Download
| Alert*
|
oval:org.secpod.oval:def:1600881
Null pointer dereference due to mishandling of ldap_get_dn return value allows denial-of-service by malicious LDAP server or man-in-the-middle attackerAn issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP se ... oval:org.secpod.oval:def:463 The host is installed with PHP and is prone to integer overflow vulnerability. A flaw in present in ext/shmop/shmop.c, which fails to handle overly long arguments passed to shmop_read() function. Successful exploitation could allow remote attackers to execute arbitrary code or cause a denial of serv ... oval:org.secpod.oval:def:587 The host is installed with PHP and is prone to denial of service vulnerability on windows. The flaw is present in _zip_name_locate function in zip_name_locate.c in the Zip extension, which fails to handle a ZIPARCHIVE::FL_UNCHANGED argument oval:org.secpod.oval:def:462 The host is installed with PHP and is prone to integer overflow vulnerability. A flaw in present in ext/shmop/shmop.c, which fails to handle overly long arguments passed to shmop_read() function. Successful exploitation could allow remote attackers to execute arbitrary code or cause a denial of serv ... oval:org.secpod.oval:def:58 The host is installed with PHP and is prone to use-after-free vulnerability. A flaw is present in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 where objects that are unreferenced by __set, __get, __isset, and __unset methods are freed early, which leads to heap memory corruption. Succ ... oval:org.secpod.oval:def:57 The host is installed with PHP and is prone to vulnerability. A flaw is present in the iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 where the function skips the headers that are unrecognized by the iconv and mbstring implementations. Successful exploitation allows at ... oval:org.secpod.oval:def:202259 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value ... oval:org.secpod.oval:def:76 The host is installed with PHP and is prone to integer overflow vulnerability. A flaw is present is in the mt_rand function in PHP before 5.3.4, which always returns PRN - a number less than 0 whenever min is set to 0 and max is set to anything greater than the mt_ version. Successful exploitation a ... oval:org.secpod.oval:def:75 The host is installed with PHP and is prone to race condition vulnerability. A flaw is present is in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler has been defined and many concurrent signals are being delivered to it through ext/pcntl leading to a race condition. Succe ... oval:org.secpod.oval:def:74 The host is installed with PHP and is prone to security bypass vulnerability. A flaw is present is in the extract function in PHP before 5.2.15, which overwrites $GLOBALS and $this when using EXTR_OVERWRITE. Successful exploitation allows context-dependent attackers to bypass intended access restric ... oval:org.secpod.oval:def:73 The host is installed with PHP and is prone to security bypass vulnerability. A flaw is present is in the Standard PHP Library (SPL) extension in PHP before 5.3.4, which fails to properly detect symbolic links, i.e. the SplFileInfo::getType() for Symbolic link returns "dir" which in turn should retu ... oval:org.secpod.oval:def:539 The host is installed with PHP and is prone to integer overflow vulnerability. A flaw is present in the numfmt_get_symbol function, which fails to handle invalid arguments. Successful exploitation could allow remote attacker to cause denial of service. oval:org.secpod.oval:def:590 The host is installed with PHP and is prone to Denial of Service vulnerability. The flaw is caused due to integer overflow in the SdnToJulian function in the Calendar extension in PHP. Successful exploitation could allow remote attackers to cause a denial of service via a large integer in the first ... oval:org.secpod.oval:def:596 The host is installed with PHP and is prone to Denial of Service vulnerability. The flaw is present exif.c in the Exif extension in PHP on 64-bit platforms, which performs an incorrect cast oval:org.secpod.oval:def:595 The host is installed with PHP and is prone to Denial of Service vulnerability. The flaw is present in substr_replace() function, which makes the PHP to use the same pointer in three variables inside the function so when the pointer is changed by a type conversion inside the function, it invalids th ... oval:org.secpod.oval:def:592 The host is installed with PHP and is prone to Denial of Service vulnerability. The falw is due to unspecified vulnerability in the Streams component. Successful exploitation could allow remote attackers to cause a denial of service by accessing an ftp:// URL during use of an HTTP proxy with the FTP ... oval:org.secpod.oval:def:591 The host is installed with PHP and is prone to denial of service vulnerability on windows. The flaw is due to memory leaks while using openssl_decrypt and openssl_encrypt functions. Successful exploitation could allow remote attackers to a denial of service oval:org.secpod.oval:def:593 The host is installed with PHP and is prone to Denial of Service vulnerability. The flaw is present in stream_get_contents function, which fails to handle ziparchive stream. Successful exploitation could allow remote attackers to cause a denial of service via a ziparchive stream. oval:org.secpod.oval:def:589 The host is installed with PHP and is prone to Denial of Service vulnerability. The flaw is due to Unspecified vulnerability in the NumberFormatter::setSymbol in the Intl extension in PHP. Successful exploitation could allow remote attackers to cause a denial of service via an invalid argument oval:org.secpod.oval:def:588 The host is installed with PHP and is prone to Denial of Service vulnerability. The falw is due to Buffer overflow in the strval function, when the precision configuration option has a large value. Successful exploitation could allow remote attackers to a denial of service via a small numerical valu ... oval:org.secpod.oval:def:1350 The host is installed with PHP and is prone to security bypass vulnerability. A flaw in present in SAPI_POST_HANDLER_FUNC() in rfc1867.c, which fails to filter user-supplied file path names when filling the $_FILES[] array. Successful exploitation could allow remote attackers to submit a specially c ... oval:org.secpod.oval:def:594 The host is installed with PHP and is prone to denial of service vulnerability on windows. The flaw is caused due to integer signedness error in zip_stream.c in the Zip extension. Successful exploitation could allow remote attackers to cause a denial of service via a malformed archive file that trig ... oval:org.secpod.oval:def:600214 Stephane Chazelas discovered that the cronjob of the PHP 5 package in Debian suffers from a race condition which might be used to remove arbitrary files from a system . When upgrading your php5-common package take special care to _accept_ the changes to the /etc/cron.d/php5 file. Ignoring them would ... oval:org.secpod.oval:def:600730 Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2011-1072 It was discoverd that insecure handling of temporary files in the PEAR installer could lead to denial of service. CVE-2011- ... oval:org.secpod.oval:def:500742 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value ... oval:org.secpod.oval:def:500023 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker"s input in a numeric context, the PHP interpreter could cause hi ... oval:org.secpod.oval:def:45546 php7.2: HTML-embedded scripting language interpreter - php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:704073 php7.2: HTML-embedded scripting language interpreter - php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:114459 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:603627 Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed. oval:org.secpod.oval:def:1500320 Updated php packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detai ... oval:org.secpod.oval:def:501134 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access res ... oval:org.secpod.oval:def:59 The host is installed with PHP and is prone to use-after-free vulnerability. A flaw is present in PHP before 5.3.4 which allows a NULL byte injection where anything after a null byte in a string is truncated. Successful exploitation allows an attacker to bypass intended access restrictions by placin ... oval:org.secpod.oval:def:52913 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:203220 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such inpu ... oval:org.secpod.oval:def:53225 Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2017-11144 Denial of service in openssl extension due to incorrect return value check of OpenSSL sealing function CVE-2017-11145 Out-of-bounds read in wddx_deserialize CVE-2017-11628 Buffer o ... oval:org.secpod.oval:def:501208 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such inpu ... oval:org.secpod.oval:def:109133 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:1500403 Updated php packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for e ... oval:org.secpod.oval:def:109159 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:501581 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, ... oval:org.secpod.oval:def:703979 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:114334 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:114335 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:203655 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, ... oval:org.secpod.oval:def:603231 Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2017-11142 Denial of service via overly long form variables CVE-2017-11143 Invalid free in wddx_deserialize CVE-2017-11144 Denial of service in openssl extension due to incorrect return value ... oval:org.secpod.oval:def:603230 Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2017-11144 Denial of service in openssl extension due to incorrect return value check of OpenSSL sealing function CVE-2017-11145 Out-of-bounds read in wddx_deserialize CVE-2017-11628 Buffer o ... oval:org.secpod.oval:def:201698 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An input validation flaw was discovered in the PHP session serializer. If a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variab ... oval:org.secpod.oval:def:600574 Several vulnerabilities were discovered in PHP, which could lead to denial of service or potentially the execution of arbitrary code. CVE-2010-2531 An information leak was found in the var_export function. CVE-2011-0421 The Zip module could crash. CVE-2011-0708 An integer overflow was discovered in ... oval:org.secpod.oval:def:201847 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An input validation flaw was discovered in the PHP session serializer. If a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variab ... oval:org.secpod.oval:def:500471 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An input validation flaw was discovered in the PHP session serializer. If a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variab ... oval:org.secpod.oval:def:202156 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A heap-based buffer overflow flaw was found in PHP"s mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to cra ... oval:org.secpod.oval:def:500602 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A heap-based buffer overflow flaw was found in PHP"s mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to cra ... oval:org.secpod.oval:def:202111 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A heap-based buffer overflow flaw was found in PHP"s mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to cra ... oval:org.secpod.oval:def:1901711 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. oval:org.secpod.oval:def:1901713 An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to acce ... oval:org.secpod.oval:def:53954 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1901688 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. oval:org.secpod.oval:def:704911 php5: HTML-embedded scripting language interpreter Details: USN-3922-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive informa ... oval:org.secpod.oval:def:603587 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a Transfer-Encoding: chu ... oval:org.secpod.oval:def:1600916 exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP 7.2.x before 7.2.8 allows remote attackers to cause a denial of service via a crafted JPEG file.exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free because it closes a stream that it ... oval:org.secpod.oval:def:1600913 exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20, allows remote attackers to cause a denial of service via a crafted JPEG file.An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20. An Integer Ov ... oval:org.secpod.oval:def:704846 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:115125 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:115128 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:704318 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:47530 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1901698 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. oval:org.secpod.oval:def:1600938 The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c oval:org.secpod.oval:def:54514 php5: HTML-embedded scripting language interpreter Details: USN-3922-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Linux Mint 17.x LTS. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive info ... oval:org.secpod.oval:def:201786 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. Multiple missing input sanitization flaws were discovered in PHP"s exif extension. A specially-crafted image file could cause the PHP interpreter to crash or, possibly, disclose portions of its memory when a PH ... oval:org.secpod.oval:def:500486 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. Multiple missing input sanitization flaws were discovered in PHP"s exif extension. A specially-crafted image file could cause the PHP interpreter to crash or, possibly, disclose portions of its memory when a PH ... oval:org.secpod.oval:def:201764 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. Multiple missing input sanitization flaws were discovered in PHP"s exif extension. A specially-crafted image file could cause the PHP interpreter to crash or, possibly, disclose portions of its memory when a PH ... oval:org.secpod.oval:def:500010 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on ... |
