Download
| Alert*
oval:org.secpod.oval:def:702087
The host is missing a security update according to Apple advisory, APPLE-SA-2015-12-08-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code, dis ... oval:org.secpod.oval:def:504897 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary c ... oval:org.secpod.oval:def:602255 Two vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. CVE-2015-7803 The phar extension could crash with a NULL pointer dereference when processing tar archives containing links referring to non-existing files. This could lead to a ... oval:org.secpod.oval:def:76803 The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that ... oval:org.secpod.oval:def:32328 The host is installed with Apple Mac OS X or Server 10.11.x before 10.11.2 and is prone to a multiple vulnerabilities in apache_mod_php. The flaws are present in the application, which fails to properly handle a crafted TAR archive. Successful exploitation could allow remote attackers to cause a den ... oval:org.secpod.oval:def:1200096 As reported upstream, A NULL pointer dereference flaw was found in the way PHP"s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. Use after free vulnerability was found in unserialize function. We can create ZVAL and free it via Serializable::unserialize. Ho ... oval:org.secpod.oval:def:52612 php5: HTML-embedded scripting language interpreter PHP could be made to crash if it processed a specially crafted file. oval:org.secpod.oval:def:89045230 This update for php53 fixes the following issues: - CVE-2016-5093: A get_icu_value_internal out-of-bounds read could crash the php interpreter - CVE-2016-5094,CVE-2016-5095: Don"t allow creating strings with lengths outside int range, avoids overflows - CVE-2016-5096: A int/size_t confusion in fre ... oval:org.secpod.oval:def:89045271 This update for php53 fixes the following issues: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM . - CVE-2015-8835: SoapClient s_call method suffered from a type confusion issue that could have lead to crashes [bsc#973351] - CVE-2016-2554: A NULL pointer dereference in phar_get_fp_offset could ... oval:org.secpod.oval:def:702813 php5: HTML-embedded scripting language interpreter PHP could be made to crash if it processed a specially crafted file. oval:org.secpod.oval:def:1200156 As reported upstream, A NULL pointer dereference flaw was found in the way PHP"s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. Use after free vulnerability was found in unserialize function. We can create ZVAL and free it via Serializable::unserialize. Ho ... |