rpm package
suse/php53&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (126)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-9675 | — | < 5.3.17-112.58.1 | 5.3.17-112.58.1 | Mar 11, 2019 | An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot | ||
| CVE-2019-9641 | — | < 5.3.17-112.58.1 | 5.3.17-112.58.1 | Mar 8, 2019 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. | ||
| CVE-2019-9640 | — | < 5.3.17-112.58.1 | 5.3.17-112.58.1 | Mar 8, 2019 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn. | ||
| CVE-2019-9639 | — | < 5.3.17-112.58.1 | 5.3.17-112.58.1 | Mar 8, 2019 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. | ||
| CVE-2019-9638 | — | < 5.3.17-112.58.1 | 5.3.17-112.58.1 | Mar 8, 2019 | An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. | ||
| CVE-2019-9637 | — | < 5.3.17-112.58.1 | 5.3.17-112.58.1 | Mar 8, 2019 | An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unau | ||
| CVE-2019-9024 | — | < 5.3.17-112.58.1 | 5.3.17-112.58.1 | Feb 22, 2019 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c. | ||
| CVE-2019-9023 | — | < 5.3.17-112.58.1 | 5.3.17-112.58.1 | Feb 22, 2019 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstr | ||
| CVE-2019-9021 | — | < 5.3.17-112.58.1 | 5.3.17-112.58.1 | Feb 22, 2019 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when tryi | ||
| CVE-2019-9020 | — | < 5.3.17-112.58.1 | 5.3.17-112.58.1 | Feb 22, 2019 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in | ||
| CVE-2018-20783 | — | < 5.3.17-112.58.1 | 5.3.17-112.58.1 | Feb 21, 2019 | In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_ | ||
| CVE-2019-6978 | — | < 5.3.17-112.53.1 | 5.3.17-112.53.1 | Jan 28, 2019 | The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. | ||
| CVE-2019-6977 | — | < 5.3.17-112.53.1 | 5.3.17-112.53.1 | Jan 27, 2019 | gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker | ||
| CVE-2018-19518 | — | < 5.3.17-112.45.1 | 5.3.17-112.45.1 | Nov 25, 2018 | University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, wh | ||
| CVE-2018-17082 | — | < 5.3.17-112.41.1 | 5.3.17-112.41.1 | Sep 16, 2018 | The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache | ||
| CVE-2018-14883 | — | < 5.3.17-112.38.1 | 5.3.17-112.38.1 | Aug 3, 2018 | An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c. | ||
| CVE-2018-14851 | — | < 5.3.17-112.38.1 | 5.3.17-112.38.1 | Aug 2, 2018 | exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file. | ||
| CVE-2017-9118 | — | < 5.3.17-112.38.1 | 5.3.17-112.38.1 | Aug 2, 2018 | PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call. | ||
| CVE-2018-12882 | — | < 5.3.17-112.28.1 | 5.3.17-112.28.1 | Jun 26, 2018 | exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function. | ||
| CVE-2018-10360 | — | < 5.3.17-112.28.1 | 5.3.17-112.28.1 | Jun 11, 2018 | The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file. |
- CVE-2019-9675Mar 11, 2019affected < 5.3.17-112.58.1fixed 5.3.17-112.58.1
An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot
- CVE-2019-9641Mar 8, 2019affected < 5.3.17-112.58.1fixed 5.3.17-112.58.1
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
- CVE-2019-9640Mar 8, 2019affected < 5.3.17-112.58.1fixed 5.3.17-112.58.1
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
- CVE-2019-9639Mar 8, 2019affected < 5.3.17-112.58.1fixed 5.3.17-112.58.1
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
- CVE-2019-9638Mar 8, 2019affected < 5.3.17-112.58.1fixed 5.3.17-112.58.1
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
- CVE-2019-9637Mar 8, 2019affected < 5.3.17-112.58.1fixed 5.3.17-112.58.1
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unau
- CVE-2019-9024Feb 22, 2019affected < 5.3.17-112.58.1fixed 5.3.17-112.58.1
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.
- CVE-2019-9023Feb 22, 2019affected < 5.3.17-112.58.1fixed 5.3.17-112.58.1
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstr
- CVE-2019-9021Feb 22, 2019affected < 5.3.17-112.58.1fixed 5.3.17-112.58.1
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when tryi
- CVE-2019-9020Feb 22, 2019affected < 5.3.17-112.58.1fixed 5.3.17-112.58.1
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in
- CVE-2018-20783Feb 21, 2019affected < 5.3.17-112.58.1fixed 5.3.17-112.58.1
In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_
- CVE-2019-6978Jan 28, 2019affected < 5.3.17-112.53.1fixed 5.3.17-112.53.1
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
- CVE-2019-6977Jan 27, 2019affected < 5.3.17-112.53.1fixed 5.3.17-112.53.1
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker
- CVE-2018-19518Nov 25, 2018affected < 5.3.17-112.45.1fixed 5.3.17-112.45.1
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, wh
- CVE-2018-17082Sep 16, 2018affected < 5.3.17-112.41.1fixed 5.3.17-112.41.1
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache
- CVE-2018-14883Aug 3, 2018affected < 5.3.17-112.38.1fixed 5.3.17-112.38.1
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.
- CVE-2018-14851Aug 2, 2018affected < 5.3.17-112.38.1fixed 5.3.17-112.38.1
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.
- CVE-2017-9118Aug 2, 2018affected < 5.3.17-112.38.1fixed 5.3.17-112.38.1
PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
- CVE-2018-12882Jun 26, 2018affected < 5.3.17-112.28.1fixed 5.3.17-112.28.1
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.
- CVE-2018-10360Jun 11, 2018affected < 5.3.17-112.28.1fixed 5.3.17-112.28.1
The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.
Page 1 of 7