CVSS: 6.1EPSS: 0%CPEs: 62EXPL: 0CVE-2016-5731 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5731
03 Jul 2016 — Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. Vulnerabilidad de XSS en examples/openid.php en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.16, 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones anteriores a 4.6.3 permiten a atacantes remotos inyectar comandos de secuencias web o HTML... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 62EXPL: 0CVE-2016-5733 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5733
03 Jul 2016 — Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the ch... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 62EXPL: 0CVE-2016-5739 – Gentoo Linux Security Advisory 201701-32
https://notcve.org/view.php?id=CVE-2016-5739
03 Jul 2016 — The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php. La implementación de Transformation en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.16, 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones an... • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-5301
https://notcve.org/view.php?id=CVE-2016-5301
30 Jun 2016 — The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast. La función parse_chunk_header en libtorrent en versiones anteriores a 1.1.1 permite a atacantes remotos provocar una denegación de servicio (caída) a través de (1) una respuesta HTTP o posiblemente (2) una difusión UPnP manipuladas. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00079.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 12%CPEs: 6EXPL: 1CVE-2016-5770 – php: Int/size_t confusion in SplFileObject::fread
https://notcve.org/view.php?id=CVE-2016-5770
26 Jun 2016 — Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large integer argument, a related issue to CVE-2016-5096. Desbordamiento de entero en la función SplFileObject::fread en spl_directory.c en la extensión SPL en PHP en versiones anteriores a 5.5.37 y 5.6.x en versiones anteriores 5.6.23 permite a atacantes remotos provocar... • http://github.com/php/php-src/commit/7245bff300d3fa8bacbef7897ff080a6f1c23eba?w=1 • CWE-190: Integer Overflow or Wraparound CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 20%CPEs: 6EXPL: 1CVE-2016-5771 – php: Use After Free Vulnerability in PHP's GC algorithm and unserialize
https://notcve.org/view.php?id=CVE-2016-5771
26 Jun 2016 — spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data. spl_array.c en la extension SPL en PHP en versiones anteriores a 5.5.37 y 5.6.x en versiones anteriores a 5.6.23 interactúa incorrectamente con la implementación no serializada y la recolección de bas... • http://github.com/php/php-src/commit/3f627e580acfdaf0595ae3b115b8bec677f203ee?w=1 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 24%CPEs: 9EXPL: 1CVE-2016-5772 – php: Double Free Corruption in wddx_deserialize
https://notcve.org/view.php?id=CVE-2016-5772
26 Jun 2016 — Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call. Vulnerabilidad de liberación doble en la función php_wddx_process_data en wddx.c en la extensión WDDX en PHP en versiones anteriores a 5.5.37, 5.6.x en versiones anteriores a 5... • http://github.com/php/php-src/commit/a44c89e8af7c2410f4bfc5e097be2a5d0639a60c?w=1 • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2016-1704 – chromium-browser: various fixes from internal audits
https://notcve.org/view.php?id=CVE-2016-1704
21 Jun 2016 — Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome en versiones anteriores a 51.0.2704.103 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 51.0.2704.103. S... • http://googlechromereleases.blogspot.com/2016/06/stable-channel-update_16.html •
CVSS: 9.3EPSS: 2%CPEs: 29EXPL: 0CVE-2016-4122 – flash-plugin: multiple code execution issues fixed in APSB16-18
https://notcve.org/view.php?id=CVE-2016-4122
16 Jun 2016 — Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos... • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 2%CPEs: 29EXPL: 0CVE-2016-4123 – flash-plugin: multiple code execution issues fixed in APSB16-18
https://notcve.org/view.php?id=CVE-2016-4123
16 Jun 2016 — Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos... • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html • CWE-787: Out-of-bounds Write •