Download
| Alert*
|
oval:org.secpod.oval:def:89043998
This update for php53 fixes the following issues: Security issue fixed: - CVE-2018-19518: Fixed imap_open script injection flaw . oval:org.secpod.oval:def:202273 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value ... oval:org.secpod.oval:def:89044727 This update for php53 fixes the following issues: - The fix for CVE-2017-7272 was reverted, as it caused regressions in the mysql server connect module. [bsc#1044976] The security fix tried to avoid a server side request forgery, and will be submitted when a better fix becomes available. oval:org.secpod.oval:def:89044653 This update for php53 fixes the following issues: * CVE-2014-9912: Stack-based buffer overflow in uloc_getDisplayName [bsc#1012232] * CVE-2016-9933: Possible stack overflow on truecolor images handling [bsc#1015187] * CVE-2016-9934: Dereference from NULL pointer could lead to crash [bsc#1015188] * C ... oval:org.secpod.oval:def:89003051 This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-6977: Fixed a heap-based buffer overflow the GD Graphics Library used in the imagecolormatch function . - CVE-2019-6978: Fixed a double free in the gdImage*Ptr functions . oval:org.secpod.oval:def:89002109 This update for php53 fixes the following issues: Security issues fixed: - CVE-2018-10545: Fix access controls in FPM child processes . - CVE-2018-10547: Fix Reflected XSS on the PHAR 403 and 404 error pages . - CVE-2018-10546: Fix an infinite loop exists in ext/iconv/iconv.c . - CVE-2018-10548: Fix ... oval:org.secpod.oval:def:203058 php53 is installed oval:org.secpod.oval:def:202249 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially- crafted HTTP request to cause the PHP interpreter to crash or, possibly, exec ... oval:org.secpod.oval:def:201512 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker"s input in a numeric context, the PHP interpreter could cause hi ... oval:org.secpod.oval:def:500755 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value ... oval:org.secpod.oval:def:500757 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 introduced an uninitialized memory use flaw. A remote attacker could send a specially- crafted HTTP request to cause the PHP interpreter to crash or, possibly, exec ... oval:org.secpod.oval:def:202928 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct function to parse untrusted XML content, an attacker able to supply specially- ... oval:org.secpod.oval:def:1500236 Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fr ... oval:org.secpod.oval:def:501401 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information ext ... oval:org.secpod.oval:def:203390 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information extensio ... oval:org.secpod.oval:def:203473 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail function to crash or, possibly, execute arbitrary code with the p ... oval:org.secpod.oval:def:1500737 Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity rati ... oval:org.secpod.oval:def:203461 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information exte ... oval:org.secpod.oval:def:500257 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker"s input in a numeric context, the PHP interpreter could cause hi ... oval:org.secpod.oval:def:501357 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP"s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information extensio ... oval:org.secpod.oval:def:1500792 Updated php53 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for eac ... oval:org.secpod.oval:def:1500670 Updated php53 and php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed sev ... oval:org.secpod.oval:def:501438 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail function to crash or, possibly, execute arbitrary code with the p ... oval:org.secpod.oval:def:200226 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker"s input in a numeric context, the PHP interpreter could cause hi ... oval:org.secpod.oval:def:501078 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct function to parse untrusted XML content, an attacker able to supply specially- ... oval:org.secpod.oval:def:89002133 This update for php53 fixes the following issues: Security issues fixed: - CVE-2017-16642: Fix timelib_meridian error that could be used to leak information from the interpreter . - CVE-2017-9228: Fix heap out-of-bounds write that occurs in bitset_set_range during regex compilation . - CVE-2017-9229 ... oval:org.secpod.oval:def:501163 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certifi ... oval:org.secpod.oval:def:89045146 This update for php53 fixes the following issues: - CVE-2016-8670: Stack Buffer Overflow in GD dynamicGetbuf - CVE-2016-6911: Check for out-of-bound read in dynamicGetbuf oval:org.secpod.oval:def:1500244 Updated php53 packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give ... oval:org.secpod.oval:def:202999 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certifi ... oval:org.secpod.oval:def:1500328 Updated php53 and php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed sever ... oval:org.secpod.oval:def:501110 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access res ... oval:org.secpod.oval:def:500010 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on ... oval:org.secpod.oval:def:200227 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on ... oval:org.secpod.oval:def:200628 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on ... oval:org.secpod.oval:def:89003306 This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-9637: Fixed improper implementation of rename function and multiple invalid memory access in EXIF extension . - CVE-2019-9675: Fixed improper implementation of rename function and multiple invalid memory access in EX ... oval:org.secpod.oval:def:89044777 This update for php53 fixes the following issues: This security issue was fixed: - CVE-2017-7272: PHP enabled potential SSRF in applications that accept an fsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax was recognized, fsockopen used the p ... oval:org.secpod.oval:def:89002363 This update for php53 fixes the following issues: The following security issues were fixed: - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. - CVE-2018-14883: Fixed ... oval:org.secpod.oval:def:89002047 This update for php53 fixes the following issues: The following security issue was fixed: - An out-of-bounds read in the do_core_note function in readelf.c in libmagic.a allowed remote attackers to cause a denial of service via a crafted ELF file - CVE-2018-12882: exif_read_from_impl allowed attack ... oval:org.secpod.oval:def:89002566 This update for php53 fixes the following issue: - CVE-2018-17082: The Apache2 component in PHP allowed XSS via the body of a quot;Transfer-Encoding: chunkedquot; request, because the bucket brigade was mishandled in the php_handler function oval:org.secpod.oval:def:89003087 This update for php53 fixes the following issues: Security issues fixed: - CVE-2019-11038: Fixed a information disclosure in gdImageCreateFromXbm . - CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail . - CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment . oval:org.secpod.oval:def:89045388 This update for php53 fixes the following security issues: * CVE-2016-7124: Create an Unexpected Object and Don"t Invoke __wakeup in Deserialization * CVE-2016-7125: PHP Session Data Injection Vulnerability * CVE-2016-7126: select_colors write out-of-bounds * CVE-2016-7127: imagegammacorrect allowed ... oval:org.secpod.oval:def:89045336 This update for php53 fixes the following issues: - security update: * CVE-2014-3587: Integer overflow in the cdf_read_property_info affecting SLES11 SP3 [bsc#987530] * CVE-2016-6297: Stack-based buffer overflow vulnerability in php_stream_zip_opener [bsc#991426] * CVE-2016-6291: Out-of-bounds acces ... oval:org.secpod.oval:def:89045325 php53 was updated to fix five security issues. These security issues were fixed: - CVE-2016-5769: mcrypt: Heap Overflow due to integer overflows . - CVE-2015-8935: XSS in header with Internet Explorer . - CVE-2016-5772: Double Free Courruption in wddx_deserialize . - CVE-2016-5766: Integer Overflow ... oval:org.secpod.oval:def:89045244 This update for php53 fixes the following security issues: - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mb_strcut - CVE-2015-8867: The PHP function openssl_random_pseudo_bytes d ... oval:org.secpod.oval:def:89045230 This update for php53 fixes the following issues: - CVE-2016-5093: A get_icu_value_internal out-of-bounds read could crash the php interpreter - CVE-2016-5094,CVE-2016-5095: Don"t allow creating strings with lengths outside int range, avoids overflows - CVE-2016-5096: A int/size_t confusion in fre ... oval:org.secpod.oval:def:89045271 This update for php53 fixes the following issues: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM . - CVE-2015-8835: SoapClient s_call method suffered from a type confusion issue that could have lead to crashes [bsc#973351] - CVE-2016-2554: A NULL pointer dereference in phar_get_fp_offset could ... oval:org.secpod.oval:def:500797 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query ... oval:org.secpod.oval:def:500841 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user runn ... oval:org.secpod.oval:def:202334 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query ... oval:org.secpod.oval:def:202366 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user runn ... |
