[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2016:1638-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":184,"duplicates":185,"related":186,"reserved_at":9,"published_at":272,"modified_at":273,"state":9,"summary":274,"references_raw":276,"kevs":921,"epss":9,"epss_history":922,"metrics":923,"affected":924},"SUSE-SU-2016:1638-1","Security update for php53\n\nThis update for php53 to version 5.3.17 fixes the following issues:\n\nThese security issues were fixed:\n- CVE-2016-5093: get_icu_value_internal out-of-bounds read (bnc#982010).\n- CVE-2016-5094: Don't create strings with lengths outside int range (bnc#982011).\n- CVE-2016-5095: Don't create strings with lengths outside int range (bnc#982012).\n- CVE-2016-5096: int/size_t confusion in fread (bsc#982013).\n- CVE-2016-5114: fpm_log.c memory leak and buffer overflow (bnc#982162).\n- CVE-2015-8879: The odbc_bindcols function in ext/odbc/php_odbc.c in PHP mishandles driver behavior for SQL_WVARCHAR columns, which allowed remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table (bsc#981050).\n- CVE-2015-4116: Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP allowed remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation (bsc#980366).\n- CVE-2015-8874: Stack consumption vulnerability in GD in PHP allowed remote attackers to cause a denial of service via a crafted imagefilltoborder call (bsc#980375).\n- CVE-2015-8873: Stack consumption vulnerability in Zend/zend_exceptions.c in PHP allowed remote attackers to cause a denial of service (segmentation fault) via recursive method calls (bsc#980373).\n- CVE-2016-4540: The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset (bsc#978829).\n- CVE-2016-4541: The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset (bsc#978829.\n- CVE-2016-4542: The exif_process_IFD_TAG function in ext/exif/exif.c in PHP did not properly construct spprintf arguments, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830).\n- CVE-2016-4543: The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP did not validate IFD sizes, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830.\n- CVE-2016-4544: The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP did not validate TIFF start data, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header data (bsc#978830.\n- CVE-2016-4537: The bcpowmod function in ext/bcmath/bcmath.c in PHP accepted a negative integer for the scale argument, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call (bsc#978827).\n- CVE-2016-4538: The bcpowmod function in ext/bcmath/bcmath.c in PHP modified certain data structures without considering whether they are copies of the _zero_, _one_, or _two_ global variable, which allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call (bsc#978827).\n- CVE-2016-4539: The xml_parse_into_struct function in ext/xml/xml.c in PHP allowed remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument, leading to a parser level of zero (bsc#978828).\n- CVE-2016-4342: ext/phar/phar_object.c in PHP mishandles zero-length uncompressed data, which allowed remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive (bsc#977991).\n- CVE-2016-4346: Integer overflow in the str_pad function in ext/standard/string.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow (bsc#977994).\n- CVE-2016-4073: Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut call (bsc#977003).\n- CVE-2015-8867: The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP incorrectly relied on the deprecated RAND_pseudo_bytes function, which made it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors (bsc#977005).\n- CVE-2016-4070: Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP allowed remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function (bsc#976997).\n- CVE-2015-8866: ext/libxml/libxml.c in PHP when PHP-FPM is used, did not isolate each thread from libxml_disable_entity_loader changes in other threads, which allowed remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161 (bsc#976996).\n- CVE-2015-8838: ext/mysqlnd/mysqlnd.c in PHP used a client SSL option to mean that SSL is optional, which allowed man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152 (bsc#973792).\n- CVE-2015-8835: The make_http_soap_request function in ext/soap/php_http.c in PHP did not properly retrieve keys, which allowed remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c (bsc#973351).\n- CVE-2016-3141: Use-after-free vulnerability in wddx.c in the WDDX extension in PHP allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element (bsc#969821).\n- CVE-2016-3142: The phar_parse_zipfile function in zip.c in the PHAR extension in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\\x05\\x06 signature at an invalid location (bsc#971912).\n- CVE-2014-9767: Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP ext/zip/ext_zip.cpp in HHVM allowed remote attackers to create arbitrary empty directories via a crafted ZIP archive (bsc#971612).\n- CVE-2016-3185: The make_http_soap_request function in ext/soap/php_http.c in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c (bsc#971611).\n- CVE-2016-2554: Stack-based buffer overflow in ext/phar/tar.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive (bsc#968284).\n- CVE-2015-7803: The phar_get_entry_data function in ext/phar/util.c in PHP allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that did not exist (bsc#949961).\n- CVE-2015-6831: Multiple use-after-free vulnerabilities in SPL in PHP allowed remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization (bsc#942291).\n- CVE-2015-6833: Directory traversal vulnerability in the PharData class in PHP allowed remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call (bsc#942296.\n- CVE-2015-6836: The SoapClient __call method in ext/soap/soap.c in PHP did not properly manage headers, which allowed remote attackers to execute arbitrary code via crafted serialized data that triggers a 'type confusion' in the serialize_function_call function (bsc#945428).\n- CVE-2015-6837: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider the possibility of a NULL valuePop return value proceeding with a free operation during initial error checking, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838 (bsc#945412).\n- CVE-2015-6838: The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP when libxml2 is used, did not consider the possibility of a NULL valuePop return value proceeding with a free operation after the principal argument loop, which allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837 (bsc#945412).\n- CVE-2015-5590: Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension (bsc#938719).\n- CVE-2015-5589: The phar_convert_to_other function in ext/phar/phar_object.c in PHP did not validate a file pointer a close operation, which allowed remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call (bsc#938721).\n- CVE-2015-4602: The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a 'type confusion' issue (bsc#935224).\n- CVE-2015-4599: The SoapFault::__toString method in ext/soap/soap.c in PHP allowed remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a 'type confusion' issue (bsc#935226).\n- CVE-2015-4600: The SoapClient implementation in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to 'type confusion' issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods (bsc#935226).\n- CVE-2015-4601: PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to 'type confusion' issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600 (bsc#935226.\n- CVE-2015-4603: The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP allowed remote attackers to execute arbitrary code via an unexpected data type, related to a 'type confusion' issue (bsc#935234).\n- CVE-2015-4644: The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP did not validate token extraction for table names, which might allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352 (bsc#935274).\n- CVE-2015-4643: Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022 (bsc#935275).\n- CVE-2015-3411: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\\0.xml attack that bypasses an intended configuration in which client users may read only .xml files (bsc#935227).\n- CVE-2015-3412: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension (bsc#935229).\n- CVE-2015-4598: PHP did not ensure that pathnames lack %00 sequences, which might have allowed remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\\0.html attack that bypasses an intended configuration in which client users may write to only .html files (bsc#935232).\n- CVE-2015-4148: The do_soap_call function in ext/soap/soap.c in PHP did not verify that the uri property is a string, which allowed remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a 'type confusion' issue (bsc#933227).\n- CVE-2015-4024: Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP allowed remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome (bsc#931421).\n- CVE-2015-4026: The pcntl_exec implementation in PHP truncates a pathname upon encountering a \\x00 character, which might allowed remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243 (bsc#931776).\n- CVE-2015-4022: Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP allowed remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow (bsc#931772).\n- CVE-2015-4021: The phar_parse_tarfile function in ext/phar/tar.c in PHP did not verify that the first character of a filename is different from the \\0 character, which allowed remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive (bsc#931769).\n- CVE-2015-3329: Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP allowed remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive (bsc#928506).\n- CVE-2015-2783: ext/phar/phar.c in PHP allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions (bsc#928511).\n- CVE-2015-2787: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231 (bsc#924972).\n- CVE-2014-9709: The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP allowed remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function (bsc#923945).\n- CVE-2015-2301: Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP allowed remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file (bsc#922452).\n- CVE-2015-2305: Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) 32-bit platforms might have allowed context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow (bsc#921950).\n- CVE-2014-9705: Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP allowed remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries (bsc#922451).\n- CVE-2015-0273: Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP allowed remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function (bsc#918768).\n- CVE-2014-9652: The mconvert function in softmagic.c in file as used in the Fileinfo component in PHP did not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allowed remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file (bsc#917150).\n- CVE-2014-8142: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 (bsc#910659).\n- CVE-2015-0231: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (bsc#910659).\n- CVE-2014-8142: Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP allowed remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019 (bsc#910659).\n- CVE-2015-0232: The exif_process_unicode function in ext/exif/exif.c in PHP allowed remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image (bsc#914690).\n- CVE-2014-3670: The exif_ifd_make_value function in exif.c in the EXIF extension in PHP operates on floating-point arrays incorrectly, which allowed remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function (bsc#902357).\n- CVE-2014-3669: Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP allowed remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value (bsc#902360).\n- CVE-2014-3668: Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP allowed remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation (bsc#902368).\n- CVE-2014-5459: The PEAR_REST class in REST.php in PEAR in PHP allowed local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions  (bsc#893849).\n- CVE-2014-3597: Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP allowed remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049 (bsc#893853).\n- CVE-2014-4670: Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments  (bsc#886059).\n- CVE-2014-4698: Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP allowed context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments  (bsc#886060).\n- CVE-2014-4721: The phpinfo implementation in ext/standard/info.c in PHP did not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allowed context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a 'type confusion' vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php (bsc#885961).\n- CVE-2014-0207: The cdf_read_short_sector function in cdf.c in file as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file (bsc#884986).\n- CVE-2014-3478: Buffer overflow in the mconvert function in softmagic.c in file as used in the Fileinfo component in PHP allowed remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion (bsc#884987).\n- CVE-2014-3479: The cdf_check_stream_offset function in cdf.c in file as used in the Fileinfo component in PHP relies on incorrect sector-size data, which allowed remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file (bsc#884989).\n- CVE-2014-3480: The cdf_count_chain function in cdf.c in file as used in the Fileinfo component in PHP did not properly validate sector-count data, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file (bsc#884990).\n- CVE-2014-3487: The cdf_read_property_info function in file as used in the Fileinfo component in PHP did not properly validate a stream offset, which allowed remote attackers to cause a denial of service (application crash) via a crafted CDF file (bsc#884991).\n- CVE-2014-3515: The SPL component in PHP incorrectly anticipates that certain data structures will have the array data type after unserialization, which allowed remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to 'type confusion' issues in (1) ArrayObject and (2) SPLObjectStorage (bsc#884992).\n\nThese non-security issues were fixed:\n- bnc#935074: compare with SQL_NULL_DATA correctly\n- bnc#935074: fix segfault in odbc_fetch_array\n- bnc#919080: fix timezone map\n- bnc#925109: unserialize SoapClient type confusion\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124,126,128,130,132,134,136,138,140,142,144,146,148,150,152,154,156,158,160,162,164,166,168,170,172,174,176,178,180,182],{"_key":15},"CVE-2004-1019",{"_key":17},"CVE-2006-7243",{"_key":19},"CVE-2014-0207",{"_key":21},"CVE-2014-3478",{"_key":23},"CVE-2014-3479",{"_key":25},"CVE-2014-3480",{"_key":27},"CVE-2014-3487",{"_key":29},"CVE-2014-3515",{"_key":31},"CVE-2014-3597",{"_key":33},"CVE-2014-3668",{"_key":35},"CVE-2014-3669",{"_key":37},"CVE-2014-3670",{"_key":39},"CVE-2014-4049",{"_key":41},"CVE-2014-4670",{"_key":43},"CVE-2014-4698",{"_key":45},"CVE-2014-4721",{"_key":47},"CVE-2014-5459",{"_key":49},"CVE-2014-8142",{"_key":51},"CVE-2014-9652",{"_key":53},"CVE-2014-9705",{"_key":55},"CVE-2014-9709",{"_key":57},"CVE-2014-9767",{"_key":59},"CVE-2015-0231",{"_key":61},"CVE-2015-0232",{"_key":63},"CVE-2015-0273",{"_key":65},"CVE-2015-1352",{"_key":67},"CVE-2015-2301",{"_key":69},"CVE-2015-2305",{"_key":71},"CVE-2015-2783",{"_key":73},"CVE-2015-2787",{"_key":75},"CVE-2015-3152",{"_key":77},"CVE-2015-3329",{"_key":79},"CVE-2015-3411",{"_key":81},"CVE-2015-3412",{"_key":83},"CVE-2015-4021",{"_key":85},"CVE-2015-4022",{"_key":87},"CVE-2015-4024",{"_key":89},"CVE-2015-4026",{"_key":91},"CVE-2015-4116",{"_key":93},"CVE-2015-4148",{"_key":95},"CVE-2015-4598",{"_key":97},"CVE-2015-4599",{"_key":99},"CVE-2015-4600",{"_key":101},"CVE-2015-4601",{"_key":103},"CVE-2015-4602",{"_key":105},"CVE-2015-4603",{"_key":107},"CVE-2015-4643",{"_key":109},"CVE-2015-4644",{"_key":111},"CVE-2015-5161",{"_key":113},"CVE-2015-5589",{"_key":115},"CVE-2015-5590",{"_key":117},"CVE-2015-6831",{"_key":119},"CVE-2015-6833",{"_key":121},"CVE-2015-6836",{"_key":123},"CVE-2015-6837",{"_key":125},"CVE-2015-6838",{"_key":127},"CVE-2015-7803",{"_key":129},"CVE-2015-8835",{"_key":131},"CVE-2015-8838",{"_key":133},"CVE-2015-8866",{"_key":135},"CVE-2015-8867",{"_key":137},"CVE-2015-8873",{"_key":139},"CVE-2015-8874",{"_key":141},"CVE-2015-8879",{"_key":143},"CVE-2016-2554",{"_key":145},"CVE-2016-3141",{"_key":147},"CVE-2016-3142",{"_key":149},"CVE-2016-3185",{"_key":151},"CVE-2016-4070",{"_key":153},"CVE-2016-4073",{"_key":155},"CVE-2016-4342",{"_key":157},"CVE-2016-4346",{"_key":159},"CVE-2016-4537",{"_key":161},"CVE-2016-4538",{"_key":163},"CVE-2016-4539",{"_key":165},"CVE-2016-4540",{"_key":167},"CVE-2016-4541",{"_key":169},"CVE-2016-4542",{"_key":171},"CVE-2016-4543",{"_key":173},"CVE-2016-4544",{"_key":175},"CVE-2016-5093",{"_key":177},"CVE-2016-5094",{"_key":179},"CVE-2016-5095",{"_key":181},"CVE-2016-5096",{"_key":183},"CVE-2016-5114",[],[],[187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":77},{"_key":79},{"_key":81},{"_key":83},{"_key":85},{"_key":87},{"_key":89},{"_key":91},{"_key":93},{"_key":95},{"_key":97},{"_key":99},{"_key":101},{"_key":103},{"_key":105},{"_key":107},{"_key":109},{"_key":111},{"_key":113},{"_key":115},{"_key":117},{"_key":119},{"_key":121},{"_key":123},{"_key":125},{"_key":127},{"_key":129},{"_key":131},{"_key":133},{"_key":135},{"_key":137},{"_key":139},{"_key":141},{"_key":143},{"_key":145},{"_key":147},{"_key":149},{"_key":151},{"_key":153},{"_key":155},{"_key":157},{"_key":159},{"_key":161},{"_key":163},{"_key":165},{"_key":167},{"_key":169},{"_key":171},{"_key":173},{"_key":175},{"_key":177},{"_key":179},{"_key":181},{"_key":183},"2016-06-21T07:55:52Z","2026-02-04T03:27:02.742506Z",{"cisa_kev":275,"cisa_ransomware":275,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[277,283,288,292,296,300,304,308,312,316,320,324,328,332,336,340,344,348,352,356,360,364,368,372,376,380,384,388,392,396,400,404,408,412,416,420,424,428,432,436,440,444,448,452,456,460,464,468,472,476,480,484,488,492,496,500,504,508,512,516,520,524,528,532,536,540,544,548,552,556,560,564,568,572,576,580,585,589,593,597,601,605,609,613,617,621,625,629,633,637,641,645,649,653,657,661,665,669,673,677,681,685,689,693,697,701,705,709,713,717,721,725,729,733,737,741,745,749,753,757,761,765,769,773,777,781,785,789,793,797,801,805,809,813,817,821,825,829,833,837,841,845,849,853,857,861,865,869,873,877,881,885,889,893,897,901,905,909,913,917],{"url":278,"sources":279,"tags":281},"https://www.suse.com/support/update/announcement/2016/suse-su-20161638-1/",[280],"osv_suse",[282],"Advisory",{"url":284,"sources":285,"tags":286},"https://bugzilla.suse.com/884986",[280],[287],"REPORT",{"url":289,"sources":290,"tags":291},"https://bugzilla.suse.com/884987",[280],[287],{"url":293,"sources":294,"tags":295},"https://bugzilla.suse.com/884989",[280],[287],{"url":297,"sources":298,"tags":299},"https://bugzilla.suse.com/884990",[280],[287],{"url":301,"sources":302,"tags":303},"https://bugzilla.suse.com/884991",[280],[287],{"url":305,"sources":306,"tags":307},"https://bugzilla.suse.com/884992",[280],[287],{"url":309,"sources":310,"tags":311},"https://bugzilla.suse.com/885961",[280],[287],{"url":313,"sources":314,"tags":315},"https://bugzilla.suse.com/886059",[280],[287],{"url":317,"sources":318,"tags":319},"https://bugzilla.suse.com/886060",[280],[287],{"url":321,"sources":322,"tags":323},"https://bugzilla.suse.com/893849",[280],[287],{"url":325,"sources":326,"tags":327},"https://bugzilla.suse.com/893853",[280],[287],{"url":329,"sources":330,"tags":331},"https://bugzilla.suse.com/902357",[280],[287],{"url":333,"sources":334,"tags":335},"https://bugzilla.suse.com/902360",[280],[287],{"url":337,"sources":338,"tags":339},"https://bugzilla.suse.com/902368",[280],[287],{"url":341,"sources":342,"tags":343},"https://bugzilla.suse.com/910659",[280],[287],{"url":345,"sources":346,"tags":347},"https://bugzilla.suse.com/914690",[280],[287],{"url":349,"sources":350,"tags":351},"https://bugzilla.suse.com/917150",[280],[287],{"url":353,"sources":354,"tags":355},"https://bugzilla.suse.com/918768",[280],[287],{"url":357,"sources":358,"tags":359},"https://bugzilla.suse.com/919080",[280],[287],{"url":361,"sources":362,"tags":363},"https://bugzilla.suse.com/921950",[280],[287],{"url":365,"sources":366,"tags":367},"https://bugzilla.suse.com/922451",[280],[287],{"url":369,"sources":370,"tags":371},"https://bugzilla.suse.com/922452",[280],[287],{"url":373,"sources":374,"tags":375},"https://bugzilla.suse.com/923945",[280],[287],{"url":377,"sources":378,"tags":379},"https://bugzilla.suse.com/924972",[280],[287],{"url":381,"sources":382,"tags":383},"https://bugzilla.suse.com/925109",[280],[287],{"url":385,"sources":386,"tags":387},"https://bugzilla.suse.com/928506",[280],[287],{"url":389,"sources":390,"tags":391},"https://bugzilla.suse.com/928511",[280],[287],{"url":393,"sources":394,"tags":395},"https://bugzilla.suse.com/931421",[280],[287],{"url":397,"sources":398,"tags":399},"https://bugzilla.suse.com/931769",[280],[287],{"url":401,"sources":402,"tags":403},"https://bugzilla.suse.com/931772",[280],[287],{"url":405,"sources":406,"tags":407},"https://bugzilla.suse.com/931776",[280],[287],{"url":409,"sources":410,"tags":411},"https://bugzilla.suse.com/933227",[280],[287],{"url":413,"sources":414,"tags":415},"https://bugzilla.suse.com/935074",[280],[287],{"url":417,"sources":418,"tags":419},"https://bugzilla.suse.com/935224",[280],[287],{"url":421,"sources":422,"tags":423},"https://bugzilla.suse.com/935226",[280],[287],{"url":425,"sources":426,"tags":427},"https://bugzilla.suse.com/935227",[280],[287],{"url":429,"sources":430,"tags":431},"https://bugzilla.suse.com/935229",[280],[287],{"url":433,"sources":434,"tags":435},"https://bugzilla.suse.com/935232",[280],[287],{"url":437,"sources":438,"tags":439},"https://bugzilla.suse.com/935234",[280],[287],{"url":441,"sources":442,"tags":443},"https://bugzilla.suse.com/935274",[280],[287],{"url":445,"sources":446,"tags":447},"https://bugzilla.suse.com/935275",[280],[287],{"url":449,"sources":450,"tags":451},"https://bugzilla.suse.com/938719",[280],[287],{"url":453,"sources":454,"tags":455},"https://bugzilla.suse.com/938721",[280],[287],{"url":457,"sources":458,"tags":459},"https://bugzilla.suse.com/942291",[280],[287],{"url":461,"sources":462,"tags":463},"https://bugzilla.suse.com/942296",[280],[287],{"url":465,"sources":466,"tags":467},"https://bugzilla.suse.com/945412",[280],[287],{"url":469,"sources":470,"tags":471},"https://bugzilla.suse.com/945428",[280],[287],{"url":473,"sources":474,"tags":475},"https://bugzilla.suse.com/949961",[280],[287],{"url":477,"sources":478,"tags":479},"https://bugzilla.suse.com/968284",[280],[287],{"url":481,"sources":482,"tags":483},"https://bugzilla.suse.com/969821",[280],[287],{"url":485,"sources":486,"tags":487},"https://bugzilla.suse.com/971611",[280],[287],{"url":489,"sources":490,"tags":491},"https://bugzilla.suse.com/971612",[280],[287],{"url":493,"sources":494,"tags":495},"https://bugzilla.suse.com/971912",[280],[287],{"url":497,"sources":498,"tags":499},"https://bugzilla.suse.com/973351",[280],[287],{"url":501,"sources":502,"tags":503},"https://bugzilla.suse.com/973792",[280],[287],{"url":505,"sources":506,"tags":507},"https://bugzilla.suse.com/976996",[280],[287],{"url":509,"sources":510,"tags":511},"https://bugzilla.suse.com/976997",[280],[287],{"url":513,"sources":514,"tags":515},"https://bugzilla.suse.com/977003",[280],[287],{"url":517,"sources":518,"tags":519},"https://bugzilla.suse.com/977005",[280],[287],{"url":521,"sources":522,"tags":523},"https://bugzilla.suse.com/977991",[280],[287],{"url":525,"sources":526,"tags":527},"https://bugzilla.suse.com/977994",[280],[287],{"url":529,"sources":530,"tags":531},"https://bugzilla.suse.com/978827",[280],[287],{"url":533,"sources":534,"tags":535},"https://bugzilla.suse.com/978828",[280],[287],{"url":537,"sources":538,"tags":539},"https://bugzilla.suse.com/978829",[280],[287],{"url":541,"sources":542,"tags":543},"https://bugzilla.suse.com/978830",[280],[287],{"url":545,"sources":546,"tags":547},"https://bugzilla.suse.com/980366",[280],[287],{"url":549,"sources":550,"tags":551},"https://bugzilla.suse.com/980373",[280],[287],{"url":553,"sources":554,"tags":555},"https://bugzilla.suse.com/980375",[280],[287],{"url":557,"sources":558,"tags":559},"https://bugzilla.suse.com/981050",[280],[287],{"url":561,"sources":562,"tags":563},"https://bugzilla.suse.com/982010",[280],[287],{"url":565,"sources":566,"tags":567},"https://bugzilla.suse.com/982011",[280],[287],{"url":569,"sources":570,"tags":571},"https://bugzilla.suse.com/982012",[280],[287],{"url":573,"sources":574,"tags":575},"https://bugzilla.suse.com/982013",[280],[287],{"url":577,"sources":578,"tags":579},"https://bugzilla.suse.com/982162",[280],[287],{"url":581,"sources":582,"tags":583},"https://www.suse.com/security/cve/CVE-2004-1019",[280],[584],"WEB",{"url":586,"sources":587,"tags":588},"https://www.suse.com/security/cve/CVE-2006-7243",[280],[584],{"url":590,"sources":591,"tags":592},"https://www.suse.com/security/cve/CVE-2014-0207",[280],[584],{"url":594,"sources":595,"tags":596},"https://www.suse.com/security/cve/CVE-2014-3478",[280],[584],{"url":598,"sources":599,"tags":600},"https://www.suse.com/security/cve/CVE-2014-3479",[280],[584],{"url":602,"sources":603,"tags":604},"https://www.suse.com/security/cve/CVE-2014-3480",[280],[584],{"url":606,"sources":607,"tags":608},"https://www.suse.com/security/cve/CVE-2014-3487",[280],[584],{"url":610,"sources":611,"tags":612},"https://www.suse.com/security/cve/CVE-2014-3515",[280],[584],{"url":614,"sources":615,"tags":616},"https://www.suse.com/security/cve/CVE-2014-3597",[280],[584],{"url":618,"sources":619,"tags":620},"https://www.suse.com/security/cve/CVE-2014-3668",[280],[584],{"url":622,"sources":623,"tags":624},"https://www.suse.com/security/cve/CVE-2014-3669",[280],[584],{"url":626,"sources":627,"tags":628},"https://www.suse.com/security/cve/CVE-2014-3670",[280],[584],{"url":630,"sources":631,"tags":632},"https://www.suse.com/security/cve/CVE-2014-4049",[280],[584],{"url":634,"sources":635,"tags":636},"https://www.suse.com/security/cve/CVE-2014-4670",[280],[584],{"url":638,"sources":639,"tags":640},"https://www.suse.com/security/cve/CVE-2014-4698",[280],[584],{"url":642,"sources":643,"tags":644},"https://www.suse.com/security/cve/CVE-2014-4721",[280],[584],{"url":646,"sources":647,"tags":648},"https://www.suse.com/security/cve/CVE-2014-5459",[280],[584],{"url":650,"sources":651,"tags":652},"https://www.suse.com/security/cve/CVE-2014-8142",[280],[584],{"url":654,"sources":655,"tags":656},"https://www.suse.com/security/cve/CVE-2014-9652",[280],[584],{"url":658,"sources":659,"tags":660},"https://www.suse.com/security/cve/CVE-2014-9705",[280],[584],{"url":662,"sources":663,"tags":664},"https://www.suse.com/security/cve/CVE-2014-9709",[280],[584],{"url":666,"sources":667,"tags":668},"https://www.suse.com/security/cve/CVE-2014-9767",[280],[584],{"url":670,"sources":671,"tags":672},"https://www.suse.com/security/cve/CVE-2015-0231",[280],[584],{"url":674,"sources":675,"tags":676},"https://www.suse.com/security/cve/CVE-2015-0232",[280],[584],{"url":678,"sources":679,"tags":680},"https://www.suse.com/security/cve/CVE-2015-0273",[280],[584],{"url":682,"sources":683,"tags":684},"https://www.suse.com/security/cve/CVE-2015-1352",[280],[584],{"url":686,"sources":687,"tags":688},"https://www.suse.com/security/cve/CVE-2015-2301",[280],[584],{"url":690,"sources":691,"tags":692},"https://www.suse.com/security/cve/CVE-2015-2305",[280],[584],{"url":694,"sources":695,"tags":696},"https://www.suse.com/security/cve/CVE-2015-2783",[280],[584],{"url":698,"sources":699,"tags":700},"https://www.suse.com/security/cve/CVE-2015-2787",[280],[584],{"url":702,"sources":703,"tags":704},"https://www.suse.com/security/cve/CVE-2015-3152",[280],[584],{"url":706,"sources":707,"tags":708},"https://www.suse.com/security/cve/CVE-2015-3329",[280],[584],{"url":710,"sources":711,"tags":712},"https://www.suse.com/security/cve/CVE-2015-3411",[280],[584],{"url":714,"sources":715,"tags":716},"https://www.suse.com/security/cve/CVE-2015-3412",[280],[584],{"url":718,"sources":719,"tags":720},"https://www.suse.com/security/cve/CVE-2015-4021",[280],[584],{"url":722,"sources":723,"tags":724},"https://www.suse.com/security/cve/CVE-2015-4022",[280],[584],{"url":726,"sources":727,"tags":728},"https://www.suse.com/security/cve/CVE-2015-4024",[280],[584],{"url":730,"sources":731,"tags":732},"https://www.suse.com/security/cve/CVE-2015-4026",[280],[584],{"url":734,"sources":735,"tags":736},"https://www.suse.com/security/cve/CVE-2015-4116",[280],[584],{"url":738,"sources":739,"tags":740},"https://www.suse.com/security/cve/CVE-2015-4148",[280],[584],{"url":742,"sources":743,"tags":744},"https://www.suse.com/security/cve/CVE-2015-4598",[280],[584],{"url":746,"sources":747,"tags":748},"https://www.suse.com/security/cve/CVE-2015-4599",[280],[584],{"url":750,"sources":751,"tags":752},"https://www.suse.com/security/cve/CVE-2015-4600",[280],[584],{"url":754,"sources":755,"tags":756},"https://www.suse.com/security/cve/CVE-2015-4601",[280],[584],{"url":758,"sources":759,"tags":760},"https://www.suse.com/security/cve/CVE-2015-4602",[280],[584],{"url":762,"sources":763,"tags":764},"https://www.suse.com/security/cve/CVE-2015-4603",[280],[584],{"url":766,"sources":767,"tags":768},"https://www.suse.com/security/cve/CVE-2015-4643",[280],[584],{"url":770,"sources":771,"tags":772},"https://www.suse.com/security/cve/CVE-2015-4644",[280],[584],{"url":774,"sources":775,"tags":776},"https://www.suse.com/security/cve/CVE-2015-5161",[280],[584],{"url":778,"sources":779,"tags":780},"https://www.suse.com/security/cve/CVE-2015-5589",[280],[584],{"url":782,"sources":783,"tags":784},"https://www.suse.com/security/cve/CVE-2015-5590",[280],[584],{"url":786,"sources":787,"tags":788},"https://www.suse.com/security/cve/CVE-2015-6831",[280],[584],{"url":790,"sources":791,"tags":792},"https://www.suse.com/security/cve/CVE-2015-6833",[280],[584],{"url":794,"sources":795,"tags":796},"https://www.suse.com/security/cve/CVE-2015-6836",[280],[584],{"url":798,"sources":799,"tags":800},"https://www.suse.com/security/cve/CVE-2015-6837",[280],[584],{"url":802,"sources":803,"tags":804},"https://www.suse.com/security/cve/CVE-2015-6838",[280],[584],{"url":806,"sources":807,"tags":808},"https://www.suse.com/security/cve/CVE-2015-7803",[280],[584],{"url":810,"sources":811,"tags":812},"https://www.suse.com/security/cve/CVE-2015-8835",[280],[584],{"url":814,"sources":815,"tags":816},"https://www.suse.com/security/cve/CVE-2015-8838",[280],[584],{"url":818,"sources":819,"tags":820},"https://www.suse.com/security/cve/CVE-2015-8866",[280],[584],{"url":822,"sources":823,"tags":824},"https://www.suse.com/security/cve/CVE-2015-8867",[280],[584],{"url":826,"sources":827,"tags":828},"https://www.suse.com/security/cve/CVE-2015-8873",[280],[584],{"url":830,"sources":831,"tags":832},"https://www.suse.com/security/cve/CVE-2015-8874",[280],[584],{"url":834,"sources":835,"tags":836},"https://www.suse.com/security/cve/CVE-2015-8879",[280],[584],{"url":838,"sources":839,"tags":840},"https://www.suse.com/security/cve/CVE-2016-2554",[280],[584],{"url":842,"sources":843,"tags":844},"https://www.suse.com/security/cve/CVE-2016-3141",[280],[584],{"url":846,"sources":847,"tags":848},"https://www.suse.com/security/cve/CVE-2016-3142",[280],[584],{"url":850,"sources":851,"tags":852},"https://www.suse.com/security/cve/CVE-2016-3185",[280],[584],{"url":854,"sources":855,"tags":856},"https://www.suse.com/security/cve/CVE-2016-4070",[280],[584],{"url":858,"sources":859,"tags":860},"https://www.suse.com/security/cve/CVE-2016-4073",[280],[584],{"url":862,"sources":863,"tags":864},"https://www.suse.com/security/cve/CVE-2016-4342",[280],[584],{"url":866,"sources":867,"tags":868},"https://www.suse.com/security/cve/CVE-2016-4346",[280],[584],{"url":870,"sources":871,"tags":872},"https://www.suse.com/security/cve/CVE-2016-4537",[280],[584],{"url":874,"sources":875,"tags":876},"https://www.suse.com/security/cve/CVE-2016-4538",[280],[584],{"url":878,"sources":879,"tags":880},"https://www.suse.com/security/cve/CVE-2016-4539",[280],[584],{"url":882,"sources":883,"tags":884},"https://www.suse.com/security/cve/CVE-2016-4540",[280],[584],{"url":886,"sources":887,"tags":888},"https://www.suse.com/security/cve/CVE-2016-4541",[280],[584],{"url":890,"sources":891,"tags":892},"https://www.suse.com/security/cve/CVE-2016-4542",[280],[584],{"url":894,"sources":895,"tags":896},"https://www.suse.com/security/cve/CVE-2016-4543",[280],[584],{"url":898,"sources":899,"tags":900},"https://www.suse.com/security/cve/CVE-2016-4544",[280],[584],{"url":902,"sources":903,"tags":904},"https://www.suse.com/security/cve/CVE-2016-5093",[280],[584],{"url":906,"sources":907,"tags":908},"https://www.suse.com/security/cve/CVE-2016-5094",[280],[584],{"url":910,"sources":911,"tags":912},"https://www.suse.com/security/cve/CVE-2016-5095",[280],[584],{"url":914,"sources":915,"tags":916},"https://www.suse.com/security/cve/CVE-2016-5096",[280],[584],{"url":918,"sources":919,"tags":920},"https://www.suse.com/security/cve/CVE-2016-5114",[280],[584],[],[],[],[925],{"ecosystem":926,"name":927,"vendor":928,"product":929,"cpe_part":9,"purl_type":930,"purl_namespace":928,"purl_name":929,"source":9,"versions":931},"SUSE Linux Enterprise","php53","suse","php53&distro=SUSE Linux Enterprise Server 11 SP2-LTSS","rpm",[932],{"version":933,"is_range":934,"range_type":935,"version_start":9,"version_start_type":9,"version_end":936,"version_end_type":937,"fixed_in":9},"lt5_3_17_47_1",true,"ecosystem","5.3.17-47.1","excluding"]