135 matches found
EUVD-2016-6704
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2016-1000005
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mcryptgetblocksize did not enforce that the provided module parameter was a string, leading to type confusion if other types of data were passed in. This issue...
GHSA-XG9W-R469-M455 ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
In Zend Framework 2, the Zend\Math\Rand component generates random bytes using the OpenSSL or Mcrypt extensions when available but will otherwise use PHP's mtrand function as a fallback. All outputs from mtrand are predictable for the same PHP process if an attacker can brute force the seed used ...
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
In Zend Framework 2, the Zend\Math\Rand component generates random bytes using the OpenSSL or Mcrypt extensions when available but will otherwise use PHP's mtrand function as a fallback. All outputs from mtrand are predictable for the same PHP process if an attacker can brute force the seed used ...
K21042398: PHP vulnerability CVE-2016-5769
Security Advisory Description Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impa...
SUSE CVE-2007-2727
The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...
SUSE CVE-2012-4409
Stack-based buffer overflow in the checkfilehead function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption...
SUSE CVE-2012-4527
Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to cause a denial of service crash and possibly execute arbitrary code via a long file name. NOTE: it is not clear whether this is a vulnerability...
SUSE CVE-2016-5769
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted length value,...
SUSE: Security Advisory (SUSE-SU-2016:2013-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for php-robrichards-xmlseclibs1 (FEDORA-2020-af82229ae5)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 30 Update: php-robrichards-xmlseclibs1-1.4.3-1.fc30
xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. NOTE: php-mcrypt will not be automatically installed as a dependency of this package so it will need to be "manually" installed if it is required -- specifically for the following XMLSecurityKey encryption type...
[SECURITY] Fedora 29 Update: php-robrichards-xmlseclibs-2.1.1-1.fc29
xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. NOTE: php-mcrypt will not be automatically installed as a dependency of this package so it will need to be "manually" installed if it is required -- specifically for the following XMLSecurityKey encryption type...
[SECURITY] Fedora 31 Update: php-robrichards-xmlseclibs-2.1.1-1.fc31
xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. NOTE: php-mcrypt will not be automatically installed as a dependency of this package so it will need to be "manually" installed if it is required -- specifically for the following XMLSecurityKey encryption type...
SUSE-RU-2019:0823-1 Optional update for php72
This update provides PHP 7.2 and subpackages to the SUSE Linux Enterprise 12 Web and Scripting Module. It is a replacement of the php7 packages, the packages do not co-exist. The mcrypt extensions was removed in PHP 7.2...
Fedora 27 : php (2017-46e8bdccef)
PHP version 7.1.11 26 Oct 2017 Core: - Fixed bug php75241 NULL pointer dereference in zendmmallocsmall. Laruence - Fixed bug php75236 infinite loop when printing an error-message. Andrea - Fixed bug php75252 Incorrect token formatting on two parse errors in one request. Nikita - Fixed bug php7522...
Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: Out-Of-Bounds Read in timelibmeridian in the Date module php75055. Arcfour encryption stream filter crashes php-mcrypt php72535...
MGASA-2017-0412 Updated php packages fix security vulnerabilities
Updated php packages fix security vulnerabilities: Out-Of-Bounds Read in timelibmeridian in the Date module php75055. Arcfour encryption stream filter crashes php-mcrypt php72535...
Fedora 25 : php (2017-cdaaf6ea12)
PHP version 7.0.25 26 Oct 2017 Core: - Fixed bug php75241 NULL pointer dereference in zendmmallocsmall. Laruence - Fixed bug php75236 infinite loop when printing an error-message. Andrea - Fixed bug php75252 Incorrect token formatting on two parse errors in one request. Nikita - Fixed bug php7522...
CVE-2017-15582
In net.MCrypt in the "Diary with lock" aka WriteDiary application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries...