VYPR

rpm package

suse/php7&distro=SUSE Enterprise Storage 7

pkg:rpm/suse/php7&distro=SUSE%20Enterprise%20Storage%207

Vulnerabilities (24)

  • CVE-2020-7070Oct 2, 2020
    affected < 7.4.33-150200.3.46.2fixed 7.4.33-150200.3.46.2

    In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading t

  • CVE-2020-7069Oct 2, 2020
    affected < 7.4.33-150200.3.46.2fixed 7.4.33-150200.3.46.2

    In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.

  • CVE-2020-7068Sep 9, 2020
    affected < 7.4.33-150200.3.46.2fixed 7.4.33-150200.3.46.2

    In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

  • CVE-2017-8923CriMay 12, 2017
    affected < 7.4.33-150200.3.46.2fixed 7.4.33-150200.3.46.2

    The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leve

Page 2 of 2