rpm package
suse/php53&distro=SUSE Linux Enterprise Server 11 SP4
pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4
Vulnerabilities (126)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-6836 | Hig | 7.3 | < 5.3.17-48.1 | 5.3.17-48.1 | Jan 19, 2016 | The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the seriali | |
| CVE-2015-6833 | Hig | 7.5 | < 5.3.17-48.1 | 5.3.17-48.1 | Jan 19, 2016 | Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call. | |
| CVE-2015-6831 | Hig | 7.3 | < 5.3.17-48.1 | 5.3.17-48.1 | Jan 19, 2016 | Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during | |
| CVE-2015-5590 | Hig | 7.3 | < 5.3.17-45.1 | 5.3.17-45.1 | Jan 19, 2016 | Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstr | |
| CVE-2015-7803 | — | < 5.3.17-59.1 | 5.3.17-59.1 | Dec 11, 2015 | The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator ref | ||
| CVE-2014-3587 | — | < 5.3.17-79.2 | 5.3.17-79.2 | Aug 23, 2014 | Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vuln |
- affected < 5.3.17-48.1fixed 5.3.17-48.1
The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the seriali
- affected < 5.3.17-48.1fixed 5.3.17-48.1
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.
- affected < 5.3.17-48.1fixed 5.3.17-48.1
Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during
- affected < 5.3.17-45.1fixed 5.3.17-45.1
Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstr
- CVE-2015-7803Dec 11, 2015affected < 5.3.17-59.1fixed 5.3.17-59.1
The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator ref
- CVE-2014-3587Aug 23, 2014affected < 5.3.17-79.2fixed 5.3.17-79.2
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vuln
Page 7 of 7