.3.17-55.1	5.3.17-55.1	Sep 12, 2016	The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as d
CVE-2016-7129	Cri	9.8	< 5.3.17-55.1	5.3.17-55.1	Sep 12, 2016	The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deser
CVE-2016-7128	Med	5.3	< 5.3.17-55.1	5.3.17-55.1	Sep 12, 2016	The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
CVE-2016-7127	Cri	9.8	< 5.3.17-55.1	5.3.17-55.1	Sep 12, 2016	The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different sign
CVE-2016-7126	Cri	9.8	< 5.3.17-55.1	5.3.17-55.1	Sep 12, 2016	The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have uns
CVE-2016-7125	Hig	7.5	< 5.3.17-55.1	5.3.17-55.1	Sep 12, 2016	ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.
CVE-2016-7124	Cri	9.8	< 5.3.17-55.1	5.3.17-55.1	Sep 12, 2016	ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (
CVE-2016-5114	Cri	9.1	< 5.3.17-47.1	5.3.17-47.1	Aug 7, 2016	sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer
CVE-2016-5096	Hig	8.6	< 5.3.17-47.1	5.3.17-47.1	Aug 7, 2016	Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.
CVE-2016-5095	Hig	8.6	< 5.3.17-47.1	5.3.17-47.1	Aug 7, 2016	Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTER_SANITI

CVE-2016-5399HigApr 21, 2017
affected < 5.3.17-55.1fixed 5.3.17-55.1
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
CVE-2016-7418HigSep 17, 2016
affected < 5.3.17-58.1fixed 5.3.17-58.1
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wd
CVE-2016-7417CriSep 17, 2016
affected < 5.3.17-58.1fixed 5.3.17-58.1
ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data.
CVE-2016-7416HigSep 17, 2016
affected < 5.3.17-58.1fixed 5.3.17-58.1
ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecifi
CVE-2016-7414CriSep 17, 2016
affected < 5.3.17-58.1fixed 5.3.17-58.1
The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impa
CVE-2016-7413CriSep 17, 2016
affected < 5.3.17-58.1fixed 5.3.17-58.1
Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a r
CVE-2016-7412HigSep 17, 2016
affected < 5.3.17-58.1fixed 5.3.17-58.1
ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via cra
CVE-2016-7411CriSep 17, 2016
affected < 5.3.17-58.1fixed 5.3.17-58.1
ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially construct
CVE-2016-7132HigSep 12, 2016
affected < 5.3.17-55.1fixed 5.3.17-55.1
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deseriali
CVE-2016-7131HigSep 12, 2016
affected < 5.3.17-55.1fixed 5.3.17-55.1
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserial
CVE-2016-7130HigSep 12, 2016
affected < 5.3.17-55.1fixed 5.3.17-55.1
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as d
CVE-2016-7129CriSep 12, 2016
affected < 5.3.17-55.1fixed 5.3.17-55.1
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deser
CVE-2016-7128MedSep 12, 2016
affected < 5.3.17-55.1fixed 5.3.17-55.1
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
CVE-2016-7127CriSep 12, 2016
affected < 5.3.17-55.1fixed 5.3.17-55.1
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different sign
CVE-2016-7126CriSep 12, 2016
affected < 5.3.17-55.1fixed 5.3.17-55.1
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have uns
CVE-2016-7125HigSep 12, 2016
affected < 5.3.17-55.1fixed 5.3.17-55.1
ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.
CVE-2016-7124CriSep 12, 2016
affected < 5.3.17-55.1fixed 5.3.17-55.1
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (
CVE-2016-5114CriAug 7, 2016
affected < 5.3.17-47.1fixed 5.3.17-47.1
sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer
CVE-2016-5096HigAug 7, 2016
affected < 5.3.17-47.1fixed 5.3.17-47.1
Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.
CVE-2016-5095HigAug 7, 2016
affected < 5.3.17-47.1fixed 5.3.17-47.1
Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTER_SANITI

Page 1 of 6