SUSE CVE-2007-0910

Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors...

SUSE CVE-2007-1413

Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument object id...

SUSE CVE-2007-2748

The substrcount function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375...

SUSE CVE-2008-2107

The GENERATESEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mtrand functions an...

SUSE CVE-2008-5624

PHP 5 before 5.2.7 does not properly initialize the pageuid and pagegid global variables for use by the SAPI phpgetuid function, which allows context-dependent attackers to bypass safemode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting ...

SUSE CVE-2008-5814

Cross-site scripting XSS vulnerability in PHP, possibly 5.2.7 and earlier, when displayerrors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208...

SUSE CVE-2011-1464

Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service application crash via a small numerical value in the argument...

SUSE CVE-2015-6833

Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. dot dot in a ZIP archive entry that is mishandled during an extractTo call...

SUSE CVE-2016-4540

The graphemestripos function in ext/intl/grapheme/graphemestring.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a negative offset...

SUSE CVE-2016-5093

The geticuvalueinternal function in ext/intl/locale/localemethods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other...

SUSE CVE-2016-5769

Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted length value,...

SUSE CVE-2016-7127

The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service out-of-bounds write or possibly have unspecified other impact by providing different signs for the second an...

CVE-2022-45928

OpenText Content Suite Platform 22.1 (16.2.19.1803) is affected by a remote OScript execution vulnerability. Multiple endpoints accept the htmlFile parameter, which is processed in the HTML rendering pipeline and can trigger Oscript code execution in the Content Server. The underlying risk is tha...

Fedora: Security Advisory for php (FEDORA-2023-5732365005)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PHP 安全漏洞

PHP is a scripting language in which PHP is executed server-side. PHP has a security vulnerability. An attacker exploiting the vulnerability can read or change data...

[SECURITY] Fedora 37 Update: ruby-3.1.3-172.fc37

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

ALSA-2022:7624 Moderate: php:8.0 security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.0.20. BZ2100876 Security Fixes: php: Use after free due to phpfilterfloat failing for ints CVE-2021-21708 php: Uninitialized array in...

[SECURITY] Fedora 36 Update: php-8.1.12-1.fc36

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Fedora: Security Advisory for php (FEDORA-2022-f2a5082860)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: php-8.0.25-1.fc35

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...