VYPR

rpm package

suse/php7&distro=SUSE Linux Enterprise Server 15 SP1-LTSS

pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS

Vulnerabilities (56)

  • CVE-2019-9638Mar 8, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.

  • CVE-2019-9637Mar 8, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unau

  • CVE-2019-9024Feb 22, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.

  • CVE-2019-9023Feb 22, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstr

  • CVE-2019-9022Feb 22, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. Thi

  • CVE-2019-9021Feb 22, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when tryi

  • CVE-2019-9020Feb 22, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in

  • CVE-2018-20783Feb 21, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_

  • CVE-2018-19935Dec 7, 2018
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.

  • CVE-2018-17082MedSep 16, 2018
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache

  • CVE-2018-1000222HigAug 20, 2018
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed

  • CVE-2018-14851MedAug 2, 2018
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.

  • CVE-2017-9120CriAug 2, 2018
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.

  • CVE-2018-12882CriJun 26, 2018
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.

  • CVE-2015-9253MedFeb 19, 2018
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN st

  • CVE-2017-8923CriMay 12, 2017
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leve

Page 3 of 3