VuXML ID | Description |
b6402385-533b-11e6-a7bd-14dae9d210b8 | php -- multiple vulnerabilities
PHP reports:
Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns)
Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()).
Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read access).
Fixed bug #72519 (imagegif/output out-of-bounds access).
Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener).
Fixed bug #72533 (locale_accept_from_http out-of-bounds access).
Fixed bug #72541 (size_t overflow lead to heap corruption).
Fixed bug #72551, bug #72552 (Incorrect casting from size_t to int lead to heap overflow in mdecrypt_generic).
Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications).
Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).
Fixed bug #72613 (Inadequate error handling in bzread()).
Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).
Discovery 2016-07-21 Entry 2016-07-26 php55
< 5.5.38
php56
< 5.6.24
php70
< 7.0.9
php70-curl
< 7.0.9
php55-bz2
< 5.5.38
php56-bz2
< 5.6.24
php70-bz2
< 7.0.9
php55-exif
< 5.5.38
php56-exif
< 5.6.24
php70-exif
< 7.0.9
php55-gd
< 5.5.38
php56-gd
< 5.6.24
php70-gd
< 7.0.9
php70-mcrypt
< 7.0.9
php55-odbc
< 5.5.38
php56-odbc
< 5.6.24
php70-odbc
< 7.0.9
php55-snmp
< 5.5.38
php56-snmp
< 5.6.24
php70-snmp
< 7.0.9
php55-xmlrpc
< 5.5.38
php56-xmlrpc
< 5.6.24
php70-xmlrpc
< 7.0.9
php55-zip
< 5.5.38
php56-zip
< 5.6.24
php70-zip
< 7.0.9
http://www.php.net/ChangeLog-5.php#5.5.38
http://www.php.net/ChangeLog-5.php#5.6.24
http://www.php.net/ChangeLog-7.php#7.0.8
http://seclists.org/oss-sec/2016/q3/121
CVE-2015-8879
CVE-2016-5385
CVE-2016-5399
CVE-2016-6288
CVE-2016-6289
CVE-2016-6290
CVE-2016-6291
CVE-2016-6292
CVE-2016-6294
CVE-2016-6295
CVE-2016-6296
CVE-2016-6297
|
742563d4-d776-11e4-b595-4061861086c1 | Several vulnerabilities found in PHP
The PHP project reports:
The PHP development team announces the immediate
availability of PHP 5.6.7. Several bugs have been
fixed as well as CVE-2015-0231, CVE-2015-2305 and
CVE-2015-2331. All PHP 5.6 users are encouraged to
upgrade to this version.
The PHP development team announces the immediate
availability of PHP 5.5.23. Several bugs have been
fixed as well as CVE-2015-0231, CVE-2015-2305 and
CVE-2015-2331. All PHP 5.5 users are encouraged
to upgrade to this version.
The PHP development team announces the immediate
availability of PHP 5.4.39. Six security-related
bugs were fixed in this release, including
CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331.
All PHP 5.4 users are encouraged to upgrade to
this version.
Discovery 2015-03-19 Entry 2015-04-01 php53
le 5.3.29_5
php5
< 5.4.39
php55
< 5.5.23
php56
< 5.6.7
http://php.net/archive/2015.php#id2015-03-20-2
CVE-2015-0231
CVE-2015-2305
CVE-2015-2311
ports/198739
|
85eb4e46-cf16-11e5-840f-485d605f4717 | php -- multiple vulnerabilities
PHP reports:
- Core:
- Fixed bug #71039 (exec functions ignore length but look for NULL
termination).
- Fixed bug #71323 (Output of stream_get_meta_data can be
falsified by its input).
- Fixed bug #71459 (Integer overflow in iptcembed()).
- PCRE:
- Upgraded bundled PCRE library to 8.38.(CVE-2015-8383,
CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390,
CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)
- Phar:
- Fixed bug #71354 (Heap corruption in tar/zip/phar parser).
- Fixed bug #71391 (NULL Pointer Dereference in
phar_tar_setupmetadata()).
- Fixed bug #71488 (Stack overflow when decompressing tar
archives). (CVE-2016-2554)
- WDDX:
- Fixed bug #71335 (Type Confusion in WDDX Packet
Deserialization).
Discovery 2016-02-04 Entry 2016-02-09 Modified 2016-03-13 php55
php55-phar
php55-wddx
< 5.5.32
php56
php56-phar
php56-wddx
< 5.6.18
CVE-2015-8383
CVE-2015-8386
CVE-2015-8387
CVE-2015-8389
CVE-2015-8390
CVE-2015-8391
CVE-2015-8393
CVE-2015-8394
CVE-2016-2554
http://php.net/ChangeLog-5.php#5.6.18
http://php.net/ChangeLog-5.php#5.5.32
|
6b110175-246d-11e6-8dd3-002590263bf5 | php -- multiple vulnerabilities
The PHP Group reports:
- Core:
- Fixed bug #72114 (Integer underflow / arbitrary null write in
fread/gzread). (CVE-2016-5096) (PHP 5.5/5.6 only)
- Fixed bug #72135 (Integer Overflow in php_html_entities).
(CVE-2016-5094) (PHP 5.5/5.6 only)
- GD:
- Fixed bug #72227 (imagescale out-of-bounds read).
(CVE-2013-7456)
- Intl:
- Fixed bug #72241 (get_icu_value_internal out-of-bounds read).
(CVE-2016-5093)
- Phar:
- Fixed bug #71331 (Uninitialized pointer in
phar_make_dirstream()). (CVE-2016-4343) (PHP 5.5 only)
Discovery 2016-05-26 Entry 2016-05-28 php70-gd
php70-intl
< 7.0.7
php56
php56-gd
< 5.6.22
php55
php55-gd
php55-phar
< 5.5.36
CVE-2016-5096
CVE-2016-5094
CVE-2013-7456
CVE-2016-5093
CVE-2016-4343
ports/209779
http://php.net/ChangeLog-7.php#7.0.7
http://php.net/ChangeLog-5.php#5.6.22
http://php.net/ChangeLog-5.php#5.5.36
|
787ef75e-44da-11e5-93ad-002590263bf5 | php5 -- multiple vulnerabilities
The PHP project reports:
Core:
- Fixed bug #69793 (Remotely triggerable stack exhaustion via
recursive method calls).
- Fixed bug #70121 (unserialize() could lead to unexpected methods
execution / NULL pointer deref).
OpenSSL:
- Fixed bug #70014 (openssl_random_pseudo_bytes() is not
cryptographically secure).
Phar:
- Improved fix for bug #69441.
- Fixed bug #70019 (Files extracted from archive may be placed
outside of destination directory).
SOAP:
- Fixed bug #70081 (SoapClient info leak / null pointer
dereference via multiple type confusions).
SPL:
- Fixed bug #70068 (Dangling pointer in the unserialization of
ArrayObject items).
- Fixed bug #70166 (Use After Free Vulnerability in unserialize()
with SPLArrayObject).
- Fixed bug #70168 (Use After Free Vulnerability in unserialize()
with SplObjectStorage).
- Fixed bug #70169 (Use After Free Vulnerability in unserialize()
with SplDoublyLinkedList).
Discovery 2015-08-06 Entry 2015-08-17 Modified 2015-09-08 php5
php5-openssl
php5-phar
php5-soap
< 5.4.44
php55
php55-openssl
php55-phar
php55-soap
< 5.5.28
php56
php56-openssl
php56-phar
php56-soap
< 5.6.12
http://php.net/ChangeLog-5.php#5.4.44
http://php.net/ChangeLog-5.php#5.5.28
http://php.net/ChangeLog-5.php#5.6.12
CVE-2015-6831
CVE-2015-6832
CVE-2015-6833
|
47b4e713-6513-11e3-868f-0025905a4771 | PHP5 -- memory corruption in openssl_x509_parse()
Stefan Esser reports:
The PHP function openssl_x509_parse() uses a helper function
called asn1_time_to_time_t() to convert timestamps from ASN1
string format into integer timestamp values. The parser within
this helper function is not binary safe and can therefore be
tricked to write up to five NUL bytes outside of an allocated
buffer.
This problem can be triggered by x509 certificates that contain
NUL bytes in their notBefore and notAfter timestamp fields and
leads to a memory corruption that might result in arbitrary
code execution.
Depending on how openssl_x509_parse() is used within a PHP
application the attack requires either a malicious cert signed
by a compromised/malicious CA or can be carried out with a
self-signed cert.
Discovery 2013-12-13 Entry 2013-12-14 php5
ge 5.4.0 lt 5.4.23
php53
< 5.3.28
php55
ge 5.5.0 lt 5.5.7
CVE-2013-6420
https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html
|
482d40cb-f9a3-11e5-92ce-002590263bf5 | php -- multiple vulnerabilities
The PHP Group reports:
- Fileinfo:
- Fixed bug #71527 (Buffer over-write in finfo_open with
malformed magic file).
- mbstring:
- Fixed bug #71906 (AddressSanitizer: negative-size-param (-1)
in mbfl_strcut).
- Phar:
- Fixed bug #71860 (Invalid memory write in phar on filename with
\0 in name).
- SNMP:
- Fixed bug #71704 (php_snmp_error() Format String Vulnerability).
- Standard:
- Fixed bug #71798 (Integer Overflow in php_raw_url_encode).
Discovery 2016-03-31 Entry 2016-04-03 php70
php70-fileinfo
php70-mbstring
php70-phar
php70-snmp
< 7.0.5
php56
php56-fileinfo
php56-mbstring
php56-phar
php56-snmp
< 5.6.20
php55
php55-fileinfo
php55-mbstring
php55-phar
php55-snmp
< 5.5.34
ports/208465
http://php.net/ChangeLog-7.php#7.0.5
http://php.net/ChangeLog-5.php#5.6.20
http://php.net/ChangeLog-5.php#5.5.34
|
af7fbd91-29a1-11e5-86ff-14dae9d210b8 | php -- use-after-free vulnerability
Symeon Paraschoudis reports:
Use-after-free vulnerability in spl_recursive_it_move_forward_ex()
Discovery 2015-06-30 Entry 2015-07-13 php56
< 5.6.11
php55
< 5.5.27
php5
< 5.4.43
https://bugs.php.net/bug.php?id=69970
|
3d675519-5654-11e5-9ad8-14dae9d210b8 | php -- multiple vulnerabilities
PHP reports:
- Core:
- Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
- Fixed bug #70219 (Use after free vulnerability in session deserializer).
- EXIF:
- Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
- hash:
- Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
- PCRE:
- Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
- SOAP:
- Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
- SPL:
- Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).
- Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).
- XSLT:
- Fixed bug #69782 (NULL pointer dereference).
- ZIP:
- Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).
Discovery 2015-09-03 Entry 2015-09-08 Modified 2015-09-08 php5
php5-soap
php5-xsl
< 5.4.45
php55
php55-soap
php55-xsl
< 5.5.29
php56
php56-soap
php56-xsl
< 5.6.13
http://php.net/ChangeLog-5.php#5.4.45
http://php.net/ChangeLog-5.php#5.5.29
http://php.net/ChangeLog-5.php#5.6.13
CVE-2015-6834
CVE-2015-6835
CVE-2015-6836
CVE-2015-6837
CVE-2015-6838
|
5764c634-10d2-11e6-94fa-002590263bf5 | php -- multiple vulnerabilities
The PHP Group reports:
- BCMath:
- Fixed bug #72093 (bcpowmod accepts negative scale and corrupts
_one_ definition).
- Exif:
- Fixed bug #72094 (Out of bounds heap read access in exif header
processing).
- GD:
- Fixed bug #71912 (libgd: signedness vulnerability).
(CVE-2016-3074)
- Intl:
- Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos
with negative offset).
- XML:
- Fixed bug #72099 (xml_parse_into_struct segmentation fault).
Discovery 2016-04-28 Entry 2016-05-03 php70
php70-bcmath
php70-exif
php70-gd
php70-xml
< 7.0.6
php56
php56-bcmath
php56-exif
php56-gd
php56-xml
< 5.6.21
php55
php55-bcmath
php55-exif
php55-gd
php55-xml
< 5.5.35
CVE-2016-3074
ports/209145
http://www.php.net/ChangeLog-7.php#7.0.6
http://www.php.net/ChangeLog-5.php#5.6.21
http://www.php.net/ChangeLog-5.php#5.5.35
|
31de2e13-00d2-11e5-a072-d050996490d0 | php -- multiple vulnerabilities
PHP development team reports:
Fixed bug #69364 (PHP Multipart/form-data remote DoS
Vulnerability). (CVE-2015-4024)
Fixed bug #69418 (CVE-2006-7243 fix regressions in
5.4+). (CVE-2015-4025)
Fixed bug #69545 (Integer overflow in ftp_genlist()
resulting in heap overflow). (CVE-2015-4022)
Fixed bug #68598 (pcntl_exec() should not allow null
char). (CVE-2015-4026)
Fixed bug #69453 (Memory Corruption in phar_parse_tarfile
when entry filename starts with null). (CVE-2015-4021)
Discovery 2015-05-14 Entry 2015-05-22 php5
< 5.4.41
php55
< 5.5.25
php56
< 5.6.9
CVE-2015-4021
CVE-2015-4022
CVE-2015-4024
CVE-2015-4025
CVE-2015-4026
https://php.net/ChangeLog-5.php#5.6.9
|
f7a9e415-bdca-11e4-970c-000c292ee6b8 | php5 -- multiple vulnerabilities
The PHP Project reports:
Use after free vulnerability in unserialize() with DateTimeZone.
Mitigation for CVE-2015-0235 -- GHOST: glibc gethostbyname buffer
overflow.
Discovery 2015-02-18 Entry 2015-02-26 php5
< 5.4.38
php55
< 5.5.22
php56
< 5.6.6
CVE-2015-0235
CVE-2015-0273
http://php.net/ChangeLog-5.php#5.4.38
http://php.net/ChangeLog-5.php#5.5.22
http://php.net/ChangeLog-5.php#5.6.6
|
6b771fe2-b84e-11e5-92f9-485d605f4717 | php -- multiple vulnerabilities
PHP reports:
- Core:
- Fixed bug #70755 (fpm_log.c memory leak and buffer overflow).
- GD:
- Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array
Index Out of Bounds).
- SOAP:
- Fixed bug #70900 (SoapClient systematic out of memory error).
- Wddx
- Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet
Deserialization).
- Fixed bug #70741 (Session WDDX Packet Deserialization Type
Confusion Vulnerability).
- XMLRPC:
- Fixed bug #70728 (Type Confusion Vulnerability in
PHP_to_XMLRPC_worker()).
Discovery 2016-01-07 Entry 2016-01-11 php55
php55-gd
php55-wddx
php55-xmlrpc
< 5.5.31
php56
php56-gd
php56-soap
php56-wddx
php56-xmlrpc
< 5.6.17
http://www.php.net/ChangeLog-5.php#5.5.31
http://www.php.net/ChangeLog-5.php#5.6.17
|
66d77c58-3b1d-11e6-8e82-002590263bf5 | php -- multiple vulnerabilities
The PHP Group reports:
Please reference CVE/URL list for details
Discovery 2016-06-23 Entry 2016-06-25 php55
php55-gd
php55-mbstring
php55-wddx
php55-zip
< 5.5.37
php56
php56-gd
php56-mbstring
php56-phar
php56-wddx
php56-zip
< 5.6.23
php70
php70-gd
php70-mbstring
php70-phar
php70-wddx
php70-zip
< 7.0.8
CVE-2015-8874
CVE-2016-5766
CVE-2016-5767
CVE-2016-5768
CVE-2016-5769
CVE-2016-5770
CVE-2016-5771
CVE-2016-5772
CVE-2016-5773
ports/210491
ports/210502
http://php.net/ChangeLog-5.php#5.5.37
http://php.net/ChangeLog-5.php#5.6.23
http://php.net/ChangeLog-7.php#7.0.8
|
5a1d5d74-29a0-11e5-86ff-14dae9d210b8 | php -- arbitrary code execution
cmb reports:
When delayed variable substitution is enabled (can be set in the
Registry, for instance), !ENV! works similar to %ENV%, and the
value of the environment variable ENV will be subsituted.
Discovery 2015-06-07 Entry 2015-07-13 php56
< 5.6.11
php55
< 5.5.27
php5
< 5.4.43
https://bugs.php.net/bug.php?id=69768
|
1e232a0c-eb57-11e4-b595-4061861086c1 | Several vulnerabilities found in PHP
The PHP project reports:
The PHP development team announces the immediate
availability of PHP 5.4.40. 14 security-related
bugs were fixed in this release, including
CVE-2014-9709, CVE-2015-2301, CVE-2015-2783,
CVE-2015-1352. All PHP 5.4 users are encouraged to
upgrade to this version.
The PHP development team announces the immediate
availability of PHP 5.5.24. Several bugs have been
fixed, some of them being security related, like
CVE-2015-1351 and CVE-2015-1352. All PHP 5.5 users
are encouraged to upgrade to this version.
The PHP development team announces the immediate
availability of PHP 5.6.8. Several bugs have been
fixed, some of them being security related, like
CVE-2015-1351 and CVE-2015-1352. All PHP 5.6 users
are encouraged to upgrade to this version.
Discovery 2015-04-16 Entry 2015-04-25 Modified 2015-05-22 php5
< 5.4.40
php55
< 5.5.24
php56
< 5.6.8
http://php.net/archive/2015.php#id2015-04-16-2
CVE-2014-9709
CVE-2015-2301
CVE-2015-2783
CVE-2015-1351
CVE-2015-1352
ports/199585
|