VYPR

rpm package

suse/php7&distro=SUSE Linux Enterprise Module for Package Hub 15 SP1

pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP1

Vulnerabilities (4)

  • CVE-2020-7070Oct 2, 2020
    affected < 7.2.5-4.67.2fixed 7.2.5-4.67.2

    In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading t

  • CVE-2020-7069Oct 2, 2020
    affected < 7.2.5-4.67.2fixed 7.2.5-4.67.2

    In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.

  • CVE-2020-7068Sep 9, 2020
    affected < 7.2.5-4.61.1fixed 7.2.5-4.61.1

    In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

  • CVE-2019-11048May 20, 2020
    affected < 7.2.5-4.58.2fixed 7.2.5-4.58.2

    In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request