VYPR

rpm package

suse/php7-embed&distro=SUSE Linux Enterprise Module for Package Hub 15 SP7

pkg:rpm/suse/php7-embed&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7

Vulnerabilities (4)

  • CVE-2025-14178Dec 27, 2025
    affected < 7.4.33-150400.4.55.1fixed 7.4.33-150400.4.55.1

    In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in

  • CVE-2025-1735Jul 13, 2025
    affected < 7.4.33-150400.4.51.1fixed 7.4.33-150400.4.51.1

    In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.

  • CVE-2025-1220Jul 13, 2025
    affected < 7.4.33-150400.4.51.1fixed 7.4.33-150400.4.51.1

    In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in

  • CVE-2025-6491Jul 13, 2025
    affected < 7.4.33-150400.4.51.1fixed 7.4.33-150400.4.51.1

    In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the