VYPR

rpm package

suse/php7&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2

pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2

Vulnerabilities (27)

  • CVE-2021-21704MedOct 4, 2021
    affected < 7.4.33-150200.3.46.2fixed 7.4.33-150200.3.46.2

    In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid respon

  • CVE-2021-21702MedFeb 15, 2021
    affected < 7.4.33-150200.3.46.2fixed 7.4.33-150200.3.46.2

    In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.

  • CVE-2020-7071MedFeb 15, 2021
    affected < 7.4.33-150200.3.46.2fixed 7.4.33-150200.3.46.2

    In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL

  • CVE-2020-7070MedOct 2, 2020
    affected < 7.4.33-150200.3.46.2fixed 7.4.33-150200.3.46.2

    In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading t

  • CVE-2020-7069MedOct 2, 2020
    affected < 7.4.33-150200.3.46.2fixed 7.4.33-150200.3.46.2

    In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.

  • CVE-2020-7068MedSep 9, 2020
    affected < 7.4.33-150200.3.46.2fixed 7.4.33-150200.3.46.2

    In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

  • CVE-2017-8923CriMay 12, 2017
    affected < 7.4.33-150200.3.46.2fixed 7.4.33-150200.3.46.2

    The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leve

Page 2 of 2