CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2016-0650 – mysql: unspecified vulnerability in subcomponent: Server: Replication (CPU April 2016)
https://notcve.org/view.php?id=CVE-2016-0650
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication. Vulnerabilidad no especificada en Oracle MySQL 5.5.47 y versiones anteriores, 5.6.28 y versiones anteriores y 5.7.10 y versiones anteriores y MariaDB en versiones anteriores a 5.5.48, 10.0.x en versiones anteriores a 10.0.24 y 10.1.x en versiones anteriores a 10.1.12 permite a usuarios locales afectar la disponibilidad a través de vectores relacionados con Replication. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html http://rhn.redhat.com/errata/RHSA-2016-0705.html http:&# •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2016-0647 – mysql: unspecified vulnerability in subcomponent: Server: FTS (CPU April 2016)
https://notcve.org/view.php?id=CVE-2016-0647
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS. Vulnerabilidad no especificada en Oracle MySQL 5.5.48 y versiones anteriores, 5.6.29 y versiones anteriores y 5.7.11 y versiones anteriores y MariaDB en versiones anteriores a 5.5.49, 10.0.x en versiones anteriores a 10.0.25 y 10.1.x en versiones anteriores a 10.1.14 permite a usuarios locales afectar la disponibilidad a través de vectores relacionados con FTS. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html http://rhn.redhat.com/errata/RHSA-2016-0705.html http:&# •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2016-0648 – mysql: unspecified vulnerability in subcomponent: Server: PS (CPU April 2016)
https://notcve.org/view.php?id=CVE-2016-0648
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS. Vulnerabilidad no especificada en Oracle MySQL 5.5.48 y versiones anteriores, 5.6.29 y versiones anteriores y 5.7.11 y versiones anteriores y MariaDB en versiones anteriores a 5.5.49, 10.0.x en versiones anteriores a 10.0.25 y 10.1.x en versiones anteriores a 10.1.14 permite a usuarios locales afectar la disponibilidad a través de vectores relacionados con PS. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html http://rhn.redhat.com/errata/RHSA-2016-0705.html http:&# •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2016-0644 – mysql: unspecified vulnerability in subcomponent: Server: DDL (CPU April 2016)
https://notcve.org/view.php?id=CVE-2016-0644
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL. Vulnerabilidad no especificada en Oracle MySQL 5.5.47 y versiones anteriores, 5.6.28 y versiones anteriores y 5.7.10 y versiones anteriores y MariaDB en versiones anteriores a 5.5.48, 10.0.x en versiones anteriores a 10.0.24 y 10.1.x en versiones anteriores a 10.1.12 permite a usuarios locales afectar la disponibilidad a través de vectores relacionados con DDL. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html http://rhn.redhat.com/errata/RHSA-2016-0705.html http:&# •
CVSS: 3.8EPSS: 0%CPEs: 33EXPL: 0CVE-2014-5240 – WordPress Core < 3.9.2 - Authenticated Cross-Site Scripting via Avatar URL
https://notcve.org/view.php?id=CVE-2014-5240
Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL. Vulnerabilidad de XSS en wp-includes/pluggable.php en WordPress anterior a 3.9.2, cuando Multisite está habilitado, permite a administradores remotos autenticados inyectar secuencias de comandos web o HTML, y obtener privilegios de super administración, a través de una URL avatar manipulada. • http://openwall.com/lists/oss-security/2014/08/13/3 http://www.debian.org/security/2014/dsa-3001 https://core.trac.wordpress.org/changeset/29398 https://wordpress.org/news/2014/08/wordpress-3-9-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •