VuXML ID | Description |
3d675519-5654-11e5-9ad8-14dae9d210b8 | php -- multiple vulnerabilities
PHP reports:
- Core:
- Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
- Fixed bug #70219 (Use after free vulnerability in session deserializer).
- EXIF:
- Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
- hash:
- Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
- PCRE:
- Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
- SOAP:
- Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
- SPL:
- Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).
- Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).
- XSLT:
- Fixed bug #69782 (NULL pointer dereference).
- ZIP:
- Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).
Discovery 2015-09-03 Entry 2015-09-08 Modified 2015-09-08 php5
php5-soap
php5-xsl
< 5.4.45
php55
php55-soap
php55-xsl
< 5.5.29
php56
php56-soap
php56-xsl
< 5.6.13
http://php.net/ChangeLog-5.php#5.4.45
http://php.net/ChangeLog-5.php#5.5.29
http://php.net/ChangeLog-5.php#5.6.13
CVE-2015-6834
CVE-2015-6835
CVE-2015-6836
CVE-2015-6837
CVE-2015-6838
|
6b771fe2-b84e-11e5-92f9-485d605f4717 | php -- multiple vulnerabilities
PHP reports:
- Core:
- Fixed bug #70755 (fpm_log.c memory leak and buffer overflow).
- GD:
- Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array
Index Out of Bounds).
- SOAP:
- Fixed bug #70900 (SoapClient systematic out of memory error).
- Wddx
- Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet
Deserialization).
- Fixed bug #70741 (Session WDDX Packet Deserialization Type
Confusion Vulnerability).
- XMLRPC:
- Fixed bug #70728 (Type Confusion Vulnerability in
PHP_to_XMLRPC_worker()).
Discovery 2016-01-07 Entry 2016-01-11 php55
php55-gd
php55-wddx
php55-xmlrpc
< 5.5.31
php56
php56-gd
php56-soap
php56-wddx
php56-xmlrpc
< 5.6.17
http://www.php.net/ChangeLog-5.php#5.5.31
http://www.php.net/ChangeLog-5.php#5.6.17
|
6b110175-246d-11e6-8dd3-002590263bf5 | php -- multiple vulnerabilities
The PHP Group reports:
- Core:
- Fixed bug #72114 (Integer underflow / arbitrary null write in
fread/gzread). (CVE-2016-5096) (PHP 5.5/5.6 only)
- Fixed bug #72135 (Integer Overflow in php_html_entities).
(CVE-2016-5094) (PHP 5.5/5.6 only)
- GD:
- Fixed bug #72227 (imagescale out-of-bounds read).
(CVE-2013-7456)
- Intl:
- Fixed bug #72241 (get_icu_value_internal out-of-bounds read).
(CVE-2016-5093)
- Phar:
- Fixed bug #71331 (Uninitialized pointer in
phar_make_dirstream()). (CVE-2016-4343) (PHP 5.5 only)
Discovery 2016-05-26 Entry 2016-05-28 php70-gd
php70-intl
< 7.0.7
php56
php56-gd
< 5.6.22
php55
php55-gd
php55-phar
< 5.5.36
CVE-2016-5096
CVE-2016-5094
CVE-2013-7456
CVE-2016-5093
CVE-2016-4343
ports/209779
http://php.net/ChangeLog-7.php#7.0.7
http://php.net/ChangeLog-5.php#5.6.22
http://php.net/ChangeLog-5.php#5.5.36
|
31de2e13-00d2-11e5-a072-d050996490d0 | php -- multiple vulnerabilities
PHP development team reports:
Fixed bug #69364 (PHP Multipart/form-data remote DoS
Vulnerability). (CVE-2015-4024)
Fixed bug #69418 (CVE-2006-7243 fix regressions in
5.4+). (CVE-2015-4025)
Fixed bug #69545 (Integer overflow in ftp_genlist()
resulting in heap overflow). (CVE-2015-4022)
Fixed bug #68598 (pcntl_exec() should not allow null
char). (CVE-2015-4026)
Fixed bug #69453 (Memory Corruption in phar_parse_tarfile
when entry filename starts with null). (CVE-2015-4021)
Discovery 2015-05-14 Entry 2015-05-22 php5
< 5.4.41
php55
< 5.5.25
php56
< 5.6.9
CVE-2015-4021
CVE-2015-4022
CVE-2015-4024
CVE-2015-4025
CVE-2015-4026
https://php.net/ChangeLog-5.php#5.6.9
|
787ef75e-44da-11e5-93ad-002590263bf5 | php5 -- multiple vulnerabilities
The PHP project reports:
Core:
- Fixed bug #69793 (Remotely triggerable stack exhaustion via
recursive method calls).
- Fixed bug #70121 (unserialize() could lead to unexpected methods
execution / NULL pointer deref).
OpenSSL:
- Fixed bug #70014 (openssl_random_pseudo_bytes() is not
cryptographically secure).
Phar:
- Improved fix for bug #69441.
- Fixed bug #70019 (Files extracted from archive may be placed
outside of destination directory).
SOAP:
- Fixed bug #70081 (SoapClient info leak / null pointer
dereference via multiple type confusions).
SPL:
- Fixed bug #70068 (Dangling pointer in the unserialization of
ArrayObject items).
- Fixed bug #70166 (Use After Free Vulnerability in unserialize()
with SPLArrayObject).
- Fixed bug #70168 (Use After Free Vulnerability in unserialize()
with SplObjectStorage).
- Fixed bug #70169 (Use After Free Vulnerability in unserialize()
with SplDoublyLinkedList).
Discovery 2015-08-06 Entry 2015-08-17 Modified 2015-09-08 php5
php5-openssl
php5-phar
php5-soap
< 5.4.44
php55
php55-openssl
php55-phar
php55-soap
< 5.5.28
php56
php56-openssl
php56-phar
php56-soap
< 5.6.12
http://php.net/ChangeLog-5.php#5.4.44
http://php.net/ChangeLog-5.php#5.5.28
http://php.net/ChangeLog-5.php#5.6.12
CVE-2015-6831
CVE-2015-6832
CVE-2015-6833
|
5a1d5d74-29a0-11e5-86ff-14dae9d210b8 | php -- arbitrary code execution
cmb reports:
When delayed variable substitution is enabled (can be set in the
Registry, for instance), !ENV! works similar to %ENV%, and the
value of the environment variable ENV will be subsituted.
Discovery 2015-06-07 Entry 2015-07-13 php56
< 5.6.11
php55
< 5.5.27
php5
< 5.4.43
https://bugs.php.net/bug.php?id=69768
|
af7fbd91-29a1-11e5-86ff-14dae9d210b8 | php -- use-after-free vulnerability
Symeon Paraschoudis reports:
Use-after-free vulnerability in spl_recursive_it_move_forward_ex()
Discovery 2015-06-30 Entry 2015-07-13 php56
< 5.6.11
php55
< 5.5.27
php5
< 5.4.43
https://bugs.php.net/bug.php?id=69970
|
66d77c58-3b1d-11e6-8e82-002590263bf5 | php -- multiple vulnerabilities
The PHP Group reports:
Please reference CVE/URL list for details
Discovery 2016-06-23 Entry 2016-06-25 php55
php55-gd
php55-mbstring
php55-wddx
php55-zip
< 5.5.37
php56
php56-gd
php56-mbstring
php56-phar
php56-wddx
php56-zip
< 5.6.23
php70
php70-gd
php70-mbstring
php70-phar
php70-wddx
php70-zip
< 7.0.8
CVE-2015-8874
CVE-2016-5766
CVE-2016-5767
CVE-2016-5768
CVE-2016-5769
CVE-2016-5770
CVE-2016-5771
CVE-2016-5772
CVE-2016-5773
ports/210491
ports/210502
http://php.net/ChangeLog-5.php#5.5.37
http://php.net/ChangeLog-5.php#5.6.23
http://php.net/ChangeLog-7.php#7.0.8
|
482d40cb-f9a3-11e5-92ce-002590263bf5 | php -- multiple vulnerabilities
The PHP Group reports:
- Fileinfo:
- Fixed bug #71527 (Buffer over-write in finfo_open with
malformed magic file).
- mbstring:
- Fixed bug #71906 (AddressSanitizer: negative-size-param (-1)
in mbfl_strcut).
- Phar:
- Fixed bug #71860 (Invalid memory write in phar on filename with
\0 in name).
- SNMP:
- Fixed bug #71704 (php_snmp_error() Format String Vulnerability).
- Standard:
- Fixed bug #71798 (Integer Overflow in php_raw_url_encode).
Discovery 2016-03-31 Entry 2016-04-03 php70
php70-fileinfo
php70-mbstring
php70-phar
php70-snmp
< 7.0.5
php56
php56-fileinfo
php56-mbstring
php56-phar
php56-snmp
< 5.6.20
php55
php55-fileinfo
php55-mbstring
php55-phar
php55-snmp
< 5.5.34
ports/208465
http://php.net/ChangeLog-7.php#7.0.5
http://php.net/ChangeLog-5.php#5.6.20
http://php.net/ChangeLog-5.php#5.5.34
|
5764c634-10d2-11e6-94fa-002590263bf5 | php -- multiple vulnerabilities
The PHP Group reports:
- BCMath:
- Fixed bug #72093 (bcpowmod accepts negative scale and corrupts
_one_ definition).
- Exif:
- Fixed bug #72094 (Out of bounds heap read access in exif header
processing).
- GD:
- Fixed bug #71912 (libgd: signedness vulnerability).
(CVE-2016-3074)
- Intl:
- Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos
with negative offset).
- XML:
- Fixed bug #72099 (xml_parse_into_struct segmentation fault).
Discovery 2016-04-28 Entry 2016-05-03 php70
php70-bcmath
php70-exif
php70-gd
php70-xml
< 7.0.6
php56
php56-bcmath
php56-exif
php56-gd
php56-xml
< 5.6.21
php55
php55-bcmath
php55-exif
php55-gd
php55-xml
< 5.5.35
CVE-2016-3074
ports/209145
http://www.php.net/ChangeLog-7.php#7.0.6
http://www.php.net/ChangeLog-5.php#5.6.21
http://www.php.net/ChangeLog-5.php#5.5.35
|
b6402385-533b-11e6-a7bd-14dae9d210b8 | php -- multiple vulnerabilities
PHP reports:
Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns)
Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()).
Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read access).
Fixed bug #72519 (imagegif/output out-of-bounds access).
Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener).
Fixed bug #72533 (locale_accept_from_http out-of-bounds access).
Fixed bug #72541 (size_t overflow lead to heap corruption).
Fixed bug #72551, bug #72552 (Incorrect casting from size_t to int lead to heap overflow in mdecrypt_generic).
Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications).
Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).
Fixed bug #72613 (Inadequate error handling in bzread()).
Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).
Discovery 2016-07-21 Entry 2016-07-26 php55
< 5.5.38
php56
< 5.6.24
php70
< 7.0.9
php70-curl
< 7.0.9
php55-bz2
< 5.5.38
php56-bz2
< 5.6.24
php70-bz2
< 7.0.9
php55-exif
< 5.5.38
php56-exif
< 5.6.24
php70-exif
< 7.0.9
php55-gd
< 5.5.38
php56-gd
< 5.6.24
php70-gd
< 7.0.9
php70-mcrypt
< 7.0.9
php55-odbc
< 5.5.38
php56-odbc
< 5.6.24
php70-odbc
< 7.0.9
php55-snmp
< 5.5.38
php56-snmp
< 5.6.24
php70-snmp
< 7.0.9
php55-xmlrpc
< 5.5.38
php56-xmlrpc
< 5.6.24
php70-xmlrpc
< 7.0.9
php55-zip
< 5.5.38
php56-zip
< 5.6.24
php70-zip
< 7.0.9
http://www.php.net/ChangeLog-5.php#5.5.38
http://www.php.net/ChangeLog-5.php#5.6.24
http://www.php.net/ChangeLog-7.php#7.0.8
http://seclists.org/oss-sec/2016/q3/121
CVE-2015-8879
CVE-2016-5385
CVE-2016-5399
CVE-2016-6288
CVE-2016-6289
CVE-2016-6290
CVE-2016-6291
CVE-2016-6292
CVE-2016-6294
CVE-2016-6295
CVE-2016-6296
CVE-2016-6297
|
85eb4e46-cf16-11e5-840f-485d605f4717 | php -- multiple vulnerabilities
PHP reports:
- Core:
- Fixed bug #71039 (exec functions ignore length but look for NULL
termination).
- Fixed bug #71323 (Output of stream_get_meta_data can be
falsified by its input).
- Fixed bug #71459 (Integer overflow in iptcembed()).
- PCRE:
- Upgraded bundled PCRE library to 8.38.(CVE-2015-8383,
CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390,
CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)
- Phar:
- Fixed bug #71354 (Heap corruption in tar/zip/phar parser).
- Fixed bug #71391 (NULL Pointer Dereference in
phar_tar_setupmetadata()).
- Fixed bug #71488 (Stack overflow when decompressing tar
archives). (CVE-2016-2554)
- WDDX:
- Fixed bug #71335 (Type Confusion in WDDX Packet
Deserialization).
Discovery 2016-02-04 Entry 2016-02-09 Modified 2016-03-13 php55
php55-phar
php55-wddx
< 5.5.32
php56
php56-phar
php56-wddx
< 5.6.18
CVE-2015-8383
CVE-2015-8386
CVE-2015-8387
CVE-2015-8389
CVE-2015-8390
CVE-2015-8391
CVE-2015-8393
CVE-2015-8394
CVE-2016-2554
http://php.net/ChangeLog-5.php#5.6.18
http://php.net/ChangeLog-5.php#5.5.32
|