VYPR

rpm package

suse/php53&distro=SUSE Linux Enterprise Server 11 SP4

pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4

Vulnerabilities (126)

  • CVE-2016-7414CriSep 17, 2016
    affected < 5.3.17-84.1fixed 5.3.17-84.1

    The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impa

  • CVE-2016-7413CriSep 17, 2016
    affected < 5.3.17-84.1fixed 5.3.17-84.1

    Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a r

  • CVE-2016-7412HigSep 17, 2016
    affected < 5.3.17-84.1fixed 5.3.17-84.1

    ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via cra

  • CVE-2016-7411CriSep 17, 2016
    affected < 5.3.17-84.1fixed 5.3.17-84.1

    ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially construct

  • CVE-2016-7132HigSep 12, 2016
    affected < 5.3.17-84.1fixed 5.3.17-84.1

    ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deseriali

  • CVE-2016-7131HigSep 12, 2016
    affected < 5.3.17-84.1fixed 5.3.17-84.1

    ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserial

  • CVE-2016-7130HigSep 12, 2016
    affected < 5.3.17-84.1fixed 5.3.17-84.1

    The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as d

  • CVE-2016-7129CriSep 12, 2016
    affected < 5.3.17-84.1fixed 5.3.17-84.1

    The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a wddx_deser

  • CVE-2016-7128MedSep 12, 2016
    affected < 5.3.17-84.1fixed 5.3.17-84.1

    The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that exceeds the file size, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.

  • CVE-2016-7127CriSep 12, 2016
    affected < 5.3.17-84.1fixed 5.3.17-84.1

    The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different sign

  • CVE-2016-7126CriSep 12, 2016
    affected < 5.3.17-84.1fixed 5.3.17-84.1

    The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have uns

  • CVE-2016-7125HigSep 12, 2016
    affected < 5.3.17-84.1fixed 5.3.17-84.1

    ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.

  • CVE-2016-7124CriSep 12, 2016
    affected < 5.3.17-84.1fixed 5.3.17-84.1

    ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (

  • CVE-2016-5773CriAug 7, 2016
    affected < 5.3.17-112.20.1fixed 5.3.17-112.20.1

    php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and

  • CVE-2016-5772CriAug 7, 2016
    affected < 5.3.17-74.1fixed 5.3.17-74.1

    Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted

  • CVE-2016-5771CriAug 7, 2016
    affected < 5.3.17-112.20.1fixed 5.3.17-112.20.1

    spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application cras

  • CVE-2016-5769CriAug 7, 2016
    affected < 5.3.17-74.1fixed 5.3.17-74.1

    Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a cr

  • CVE-2016-5767HigAug 7, 2016
    affected < 5.3.17-74.1fixed 5.3.17-74.1

    Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and applicatio

  • CVE-2016-5766HigAug 7, 2016
    affected < 5.3.17-74.1fixed 5.3.17-74.1

    Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and applicatio

  • CVE-2016-5114CriAug 7, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer

Page 4 of 7