Download
| Alert*
oval:org.secpod.oval:def:1600460
ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via an unserialize call that references a partially constructed object .ext/mysqlnd/mysqlnd_wireprot ... oval:org.secpod.oval:def:1800722 CVE-2016-7411: A memory corruption error may occur during deserialized object destruction Reference Patch CVE-2016-7412: A heap overflow may occur in the processing of BIT fields in mysqlnd Reference Patch CVE-2016-7413: A use-after-free memory error may occur in wddx_deserialize Reference Patch CVE ... oval:org.secpod.oval:def:76725 ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via ... oval:org.secpod.oval:def:111382 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:111381 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:1600458 ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service or possibly have unspecified other impact via crafted field metadata .Use-after-free vulnerabilit ... oval:org.secpod.oval:def:38495 The host is installed with Apple Mac OS X or Server 10.12.x through 10.12.1 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle apache_mod_php. Successful exploitation may cause an unexpected application termination or arbit ... oval:org.secpod.oval:def:1800536 CVE-2016-7411: A memory corruption error may occur during deserialized object destruction. CVE-2016-7412: A heap overflow may occur in the processing of BIT fields in mysqlnd. CVE-2016-7413: A use-after-free memory error may occur in wddx_deserialize. CVE-2016-7414: An out-of-bounds memory error ... oval:org.secpod.oval:def:97632 [CLSA-2022:1651177943] Fix of 227 CVE oval:org.secpod.oval:def:504906 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php70-php . Security Fix: * php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * php: Use after free in wddx_dese ... oval:org.secpod.oval:def:38489 The host is missing a critical security update according to Apple advisory, APPLE-SA-2016-12-13-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute a ... oval:org.secpod.oval:def:703293 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:37430 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:51512 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:89045388 This update for php53 fixes the following security issues: * CVE-2016-7124: Create an Unexpected Object and Don"t Invoke __wakeup in Deserialization * CVE-2016-7125: PHP Session Data Injection Vulnerability * CVE-2016-7126: select_colors write out-of-bounds * CVE-2016-7127: imagegammacorrect allowed ... oval:org.secpod.oval:def:602641 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.26, which includes additional bug fixes. Please refer to the upstream changelog for more i ... oval:org.secpod.oval:def:52811 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. |