20 matches found
Linux Distros Unpatched Vulnerability : CVE-2015-8838
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows...
SUSE CVE-2015-8838
ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152...
SUSE: Security Advisory (SUSE-SU-2016:1145-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2021-1830)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : php (EulerOS-SA-2021-1830)
According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, whi...
EulerOS 2.0 SP2 : php (EulerOS-SA-2020-1632)
According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, whi...
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1632)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : php5 (SUSE-SU-2016:1166-1)
This update for php5 fixes the following security issues : - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM bnc973792. - CVE-2015-8835: SoapClient scall method suffered from a type confusion issue that could have lead to crashes bsc973351 - CVE-2016-2554: A NULL pointer dereference in...
pfSense < 2.2.4 Multiple Vulnerabilities (SA-15_07)
According to its self-reported version number, the remote pfSense install is prior to 2.2.4. It is, therefore, affected by multiple vulnerabilities as stated in the referenced vendor advisories. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid106496;...
SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1581-1)
This update for php53 fixes the following issues : - CVE-2016-5093: A geticuvalueinternal out-of-bounds read could crash the php interpreter bsc982010 - CVE-2016-5094,CVE-2016-5095: Don't allow creating strings with lengths outside int range, avoids overflows bsc982011,bsc982012 - CVE-2016-5096: ...
CVE-2015-8838
ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152...
BELL-CVE-2015-8838 CVE-2015-8838 does not affect BellSoft software
Bulletin has no description...
CVE-2015-8838
CVE-2015-8838 (PHP ext/mysqlnd) affects PHP’s MySQL native driver (ext/mysqlnd) in PHP upstream: versions before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11. It uses a client SSL option to treat SSL as optional, enabling a man-in-the-middle vulnerability that allows spoofing of servers v...
openSUSE Security Update : php5 (openSUSE-2016-517)
This update for php5 fixes the following security issues : - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM bnc973792. - CVE-2015-8835: SoapClient scall method suffered from a type confusion issue that could have lead to crashes bsc973351 - CVE-2016-2554: A NULL pointer dereference in...
Security update for php5 (important)
This update for php5 fixes the following security issues: - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM bnc973792. - CVE-2015-8835: SoapClient scall method suffered from a type confusion issue that could have lead to crashes bsc973351 - CVE-2016-2554: A NULL pointer dereference in...
openSUSE: Security Advisory for php5 (openSUSE-SU-2016:1167-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for php5 (important)
This update for php5 fixes the following security issues: - bsc974305: buffer overflow in libmagic - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM bnc973792. - CVE-2015-8835: SoapClient scall method suffered from type confusion issue bnc973351. - CVE-2016-3141: A use-after-free / double-free...
SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1145-1)
This update for php53 fixes the following issues : - CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM bnc973792. - CVE-2015-8835: SoapClient scall method suffered from a type confusion issue that could have lead to crashes bsc973351 - CVE-2016-2554: A NULL pointer dereference in phargetfpoffset...
USN-2952-1: PHP vulnerabilities
It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. CVE-2014-9767 It was discovered that the PHP Soap client incorrectly validated data types. A remote...
CVE-2015-8838
ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152...