Amazon Linux AMI : php55 (ALAS-2015-510)

A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. CVE-2015-1351 A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to function as pginsert or pgselect could...

Low: php56

Issue Overview: A use-after-free flaw was found in PHP's OPcache extension. This flaw could possibly lead to a disclosure of portion of server memory. CVE-2015-1351 A NULL pointer dereference flaw was found in PHP's pgsql extension. A specially crafted table name passed to function as pginsert or...

Fedora 20 : php-5.5.23-1.fc20 (2015-4216)

19 Mar 2015, PHP 5.5.23 Core : - Fixed bug 69174 leaks when unused inner class use traits precedence. Laruence - Fixed bug 69139 Crash in gczvalpossibleroot on unserialize. Laruence - Fixed bug 69121 Segfault in getcurrentuser when script owner is not in passwd with ZTS build. dan at syneto dot n...

Fedora 22 : php-5.6.7-2.fc22 (2015-4255)

19 Mar 2015, PHP 5.6.7 Core : - Fixed bug 69174 leaks when unused inner class use traits precedence. Laruence - Fixed bug 69139 Crash in gczvalpossibleroot on unserialize. Laruence - Fixed bug 69121 Segfault in getcurrentuser when script owner is not in passwd with ZTS build. dan at syneto dot ne...

Fedora 20 : php-5.5.21-1.fc20 (2015-1101)

22 Jan 2014, PHP 5.5.21 Core : - Upgraded cryptblowfish to version 1.3. Leigh - Fixed bug 60704 unlink bug with some files path. - Fixed bug 65419 Inside trait, self::class != CLASS. Julien - Fixed bug 65576 Constructor from trait conflicts with inherited constructor. dunglas at gmail dot com -...

[SECURITY] [DSA 3117-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3117-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 31, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3117-1 (php5 - security update)

Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. As announced in DSA 3064-1 it has been decided to follow the stable 5.4.x releases for the Wheezy php5 packages. Consequently the vulnerabilities are addressed by upgradi...

Amazon Linux AMI : php-ZendFramework (ALAS-2014-460)

The 1 ZendLdap class in Zend before 1.12.9 and 2 Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind. CVE-2014-8088 The 1.12.9, 2.2.8, and 2.3.3 releas...

Oracle Linux 6 : rsyslog7 (ELSA-2014-1654)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-1654 advisory. 7.4.10-3 - fix CVE-2014-3634 resolves: 1149150 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Mandriva Linux Security Advisory : mediawiki (MDVSA-2014:153)

Updated mediawiki packages fix security vulnerabilities : MediaWiki before 1.23.2 is vulnerable to JSONP injection in Flash, XSS in mediawiki.page.image.pagination.js, and clickjacking between OutputPage and ParserOutput. This update provides MediaWiki 1.23.2, fixing these and other issues...

Medium: php54

Issue Overview: acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information fileinfo extension parsed certain...

openSUSE Security Update : proftpd (openSUSE-2011-19)

Vulnerabilities were discovered for the proftpd packages in openSUSE version 12.1. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2011-19. The text description of this plugin is C SU...

openSUSE Security Update : dovecot20 (dovecot20-4610)

dovecot crash when parsing mail headers that contain NUL characters CVE-2011-1929 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update dovecot20-4610. The text description of this plugin is C SUSE...

CVE-2013-0191

libpam-pgsql aka pampgsql 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password...

CVE-2013-0191

libpam-pgsql aka pampgsql 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password...

CVE-2013-0191

libpam-pgsql aka pampgsql 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password...

UBUNTU-CVE-2013-0191

libpam-pgsql aka pampgsql 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password...

Authentication flaw

libpam-pgsql aka pampgsql 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password...

CVE-2013-0191

Removed by vendor...

CVE-2013-0191

The CVE-2013-0191 entry concerns libpam-pgsql (pam_pgsql) 0.7, where a NULL value returned by the password search query is not handled properly, allowing remote attackers to bypass authentication with a crafted password. This is documented in the NVD entry for CVE-2013-0191. The connected records...