php5 (SUSE:Linux Enterprise Server 11 SP2-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 11 SP2-LTSS package php5, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (15)
CVE-2016-6291 — CVSS 9.8 (critical): The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote…
CVE-2016-5769 — CVSS 9.8 (critical): Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote…
CVE-2016-5772 — CVSS 9.8 (critical): Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23…
CVE-2016-6290 — CVSS 9.8 (critical): ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data…
CVE-2016-6288 — CVSS 9.8 (critical): The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer…
CVE-2016-6296 — CVSS 9.8 (critical): Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38…
CVE-2016-6297 — CVSS 8.8 (high): Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before…
CVE-2016-5766 — CVSS 8.8 (high): Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before…
CVE-2016-5767 — CVSS 8.8 (high): Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before…
CVE-2016-5399 — CVSS 7.8 (high): The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a…
CVE-2016-6289 — CVSS 7.8 (high): Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9…
CVE-2015-6838 — CVSS 7.5 (high): The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when…
CVE-2015-6837 — CVSS 7.5 (high): The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when…
CVE-2015-6836 — CVSS 7.3 (high): The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage…
CVE-2015-8935 — CVSS 6.1 (medium): The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line…