Lucene search
K

534 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:15 a.m.2 views

SUSE CVE-2015-5590

Stack-based buffer overflow in the pharfixfilepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling...

7.3CVSS8.1AI score0.04633EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:13 a.m.8 views

SUSE CVE-2015-7804

Off-by-one error in the pharparsezipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service uninitialized pointer dereference and application crash by including the / filename in a .zip PHAR archive...

6.8CVSS6.9AI score0.08799EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.3 views

SUSE CVE-2015-8873

Stack consumption vulnerability in Zend/zendexceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service segmentation fault via recursive method calls...

7.5CVSS8.5AI score0.03881EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.5 views

SUSE CVE-2015-8877

The gdImageScaleTwoPass function in gdinterpolation.c in the GD Graphics Library aka libgd before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows remote attackers to cause a denial of service memory consumption via a crafted call, as demonstrated ...

7.5CVSS8.9AI score0.03647EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:59 a.m.3 views

SUSE CVE-2016-6291

The exifprocessIFDinMAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service out-of-bounds array access and memory corruption, obtain sensitive information from process memory, or possibly have...

9.8CVSS9AI score0.05598EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:58 a.m.3 views

SUSE CVE-2016-7412

ext/mysqlnd/mysqlndwireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNEDFLAG flag, which allows remote MySQL servers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted field metadata...

8.1CVSS7.8AI score0.0885EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:56 a.m.3 views

SUSE CVE-2016-9137

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curlfile.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during wakeup processing...

9.8CVSS7.8AI score0.05363EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:43 a.m.4 views

SUSE CVE-2017-11144

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in...

4.8CVSS8.8AI score0.06164EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:43 a.m.3 views

SUSE CVE-2017-11362

In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformatparse.c does not restrict the locale length, which allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact within International...

9.8CVSS9.4AI score0.0291EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:41 a.m.3 views

SUSE CVE-2017-12934

ext/standard/varunserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zvalgettype function in Zend/zendtypes.h. Exploitation of this issue can have an unspecified impact on the integrity of PHP...

7.5CVSS9.7AI score0.03634EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.2 views

SUSE CVE-2017-18264

An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases. The restrictions caused by $cfg'Servers'$i'AllowNoPassword' = false are bypassed under certain PHP versions e.g., version 5. This can allow the login of users who have no...

9.8CVSS9.5AI score0.02991EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.5 views

SUSE CVE-2018-5711

gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or...

5.3CVSS9.3AI score0.13204EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.3 views

SUSE CVE-2018-10545

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser environment to obtain sensitive...

6.5CVSS8.1AI score0.00831EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.4 views

SUSE CVE-2018-10547

An issue was discovered in ext/phar/pharobject.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an...

6.3CVSS8.4AI score0.0363EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.4 views

SUSE CVE-2018-19396

ext/standard/varunserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service application crash via an unserialize call for the com, dotnet, or variant class...

7.5CVSS9.3AI score0.04584EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:15 a.m.2 views

SUSE CVE-2019-9021

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the...

3.3CVSS9.8AI score0.10059EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2023/02/15 4:15 a.m.3 views

SUSE CVE-2019-9022

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dnsgetrecord misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects phpparser...

6.5CVSS9.6AI score0.04188EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:14 a.m.3 views

SUSE CVE-2019-9640

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exifprocessSOFn...

3.3CVSS9.6AI score0.06183EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.2 views

SUSE CVE-2019-11035

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exifiifaddvalue function. This may lead to information disclosure or crash...

4.8CVSS9.2AI score0.04409EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.2 views

SUSE CVE-2019-11044

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

7.5CVSS7.6AI score0.05124EPSS
Exploits2References3
Rows per page
Query Builder