rpm package
suse/php53&distro=SUSE Linux Enterprise Server 11 SP4-LTSS
pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-21702 | — | < 5.3.17-112.99.2 | 5.3.17-112.99.2 | Feb 15, 2021 | In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash. | ||
| CVE-2020-7070 | — | < 5.3.17-112.93.1 | 5.3.17-112.93.1 | Oct 2, 2020 | In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading t | ||
| CVE-2020-7059 | — | < 5.3.17-112.79.1 | 5.3.17-112.79.1 | Feb 10, 2020 | When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or cr | ||
| CVE-2019-20433 | — | < 5.3.17-112.79.1 | 5.3.17-112.79.1 | Jan 27, 2020 | libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable. | ||
| CVE-2019-11050 | — | < 5.3.17-112.79.1 | 5.3.17-112.79.1 | Dec 23, 2019 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf | ||
| CVE-2019-11047 | — | < 5.3.17-112.79.1 | 5.3.17-112.79.1 | Dec 23, 2019 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf | ||
| CVE-2019-11046 | — | < 5.3.17-112.79.1 | 5.3.17-112.79.1 | Dec 23, 2019 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS b | ||
| CVE-2019-11045 | — | < 5.3.17-112.79.1 | 5.3.17-112.79.1 | Dec 23, 2019 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is all | ||
| CVE-2019-11042 | — | < 5.3.17-112.71.1 | 5.3.17-112.71.1 | Aug 9, 2019 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may | ||
| CVE-2019-11041 | — | < 5.3.17-112.71.1 | 5.3.17-112.71.1 | Aug 9, 2019 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may | ||
| CVE-2019-11038 | — | < 5.3.17-112.71.1 | 5.3.17-112.71.1 | Jun 18, 2019 | When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value o |
- CVE-2021-21702Feb 15, 2021affected < 5.3.17-112.99.2fixed 5.3.17-112.99.2
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
- CVE-2020-7070Oct 2, 2020affected < 5.3.17-112.93.1fixed 5.3.17-112.93.1
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading t
- CVE-2020-7059Feb 10, 2020affected < 5.3.17-112.79.1fixed 5.3.17-112.79.1
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or cr
- CVE-2019-20433Jan 27, 2020affected < 5.3.17-112.79.1fixed 5.3.17-112.79.1
libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.
- CVE-2019-11050Dec 23, 2019affected < 5.3.17-112.79.1fixed 5.3.17-112.79.1
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf
- CVE-2019-11047Dec 23, 2019affected < 5.3.17-112.79.1fixed 5.3.17-112.79.1
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf
- CVE-2019-11046Dec 23, 2019affected < 5.3.17-112.79.1fixed 5.3.17-112.79.1
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS b
- CVE-2019-11045Dec 23, 2019affected < 5.3.17-112.79.1fixed 5.3.17-112.79.1
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is all
- CVE-2019-11042Aug 9, 2019affected < 5.3.17-112.71.1fixed 5.3.17-112.71.1
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may
- CVE-2019-11041Aug 9, 2019affected < 5.3.17-112.71.1fixed 5.3.17-112.71.1
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may
- CVE-2019-11038Jun 18, 2019affected < 5.3.17-112.71.1fixed 5.3.17-112.71.1
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value o