rpm package
suse/php72&distro=SUSE Linux Enterprise Software Development Kit 12 SP5
pkg:rpm/suse/php72&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
Vulnerabilities (29)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-7059 | — | < 7.2.5-1.37.1 | 7.2.5-1.37.1 | Feb 10, 2020 | When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or cr | ||
| CVE-2019-20433 | — | < 7.2.5-1.37.1 | 7.2.5-1.37.1 | Jan 27, 2020 | libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable. | ||
| CVE-2019-11050 | — | < 7.2.5-1.32.1 | 7.2.5-1.32.1 | Dec 23, 2019 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf | ||
| CVE-2019-11047 | — | < 7.2.5-1.32.1 | 7.2.5-1.32.1 | Dec 23, 2019 | When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf | ||
| CVE-2019-11046 | — | < 7.2.5-1.32.1 | 7.2.5-1.32.1 | Dec 23, 2019 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS b | ||
| CVE-2019-11045 | — | < 7.2.5-1.32.1 | 7.2.5-1.32.1 | Dec 23, 2019 | In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is all | ||
| CVE-2019-11043 | — | KEV | < 7.2.5-1.29.1 | 7.2.5-1.29.1 | Oct 28, 2019 | In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code exec | |
| CVE-2015-9253 | — | < 7.2.5-1.75.1 | 7.2.5-1.75.1 | Feb 19, 2018 | An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN st | ||
| CVE-2017-8923 | Cri | 9.8 | < 7.2.5-1.75.1 | 7.2.5-1.75.1 | May 12, 2017 | The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leve |
- CVE-2020-7059Feb 10, 2020affected < 7.2.5-1.37.1fixed 7.2.5-1.37.1
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or cr
- CVE-2019-20433Jan 27, 2020affected < 7.2.5-1.37.1fixed 7.2.5-1.37.1
libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.
- CVE-2019-11050Dec 23, 2019affected < 7.2.5-1.32.1fixed 7.2.5-1.32.1
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf
- CVE-2019-11047Dec 23, 2019affected < 7.2.5-1.32.1fixed 7.2.5-1.32.1
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to inf
- CVE-2019-11046Dec 23, 2019affected < 7.2.5-1.32.1fixed 7.2.5-1.32.1
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS b
- CVE-2019-11045Dec 23, 2019affected < 7.2.5-1.32.1fixed 7.2.5-1.32.1
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is all
- affected < 7.2.5-1.29.1fixed 7.2.5-1.29.1
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code exec
- CVE-2015-9253Feb 19, 2018affected < 7.2.5-1.75.1fixed 7.2.5-1.75.1
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN st
- affected < 7.2.5-1.75.1fixed 7.2.5-1.75.1
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leve
Page 2 of 2