rpm package
suse/php7&distro=SUSE Linux Enterprise Module for Web and Scripting 15
pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015
Vulnerabilities (30)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-9022 | — | < 7.2.5-4.32.1 | 7.2.5-4.32.1 | Feb 22, 2019 | An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. Thi | ||
| CVE-2019-9021 | — | < 7.2.5-4.32.1 | 7.2.5-4.32.1 | Feb 22, 2019 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when tryi | ||
| CVE-2019-9020 | — | < 7.2.5-4.32.1 | 7.2.5-4.32.1 | Feb 22, 2019 | An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in | ||
| CVE-2018-20783 | — | < 7.2.5-4.32.1 | 7.2.5-4.32.1 | Feb 21, 2019 | In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_ | ||
| CVE-2018-19935 | — | < 7.2.5-4.32.1 | 7.2.5-4.32.1 | Dec 7, 2018 | ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function. | ||
| CVE-2018-17082 | — | < 7.2.5-4.12.2 | 7.2.5-4.12.2 | Sep 16, 2018 | The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache | ||
| CVE-2018-1000222 | — | < 7.2.5-4.9.1 | 7.2.5-4.9.1 | Aug 20, 2018 | Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed | ||
| CVE-2018-14851 | — | < 7.2.5-4.6.1 | 7.2.5-4.6.1 | Aug 2, 2018 | exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file. | ||
| CVE-2017-9120 | — | < 7.2.5-4.6.1 | 7.2.5-4.6.1 | Aug 2, 2018 | PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string. | ||
| CVE-2018-12882 | — | < 7.2.5-4.3.1 | 7.2.5-4.3.1 | Jun 26, 2018 | exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function. |
- CVE-2019-9022Feb 22, 2019affected < 7.2.5-4.32.1fixed 7.2.5-4.32.1
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. Thi
- CVE-2019-9021Feb 22, 2019affected < 7.2.5-4.32.1fixed 7.2.5-4.32.1
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when tryi
- CVE-2019-9020Feb 22, 2019affected < 7.2.5-4.32.1fixed 7.2.5-4.32.1
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in
- CVE-2018-20783Feb 21, 2019affected < 7.2.5-4.32.1fixed 7.2.5-4.32.1
In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_
- CVE-2018-19935Dec 7, 2018affected < 7.2.5-4.32.1fixed 7.2.5-4.32.1
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
- CVE-2018-17082Sep 16, 2018affected < 7.2.5-4.12.2fixed 7.2.5-4.12.2
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache
- CVE-2018-1000222Aug 20, 2018affected < 7.2.5-4.9.1fixed 7.2.5-4.9.1
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed
- CVE-2018-14851Aug 2, 2018affected < 7.2.5-4.6.1fixed 7.2.5-4.6.1
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.
- CVE-2017-9120Aug 2, 2018affected < 7.2.5-4.6.1fixed 7.2.5-4.6.1
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.
- CVE-2018-12882Jun 26, 2018affected < 7.2.5-4.3.1fixed 7.2.5-4.3.1
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.
Page 2 of 2