VYPR

rpm package

suse/php53&distro=SUSE Linux Enterprise Server 11 SP3-LTSS

pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS

Vulnerabilities (65)

  • CVE-2015-8835CriMay 16, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application cra

  • CVE-2015-4116CriMay 16, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation.

  • CVE-2016-3142HigMar 31, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06

  • CVE-2016-3141CriMar 31, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call

  • CVE-2015-7803Dec 11, 2015
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator ref

Page 4 of 4