rpm package
suse/php7&distro=SUSE Enterprise Storage 7
pkg:rpm/suse/php7&distro=SUSE%20Enterprise%20Storage%207
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-7070 | — | < 7.4.33-150200.3.46.2 | 7.4.33-150200.3.46.2 | Oct 2, 2020 | In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading t | ||
| CVE-2020-7069 | — | < 7.4.33-150200.3.46.2 | 7.4.33-150200.3.46.2 | Oct 2, 2020 | In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. | ||
| CVE-2020-7068 | — | < 7.4.33-150200.3.46.2 | 7.4.33-150200.3.46.2 | Sep 9, 2020 | In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure. | ||
| CVE-2017-8923 | Cri | 9.8 | < 7.4.33-150200.3.46.2 | 7.4.33-150200.3.46.2 | May 12, 2017 | The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leve |
- CVE-2020-7070Oct 2, 2020affected < 7.4.33-150200.3.46.2fixed 7.4.33-150200.3.46.2
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading t
- CVE-2020-7069Oct 2, 2020affected < 7.4.33-150200.3.46.2fixed 7.4.33-150200.3.46.2
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
- CVE-2020-7068Sep 9, 2020affected < 7.4.33-150200.3.46.2fixed 7.4.33-150200.3.46.2
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
- affected < 7.4.33-150200.3.46.2fixed 7.4.33-150200.3.46.2
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leve
Page 2 of 2