rpm package
suse/php53&distro=SUSE Linux Enterprise Server 11 SP2-LTSS
pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS
Vulnerabilities (109)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-2787 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Mar 30, 2015 | Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset | ||
| CVE-2015-2305 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Mar 30, 2015 | Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular express | ||
| CVE-2015-2301 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Mar 30, 2015 | Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar ar | ||
| CVE-2015-1352 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Mar 30, 2015 | The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. | ||
| CVE-2015-0273 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Mar 30, 2015 | Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handl | ||
| CVE-2014-9709 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Mar 30, 2015 | The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreate | ||
| CVE-2014-9705 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Mar 30, 2015 | Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries. | ||
| CVE-2014-9652 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Mar 30, 2015 | The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which mig | ||
| CVE-2015-0232 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Jan 27, 2015 | The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG | ||
| CVE-2015-0231 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Jan 27, 2015 | Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling | ||
| CVE-2014-8142 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Dec 20, 2014 | Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling | ||
| CVE-2014-3670 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Oct 29, 2014 | The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application cra | ||
| CVE-2014-3669 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Oct 29, 2014 | Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the u | ||
| CVE-2014-3668 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Oct 29, 2014 | Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a craf | ||
| CVE-2014-5459 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Sep 27, 2014 | The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. | ||
| CVE-2014-3597 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Aug 23, 2014 | Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_r | ||
| CVE-2014-3587 | — | < 5.3.17-55.1 | 5.3.17-55.1 | Aug 23, 2014 | Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vuln | ||
| CVE-2014-4698 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Jul 10, 2014 | Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting envi | ||
| CVE-2014-4670 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Jul 10, 2014 | Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environm | ||
| CVE-2014-3515 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Jul 9, 2014 | The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable d |
- CVE-2015-2787Mar 30, 2015affected < 5.3.17-47.1fixed 5.3.17-47.1
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset
- CVE-2015-2305Mar 30, 2015affected < 5.3.17-47.1fixed 5.3.17-47.1
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular express
- CVE-2015-2301Mar 30, 2015affected < 5.3.17-47.1fixed 5.3.17-47.1
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar ar
- CVE-2015-1352Mar 30, 2015affected < 5.3.17-47.1fixed 5.3.17-47.1
The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.
- CVE-2015-0273Mar 30, 2015affected < 5.3.17-47.1fixed 5.3.17-47.1
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handl
- CVE-2014-9709Mar 30, 2015affected < 5.3.17-47.1fixed 5.3.17-47.1
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreate
- CVE-2014-9705Mar 30, 2015affected < 5.3.17-47.1fixed 5.3.17-47.1
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.
- CVE-2014-9652Mar 30, 2015affected < 5.3.17-47.1fixed 5.3.17-47.1
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which mig
- CVE-2015-0232Jan 27, 2015affected < 5.3.17-47.1fixed 5.3.17-47.1
The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG
- CVE-2015-0231Jan 27, 2015affected < 5.3.17-47.1fixed 5.3.17-47.1
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling
- CVE-2014-8142Dec 20, 2014affected < 5.3.17-47.1fixed 5.3.17-47.1
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling
- CVE-2014-3670Oct 29, 2014affected < 5.3.17-47.1fixed 5.3.17-47.1
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application cra
- CVE-2014-3669Oct 29, 2014affected < 5.3.17-47.1fixed 5.3.17-47.1
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the u
- CVE-2014-3668Oct 29, 2014affected < 5.3.17-47.1fixed 5.3.17-47.1
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a craf
- CVE-2014-5459Sep 27, 2014affected < 5.3.17-47.1fixed 5.3.17-47.1
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.
- CVE-2014-3597Aug 23, 2014affected < 5.3.17-47.1fixed 5.3.17-47.1
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_r
- CVE-2014-3587Aug 23, 2014affected < 5.3.17-55.1fixed 5.3.17-55.1
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vuln
- CVE-2014-4698Jul 10, 2014affected < 5.3.17-47.1fixed 5.3.17-47.1
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting envi
- CVE-2014-4670Jul 10, 2014affected < 5.3.17-47.1fixed 5.3.17-47.1
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environm
- CVE-2014-3515Jul 9, 2014affected < 5.3.17-47.1fixed 5.3.17-47.1
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable d
Page 5 of 6