Download
| Alert*
|
oval:org.secpod.oval:def:2101281
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. oval:org.secpod.oval:def:89044653 This update for php53 fixes the following issues: * CVE-2014-9912: Stack-based buffer overflow in uloc_getDisplayName [bsc#1012232] * CVE-2016-9933: Possible stack overflow on truecolor images handling [bsc#1015187] * CVE-2016-9934: Dereference from NULL pointer could lead to crash [bsc#1015188] * C ... oval:org.secpod.oval:def:39603 The host is installed with Apple Mac OS X or Server 10.12.3 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle an empty boolean element. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:1600498 The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an object, which allows remote attackers to execute arbitrary code or cause a denial of service via crafted serialized data. Use-after-free vulnerability in the CURLFile impl ... oval:org.secpod.oval:def:602699 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.29, which includes additional bug fixes. Please refer to the upstream changelog for more i ... oval:org.secpod.oval:def:76715 The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. oval:org.secpod.oval:def:39033 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:51730 php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:703466 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:703488 php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1600497 A vulnerability was found in gd. Integer underflow in a calculation in dynamicGetbuf was incorrectly handled, leading in some circumstances to an out of bounds write through a very large argument to memcpy. An attacker could create a crafted image that would lead to a crash or, potentially, code exe ... oval:org.secpod.oval:def:52834 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:504906 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php70-php . Security Fix: * php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * php: Use after free in wddx_dese ... oval:org.secpod.oval:def:39718 The host is missing a security update according to Apple advisory, APPLE-SA-2017-03-27-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... |
