VYPR

rpm package

suse/php53&distro=SUSE OpenStack Cloud 5

pkg:rpm/suse/php53&distro=SUSE%20OpenStack%20Cloud%205

Vulnerabilities (55)

  • CVE-2016-7127CriSep 12, 2016
    affected < 5.3.17-84.1fixed 5.3.17-84.1

    The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different sign

  • CVE-2016-7126CriSep 12, 2016
    affected < 5.3.17-84.1fixed 5.3.17-84.1

    The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the number of colors, which allows remote attackers to cause a denial of service (select_colors allocation error and out-of-bounds write) or possibly have uns

  • CVE-2016-7125HigSep 12, 2016
    affected < 5.3.17-84.1fixed 5.3.17-84.1

    ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote attackers to inject arbitrary-type session data by leveraging control of a session name, as demonstrated by object injection.

  • CVE-2016-7124CriSep 12, 2016
    affected < 5.3.17-84.1fixed 5.3.17-84.1

    ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (

  • CVE-2016-5114CriAug 7, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and buffer

  • CVE-2016-5096HigAug 7, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer in the second argument.

  • CVE-2016-5095HigAug 7, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTER_SANITI

  • CVE-2016-5094HigAug 7, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars func

  • CVE-2016-5093HigAug 7, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly ha

  • CVE-2016-4544CriMay 22, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact v

  • CVE-2016-4543CriMay 22, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via craf

  • CVE-2016-4542CriMay 22, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other

  • CVE-2016-4541CriMay 22, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.

  • CVE-2016-4540CriMay 22, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset.

  • CVE-2016-4539CriMay 22, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in th

  • CVE-2016-4538CriMay 22, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allows remote attackers to cause a denia

  • CVE-2016-4537CriMay 22, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call.

  • CVE-2016-4346CriMay 22, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.

  • CVE-2016-4342HigMay 22, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2

  • CVE-2015-8879HigMay 22, 2016
    affected < 5.3.17-71.1fixed 5.3.17-71.1

    The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array func