- Home
- CVEs with nessus.description==This update for php53 fixes several issues. These security issues were
fixed :
- CVE-2016-10712: In PHP all of the return values of
stream_get_meta_data could be controlled if the input
can be controlled (e.g., during file uploads).
(bsc#1080234)
- CVE-2018-5712: Prevent reflected XSS on the PHAR 404
error page via the URI of a request for a .phar file
that allowed for information disclosure (bsc#1076220)
- CVE-2018-5711: Prevent integer signedness error that
could have lead to an infinite loop via a crafted GIF
file allowing for DoS (bsc#1076391)
- CVE-2016-5773: php_zip.c in the zip extension in PHP
improperly interacted with the unserialize
implementation and garbage collection, which allowed
remote attackers to execute arbitrary code or cause a
denial of service (use-after-free and application crash)
via crafted serialized data containing a ZipArchive
object. (bsc#986247)
- CVE-2016-5771: spl_array.c in the SPL extension in PHP
improperly interacted with the unserialize
implementation and garbage collection, which allowed
remote attackers to execute arbitrary code or cause a
denial of service (use-after-free and application crash)
via crafted serialized data. (bsc#986391)
- CVE-2018-7584: Fixed stack-based buffer under-read while
parsing an HTTPresponse in the
php_stream_url_wrap_http_ex. (bsc#1083639)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top