rpm package
suse/php53&distro=SUSE Linux Enterprise Server 11 SP2-LTSS
pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS
Vulnerabilities (109)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-3487 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Jul 9, 2014 | The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF fi | ||
| CVE-2014-3480 | Med | 6.5 | < 5.3.17-47.1 | 5.3.17-47.1 | Jul 9, 2014 | The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CD | |
| CVE-2014-3479 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Jul 9, 2014 | The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted st | ||
| CVE-2014-3478 | Med | 6.5 | < 5.3.17-47.1 | 5.3.17-47.1 | Jul 9, 2014 | Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conv | |
| CVE-2014-0207 | Med | 6.5 | < 5.3.17-47.1 | 5.3.17-47.1 | Jul 9, 2014 | The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. | |
| CVE-2014-4721 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Jul 6, 2014 | The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive | ||
| CVE-2014-4049 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Jun 18, 2014 | Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function. | ||
| CVE-2006-7243 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Jan 18, 2011 | PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists functio | ||
| CVE-2004-1019 | — | < 5.3.17-47.1 | 5.3.17-47.1 | Jan 10, 2005 | The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index |
- CVE-2014-3487Jul 9, 2014affected < 5.3.17-47.1fixed 5.3.17-47.1
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF fi
- affected < 5.3.17-47.1fixed 5.3.17-47.1
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CD
- CVE-2014-3479Jul 9, 2014affected < 5.3.17-47.1fixed 5.3.17-47.1
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted st
- affected < 5.3.17-47.1fixed 5.3.17-47.1
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conv
- affected < 5.3.17-47.1fixed 5.3.17-47.1
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.
- CVE-2014-4721Jul 6, 2014affected < 5.3.17-47.1fixed 5.3.17-47.1
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive
- CVE-2014-4049Jun 18, 2014affected < 5.3.17-47.1fixed 5.3.17-47.1
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
- CVE-2006-7243Jan 18, 2011affected < 5.3.17-47.1fixed 5.3.17-47.1
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists functio
- CVE-2004-1019Jan 10, 2005affected < 5.3.17-47.1fixed 5.3.17-47.1
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index
Page 6 of 6