24 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-7411
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext/standard/varunserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service memo...
Slackware: Security Advisory (SSA:2016-267-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2016-0319)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:2459-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:2477-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:2477-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-749-1 : php5 security update (httpoxy)
CVE-2016-5385 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's...
[SECURITY] [DLA 749-1] php5 security update
Package : php5 Version : 5.4.45-0+deb7u6 CVE ID : CVE-2016-5385 CVE-2016-7124 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132 CVE-2016-7411 CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418 CVE-2016-5385 PHP through 7.0.8 does not attempt to...
DLA-749-1 php5 - security update
Bulletin has no description...
FreeBSD : PHP -- multiple vulnerabilities (8d5180a6-86fe-11e6-8d93-00248c0c745d)
PHP reports : - Fixed bug 73007 add locale length check - Fixed bug 72293 Heap overflow in mysqlnd related to BIT fields - Fixed bug 72928 Out of bound when verify signature of zip phar in pharparsezipfile - Fixed bug 73029 Missing type check when unserializing SplArray - Fixed bug 73052 Memory...
openSUSE: Security Advisory for php5 (openSUSE-SU-2016:2540-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: php56
Issue Overview: ext/standard/varunserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via an unserialize call that references a partially constructed...
[SECURITY] [DSA 3689-1] php5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3689-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 08, 2016 https://www.debian.org/security/faq -...
SUSE SLES11 Security Update : php53 (SUSE-SU-2016:2459-1)
This update for php53 fixes the following security issues : - CVE-2016-7124: Create an Unexpected Object and Don't Invoke wakeup in Deserialization - CVE-2016-7125: PHP Session Data Injection Vulnerability - CVE-2016-7126: selectcolors write out-of-bounds - CVE-2016-7127: imagegammacorrect allowe...
SUSE-SU-2016:2461-1 Security update for php53
This update for php53 fixes the following issues: CVE-2016-7411: php5: Memory corruption when destructing deserialized object CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNEDFLAG in BIT field CVE-2016-7413: Use after free in wddxdeserialize CVE-2016-7414: Out of bounds heap rea...
Ubuntu: Security Advisory (USN-3095-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : php5 (openSUSE-2016-1150)
This update for php5 fixes the following security issues : - CVE-2016-7411: Memory corruption when destructing deserialized object - CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNEDFLAG in BIT field - CVE-2016-7413: Use after free in wddxdeserialize - CVE-2016-7414: Out of boun...
Ubuntu 14.04 LTS / 16.04 LTS : PHP vulnerabilities (USN-3095-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3095-1 advisory. Taoguang Chen discovered that PHP incorrectly handled certain invalid objects when unserializing data. A remote attacker could use this issue...
Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-267-01)
New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2016-267-01. The text itself is copyright...
CVE-2016-7411
ext/standard/varunserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via an unserialize call that references a partially constructed object...