VYPR

rpm package

suse/php53&distro=SUSE Linux Enterprise Software Development Kit 11 SP3

pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP3

Vulnerabilities (7)

  • CVE-2015-6838HigMay 16, 2016
    affected < 5.3.17-48.1fixed 5.3.17-48.1

    The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the

  • CVE-2015-6837HigMay 16, 2016
    affected < 5.3.17-48.1fixed 5.3.17-48.1

    The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during ini

  • CVE-2015-5589CriMay 16, 2016
    affected < 5.3.17-45.1fixed 5.3.17-45.1

    The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly h

  • CVE-2015-6836HigJan 19, 2016
    affected < 5.3.17-48.1fixed 5.3.17-48.1

    The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the seriali

  • CVE-2015-6833HigJan 19, 2016
    affected < 5.3.17-48.1fixed 5.3.17-48.1

    Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.

  • CVE-2015-6831HigJan 19, 2016
    affected < 5.3.17-48.1fixed 5.3.17-48.1

    Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during

  • CVE-2015-5590HigJan 19, 2016
    affected < 5.3.17-45.1fixed 5.3.17-45.1

    Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstr