Download
| Alert*
|
oval:org.secpod.oval:def:1200045
php55 is installed oval:org.secpod.oval:def:1600139 The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service via a crafted ASCII file that triggers a large amount of backtracking, as de ... oval:org.secpod.oval:def:1600035 The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service via a crafted ASCII file that triggers a large amount of backtracking, as de ... oval:org.secpod.oval:def:1600163 A denial of service flaw was found in the way the File Information extension handled indirect rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does ... oval:org.secpod.oval:def:1600129 A denial of service flaw was found in the way the File Information extension parsed certain Composite Document Format files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and ... oval:org.secpod.oval:def:1200121 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w ... oval:org.secpod.oval:def:1600078 acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information extension parsed certain Composite Document Format files. ... oval:org.secpod.oval:def:1600071 The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service by triggering many file_printf calls.The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 ... oval:org.secpod.oval:def:1600015 An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted ... oval:org.secpod.oval:def:1600016 An out-of-bounds read flaw was found in the way the File Information extension parsed Executable and Linkable Format files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. oval:org.secpod.oval:def:1600267 A memory corruption flaw was found in the way the openssl_x509_parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the afo ... oval:org.secpod.oval:def:504933 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to upstrea ... oval:org.secpod.oval:def:1200044 sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping"s length during processing of an invalid file that begins with a # character and lacks a newline character, whi ... oval:org.secpod.oval:def:1200143 A heap-based buffer overflow was found in glibc"s __nss_hostname_digits_dots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permi ... oval:org.secpod.oval:def:1200186 An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP"s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. An integer overflow flaw leading to a heap based buffer overflow was ... oval:org.secpod.oval:def:1200071 A use-after-free flaw was found in the way PHP"s unserialize function processed data. If a remote attacker was able to pass crafted input to PHP"s unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. An integer overflow flaw, leading to a heap-bas ... oval:org.secpod.oval:def:1200076 A use-after-free flaw was found in PHP"s OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. A NULL pointer dereference flaw was found in PHP"s pgsql extension. A specially crafted table name passed to function as pg_insert or pg_select could cause a PHP app ... oval:org.secpod.oval:def:1200159 PHP process crashes when processing an invalid file with the "phar" extension. As discussed upstream, mysqlnd is vulnerable to the attack described in https://www.duosecurity.com/blog/backronym-mysql-vulnerability. PHP versions before 5.5.27 and 5.4.43 contain buffer overflow issue oval:org.secpod.oval:def:1600363 The imagerotate function lacked validation of the background color variable, an integer which represents an index of the color palette. A number larger than the length of the color palette could be used in the function, reading beyond the memory of the color palette and causing an information leak. oval:org.secpod.oval:def:1600342 A stack overflow vulnerability was reported that may occur when decompressing tar archives due to phar_tar_writeheaders potentially copying non-terminated linknames from entries parsed by phar_parse_tarfile. oval:org.secpod.oval:def:1200183 Upstream reports that several bugs have been fixed as well as several security issues into some bundled libraries . All PHP 5.5 users are encouraged to upgrade to this version. Please see the upstream release notes for full details. oval:org.secpod.oval:def:1600430 A stack consumption vulnerability in GD in PHP allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. An integer overflow, leading to a heap-based buffer overflow was found in the imagecreatefromgd2 function of PHP"s gd extension. A remote attacker could use this ... oval:org.secpod.oval:def:1600407 The following security-related issues were resolved:Out-of-bounds read in imagescale Integer underflow causing arbitrary null write in fread/gzread The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allow ... oval:org.secpod.oval:def:1200156 As reported upstream, A NULL pointer dereference flaw was found in the way PHP"s Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. Use after free vulnerability was found in unserialize function. We can create ZVAL and free it via Serializable::unserialize. Ho ... oval:org.secpod.oval:def:1600383 The following security-related issues were resolved:Buffer over-write in finfo_open with malformed magic file Signedness vulnerability causing heap overflow in libgd Integer overflow in php_raw_url_encode Format string vulnerability in php_snmp_error Invalid memory write in phar on filename containi ... |
