248 matches found
Fedora 28 : php (2018-b6072889db)
PHP version 7.2.10 13 Sep 2018 Core: - Fixed bug php76754 parent private constant in extends class memory leak. Laruence - Fixed bug php72443 Generate enabled extension. petk - Fixed bug php75797 Memory leak when using classalias in non-debug mode. Massimiliano Braglia Apache2: - Fixed bug php765...
Fedora 26 : php (2018-6071a600e8)
PHP version 7.1.17 26 Apr 2018 Date: - Fixed bug php76131 mismatch arginfo for datecreate. carusogabriel Exif: - Fixed bug php76130 Heap Buffer Overflow READ: 1786 in exifiifaddvalue. Stas FPM: - Fixed bug php68440 ERROR: failed to reload: execvp failed: Argument list too long. Jacob Hipps - Fixe...
Fedora 27 : php (2018-04f6056c42)
PHP version 7.1.17 26 Apr 2018 Date: - Fixed bug php76131 mismatch arginfo for datecreate. carusogabriel Exif: - Fixed bug php76130 Heap Buffer Overflow READ: 1786 in exifiifaddvalue. Stas FPM: - Fixed bug php68440 ERROR: failed to reload: execvp failed: Argument list too long. Jacob Hipps - Fixe...
Fedora 26 : php (2018-e8bc8d2784)
PHP version 7.1.15 01 Mar 2018 Apache2Handler: - Fixed bug php75882 a simple way for segfaults in threadsafe php just with configuration. Anatol Date: - Fixed bug php75857 Timezone gets truncated when formatted. carusogabriel - Fixed bug php75928 Argument 2 for DateTimeZone::listIdentifiers shoul...
Fedora 27 : php (2018-a89ccf7133)
PHP version 7.1.15 01 Mar 2018 Apache2Handler: - Fixed bug php75882 a simple way for segfaults in threadsafe php just with configuration. Anatol Date: - Fixed bug php75857 Timezone gets truncated when formatted. carusogabriel - Fixed bug php75928 Argument 2 for DateTimeZone::listIdentifiers shoul...
catalog.spl.org Open Redirect vulnerability
Open Bug Bounty ID: OBB-524764 Description| Value ---|--- Affected Website:| catalog.spl.org Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Disclosure Standard:| Coordinated Disclosure based on ISO...
Fedora 27 : php (2017-46e8bdccef)
PHP version 7.1.11 26 Oct 2017 Core: - Fixed bug php75241 NULL pointer dereference in zendmmallocsmall. Laruence - Fixed bug php75236 infinite loop when printing an error-message. Andrea - Fixed bug php75252 Incorrect token formatting on two parse errors in one request. Nikita - Fixed bug php7522...
Fedora 25 : php (2017-cdaaf6ea12)
PHP version 7.0.25 26 Oct 2017 Core: - Fixed bug php75241 NULL pointer dereference in zendmmallocsmall. Laruence - Fixed bug php75236 infinite loop when printing an error-message. Andrea - Fixed bug php75252 Incorrect token formatting on two parse errors in one request. Nikita - Fixed bug php7522...
Cross site scripting
Persistent Cross Site Scripting XSS exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104...
CVE-2017-12572
CVE-2017-12572 affects Splunk Enterprise (versions <6.5.2 for 6.5.x, <6.4.6 for 6.4.x, <6.3.9 for 6.3.x) and Splunk Light (
The vulnerability of the implementation of SplObjectStorage in ext/spl/spl_observer.c, the PHP interpreter, allows a hacker to trigger a service failure or execute arbitrary code.
The vulnerability of the SplObjectStorage service implementation in the ext/spl/splobserver.c file of the PHP interpreter arises due to the execution of operations beyond the memory buffer boundaries. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a...
spl-oser.fr XSS vulnerability
Vulnerable URL: http://spl-oser.fr/?s=%3Cscript%3Ealert%27OPENBUGBOUNTY%27%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 04.07.2017 Latest check for patch:| 04.07.2017 11:37 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...
Server side request forgery (ssrf)
Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via...
CVE-2016-10126
Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via...
CVE-2016-10126
CVE-2016-10126 affects Splunk Enterprise and Splunk Web: multiple 5.0.x/6.x releases are vulnerable to remote HTTP request injection that can leak REST API authentication tokens via unspecified vectors (aka SPL-128840). Affected versions include 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x bef...
php: Use After Free Vulnerability in PHP's GC algorithm and unserialize
splarray.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and application crash via crafted...
Fedora 25 : php (2016-dc5bf39fcf)
15 Sep 2016 PHP version 7.0.11 Core: - Fixed bug php72944 NULL pointer deref in zvaldelrefp. Dmitry - Fixed bug php72943 assigndim on string doesn't reset hval. Laruence - Fixed bug php72911 Memleak in zendbinaryassignopobjhelper. Laruence - Fixed bug php72813 Segfault with get returned by ref...
Fedora 23 : php (2016-0729e59542)
13 Oct 2016 - PHP version 5.6.27 Core: - Fixed bug php73025 Heap Buffer Overflow in virtualpopen of zendvirtualcwd.c. cmb - Fixed bug php73058 crypt broken when salt is 'too' long. Anatol - Fixed bug php72703 Out of bounds global memory read in BFcrypt triggered by passwordverify. Anatol - Fixed...
Fedora 23 : php (2016-db71b72137)
15 Sep 2016 PHP version 5.6.26 Core: - Fixed bug php72907 NULL pointer deref, segfault in gcremovezvalfrombuffer zendgc.c:260. Laruence Dba: - Fixed bug php71514 Bad dbareplace condition because of wrong API usage. cmb - Fixed bug php70825 Cannot fetch multiple values with group in ini file. cmb...
Fedora 24 : php (2016-62fc05fd68)
15 Sep 2016 PHP version 5.6.26 Core: - Fixed bug php72907 NULL pointer deref, segfault in gcremovezvalfrombuffer zendgc.c:260. Laruence Dba: - Fixed bug php71514 Bad dbareplace condition because of wrong API usage. cmb - Fixed bug php70825 Cannot fetch multiple values with group in ini file. cmb...