VYPR

rpm package

suse/php7&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP1

pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1

Vulnerabilities (56)

  • CVE-2020-7064MedApr 1, 2020
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or c

  • CVE-2020-7063MedFeb 27, 2020
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more re

  • CVE-2020-7062HigFeb 27, 2020
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to cle

  • CVE-2020-7060MedFeb 10, 2020
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to

  • CVE-2020-7059MedFeb 10, 2020
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or cr

  • CVE-2019-11050MedDec 23, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf

  • CVE-2019-11047MedDec 23, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf

  • CVE-2019-11046LowDec 23, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS b

  • CVE-2019-11045LowDec 23, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is all

  • CVE-2019-11043HigKEVOct 28, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code exec

  • CVE-2019-11042HigAug 9, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may

  • CVE-2019-11041HigAug 9, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may

  • CVE-2019-11040CriJun 19, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may

  • CVE-2019-11039CriJun 19, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.

  • CVE-2019-11036CriMay 3, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

  • CVE-2019-11035CriApr 18, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.

  • CVE-2019-11034CriApr 18, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.

  • CVE-2019-9675HigMar 11, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer overflow via a long link value. NOTE: The vendor indicates that the link value is used only when an archive contains a symlink, which currently cannot

  • CVE-2019-9641CriMar 9, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.

  • CVE-2019-9640HigMar 9, 2019
    affected < 7.2.34-150000.4.103.1fixed 7.2.34-150000.4.103.1

    An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.