Download
| Alert*
|
oval:org.secpod.oval:def:1600881
Null pointer dereference due to mishandling of ldap_get_dn return value allows denial-of-service by malicious LDAP server or man-in-the-middle attackerAn issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP se ... oval:org.secpod.oval:def:1200121 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w ... oval:org.secpod.oval:def:1600089 A denial of service flaw was found in the way the File Information extension parsed certain Composite Document Format files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.acinclude.m4, as used in the configure script in PHP 5.5.13 ... oval:org.secpod.oval:def:1200066 Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w ... oval:org.secpod.oval:def:1500666 Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed sev ... oval:org.secpod.oval:def:108191 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:1500734 Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for each v ... oval:org.secpod.oval:def:1500742 Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity rati ... oval:org.secpod.oval:def:601898 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. As announced in DSA 3064-1 it has been decided to follow the stable 5.4.x releases for the Wheezy php5 packages. Consequently the vulnerabilities are addressed by upgrading ... oval:org.secpod.oval:def:21009 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-3538 It was discovered that the original fix for CVE-2013-7345 did not sufficien ... oval:org.secpod.oval:def:21010 This update corrects a packaging error for the packages released in DSA-3008-1. The new sessionclean script used in the updated cronjob in /etc/cron.d/php5 was not installed into the php5-common package. No other changes are introduced. For reference, the original advisory text follows. Several vuln ... oval:org.secpod.oval:def:22327 The host is installed with php before 5.4.36, 5.5.x before 5.5.20 or 5.6.x before 5.6.4 and is prone to an use-after-free vulnerability. The flaw is present in the application, which fails to properly handle a crafted unserialize call that leverages improper handling of duplicate keys within the ser ... oval:org.secpod.oval:def:203382 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A denial of service flaw was found in the File Information extension rules for detec ... oval:org.secpod.oval:def:203389 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information extensio ... oval:org.secpod.oval:def:501353 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A denial of service flaw was found in the File Information extension rules for detec ... oval:org.secpod.oval:def:501357 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information extensio ... oval:org.secpod.oval:def:114459 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:45546 php7.2: HTML-embedded scripting language interpreter - php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:704073 php7.2: HTML-embedded scripting language interpreter - php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:44739 php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:603627 Multiple vulnerabilities have been discovered in libgd2, a library for programmatic graphics creation and manipulation, which may result in denial of service or potentially the execution of arbitrary code if a malformed file is processed. oval:org.secpod.oval:def:26614 The host is installed with Apple Mac OS X or Server 10.8, 10.9 or before 10.10.5 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted unserialize call that leverages use of the unset function within an __wakeup function. Successful ex ... oval:org.secpod.oval:def:26617 The host is installed with Apple Mac OS X or Server 10.8, 10.9 or before 10.10.5 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle pipelined HTTP requests. Successful exploitation allow attackers to cause a denial of service (application c ... oval:org.secpod.oval:def:26616 The host is installed with Apple Mac OS X or Server 10.8, 10.9 or before 10.10.5 and is prone to multiple stack-based buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. Successful exploit ... oval:org.secpod.oval:def:25776 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1200144 sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping"s length during processing of an invalid file that begins with a # character and lacks a newline character, whi ... oval:org.secpod.oval:def:1200143 A heap-based buffer overflow was found in glibc"s __nss_hostname_digits_dots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permi ... oval:org.secpod.oval:def:108122 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:26613 The host is installed with Apple Mac OS X or Server 10.8, 10.9 or before 10.10.5 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a crafted length value in conjunction with crafted serialized data in a phar archive. Successful explo ... oval:org.secpod.oval:def:52913 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:108112 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:108476 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:1200003 A use-after-free flaw was found in PHP"s OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. A NULL pointer dereference flaw was found in PHP"s pgsql extension. A specially crafted table name passed to function as pg_insert or pg_select could cause a PHP app ... oval:org.secpod.oval:def:108379 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:30886 The host is installed with Apple Mac OS X or Server 10.6.8 before 10.11 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted second argument. Successful exploitation could allow attackers to bypass intended extension restrict ... oval:org.secpod.oval:def:53225 Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2017-11144 Denial of service in openssl extension due to incorrect return value check of OpenSSL sealing function CVE-2017-11145 Out-of-bounds read in wddx_deserialize CVE-2017-11628 Buffer o ... oval:org.secpod.oval:def:107162 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:108375 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:108449 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:1200063 A use-after-free flaw was found in the way PHP"s unserialize function processed data. If a remote attacker was able to pass crafted input to PHP"s unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. An integer overflow flaw, leading to a heap-bas ... oval:org.secpod.oval:def:52429 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:602132 Multiple vulnerabilities have been discovered in PHP: CVE-2015-4025 / CVE-2015-4026 Multiple function didn"t check for NULL bytes in path names. CVE-2015-4024 Denial of service when processing multipart/form-data requests. CVE-2015-4022 Integer overflow in the ftp_genlist function may result in deni ... oval:org.secpod.oval:def:107103 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:602007 Multiple vulnerabilities have been discovered in the PHP language: CVE-2015-2305 Guido Vranken discovered a heap overflow in the ereg extension . CVE-2014-9705 Buffer overflow in the enchant extension. CVE-2015-0231 Stefan Esser discovered a use-after-free in the unserialisation of objects. CVE-2015 ... oval:org.secpod.oval:def:1501060 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An uninitialized pointer use flaw was found in PHP"s Exif ex ... oval:org.secpod.oval:def:602002 Hanno Boeck discovered that file"s ELF parser is suspectible to denial of service. oval:org.secpod.oval:def:108430 The file command is used to identify a particular file according to the type of data contained by the file. File can identify many different file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. oval:org.secpod.oval:def:1200059 A heap-based buffer overflow was found in glibc"s __nss_hostname_digits_dots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permi ... oval:org.secpod.oval:def:108587 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:203664 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An uninitialized pointer use flaw was found in PHP"s Exif ex ... oval:org.secpod.oval:def:1200044 sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping"s length during processing of an invalid file that begins with a # character and lacks a newline character, whi ... oval:org.secpod.oval:def:1200048 A buffer overflow vulnerability was found in PHP"s phar implementation. See https://bugs.php.net/bug.php?id=69324 for more details. A use-after-free flaw was found in PHP"s phar paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memo ... oval:org.secpod.oval:def:108585 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:114334 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:114335 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:203655 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, ... oval:org.secpod.oval:def:31533 The host is missing a security update according to Apple advisory, APPLE-SA-2015-10-21-4. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code, dis ... oval:org.secpod.oval:def:603231 Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2017-11142 Denial of service via overly long form variables CVE-2017-11143 Invalid free in wddx_deserialize CVE-2017-11144 Denial of service in openssl extension due to incorrect return value ... oval:org.secpod.oval:def:603230 Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language: CVE-2017-11144 Denial of service in openssl extension due to incorrect return value check of OpenSSL sealing function CVE-2017-11145 Out-of-bounds read in wddx_deserialize CVE-2017-11628 Buffer o ... oval:org.secpod.oval:def:108765 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:108766 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:204215 The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws ... oval:org.secpod.oval:def:702466 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1200091 A use-after-free flaw was found in the way PHP"s unserialize function processed data. If a remote attacker was able to pass crafted input to PHP"s unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. An integer overflow flaw, leading to a heap-bas ... oval:org.secpod.oval:def:31475 The host is installed with Apple Mac OS X or Server 10.6.8 through 10.8.x, 10.9.5, 10.10.5 or 10.11.x before 10.11.1 and is prone to multiple use-after-free vulnerabilities. The flaws are present in the application, which fails to properly handle crafted serialized input containing a (1) R or (2) r ... oval:org.secpod.oval:def:501820 The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Security Fix: * Multiple flaws we ... oval:org.secpod.oval:def:1200084 The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. The ELF parser in file before 5.21 allows remote attackers to cause a denial of service via a large number of program or section headers or invalid capabilities. It was rep ... oval:org.secpod.oval:def:52408 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1501042 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, ... oval:org.secpod.oval:def:1200071 A use-after-free flaw was found in the way PHP"s unserialize function processed data. If a remote attacker was able to pass crafted input to PHP"s unserialize function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code. An integer overflow flaw, leading to a heap-bas ... oval:org.secpod.oval:def:501713 The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws ... oval:org.secpod.oval:def:1200076 A use-after-free flaw was found in PHP"s OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. A NULL pointer dereference flaw was found in PHP"s pgsql extension. A specially crafted table name passed to function as pg_insert or pg_select could cause a PHP app ... oval:org.secpod.oval:def:702420 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:30880 The host is installed with Apple Mac OS X or Server 10.6.8 before 10.11 and is prone to an uninitialized pointer free vulnerability. A flaw is present in the application, which fails to properly handle a crafted EXIF data in a JPEG image. Successful exploitation could allow attackers to execute arbi ... oval:org.secpod.oval:def:30875 The host is installed with Apple Mac OS X or Server 10.6.8 before 10.11 and is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails to properly process an invalid file that begins with a # character and lacks a newline character. Successful exploitation cou ... oval:org.secpod.oval:def:30876 The host is installed with Apple Mac OS X or Server 10.6.8 before 10.11 and is prone to an out-of-bounds memory access vulnerability. A flaw is present in the application, which fails to properly handle a crafted file. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:30877 The host is installed with Apple Mac OS X or Server 10.6.8 before 10.11 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle vectors that trigger creation of multiple dictionaries. Successful exploitation could allow attacke ... oval:org.secpod.oval:def:30879 The host is installed with Apple Mac OS X or Server 10.6.8 before 10.11 and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle a crafted unserialize call. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:1501460 The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Security Fix: * Multiple flaws wer ... oval:org.secpod.oval:def:501581 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, ... oval:org.secpod.oval:def:703979 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:501590 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An uninitialized pointer use flaw was found in PHP"s Exif ex ... oval:org.secpod.oval:def:1501240 The remote host is missing a patch containing a security fix, which affects the following package(s): file oval:org.secpod.oval:def:30961 The host is missing a security update according to Apple advisory, APPLE-SA-2015-09-30-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code, dis ... oval:org.secpod.oval:def:702513 php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1901688 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. oval:org.secpod.oval:def:704911 php5: HTML-embedded scripting language interpreter Details: USN-3922-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 LTS. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive informa ... oval:org.secpod.oval:def:1600972 ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service via an empty string in the message argument to the imap_mail function.University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open in PHP and other products, launches an rsh command ... oval:org.secpod.oval:def:603587 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a Transfer-Encoding: chu ... oval:org.secpod.oval:def:704318 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:47530 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1901698 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. oval:org.secpod.oval:def:25312 The host is missing a security update according to Apple advisory, APPLE-SA-2015-06-30-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a crafted vectors. Successful exploitation leads to information disclosure, security bypas ... oval:org.secpod.oval:def:54514 php5: HTML-embedded scripting language interpreter Details: USN-3922-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Linux Mint 17.x LTS. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to access sensitive info ... oval:org.secpod.oval:def:1901711 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. oval:org.secpod.oval:def:1901713 An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to acce ... oval:org.secpod.oval:def:53954 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:53476 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language: The EXIF module was susceptible to denial of service/information disclosure when parsing malformed images, the Apache module allowed cross-site-scripting via the body of a "Transfer-Encodin ... oval:org.secpod.oval:def:1600916 exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP 7.2.x before 7.2.8 allows remote attackers to cause a denial of service via a crafted JPEG file.exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free because it closes a stream that it ... oval:org.secpod.oval:def:1600913 exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20, allows remote attackers to cause a denial of service via a crafted JPEG file.An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, and 7.1.x before 7.1.20. An Integer Ov ... oval:org.secpod.oval:def:704846 php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:115125 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:115128 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:116245 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:1600938 The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c oval:org.secpod.oval:def:116119 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:116117 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:116238 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:26707 The host is missing a security update according to Apple advisory, APPLE-SA-2015-08-13-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a crafted vectors. Successful exploitation may lead to an unexpected application terminati ... oval:org.secpod.oval:def:704125 file: Tool to determine file types Several security issues were fixed in file. oval:org.secpod.oval:def:602573 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.24, which includes additional bug fixes. Please refer to the upstream changelog for more i ... oval:org.secpod.oval:def:501893 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * A flaw was found in the way certain error conditions were handled by bzread function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vuln ... oval:org.secpod.oval:def:602487 Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The vulnerabilities are addressed by upgrading PHP to the new upstream version 5.6.20, which includes additional bug fixes. Please refer to the upstream changelog for more i ... oval:org.secpod.oval:def:36685 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:36684 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:703219 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1501634 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * A flaw was found in the way certain error conditions were handled by bzread function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vuln ... oval:org.secpod.oval:def:34860 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:34617 The host is installed with Apple Mac OS X or Server 10.11.x before 10.11.5 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to cause unspecified impact. oval:org.secpod.oval:def:34616 The host is missing a security update according to Apple advisory, APPLE-SA-2016-05-16-4. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation could allow remote attackers to caus ... oval:org.secpod.oval:def:204128 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * A flaw was found in the way certain error conditions were handled by bzread function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vuln ... oval:org.secpod.oval:def:1600383 The following security-related issues were resolved:Buffer over-write in finfo_open with malformed magic file Signedness vulnerability causing heap overflow in libgd Integer overflow in php_raw_url_encode Format string vulnerability in php_snmp_error Invalid memory write in phar on filename containi ... |
