CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-6161
https://notcve.org/view.php?id=CVE-2016-6161
The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image. La función de salida en gd_gif_out.c en GD Graphics Library (también conocida como libgd) permite a atacantes remotos causar una denegación de servicio (lectura fuera de límites) a través de una imagen manipulada. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html http://www.debian.org/security/2016/dsa-3619 http://www.openwall.com/lists/oss-security/2016/07/05/6 http://www.openwall.com/lists/oss-security/2016/07/05/7 http://www.ubuntu.com/usn/USN-3030-1 https://github.com/libgd/libgd/issues/209 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 3%CPEs: 9EXPL: 0CVE-2016-6128 – gd: Invalid color index not properly handled
https://notcve.org/view.php?id=CVE-2016-6128
The gdImageCropThreshold function in gd_crop.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 7.0.9, allows remote attackers to cause a denial of service (application crash) via an invalid color index. La función gdImageCropThreshold en gd_crop.c en la GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.2.3, como se utiliza en PHP en versiones anteriores a 7.0.9, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un índice de color invalido. It was found that libgd did not properly handle invalid color indexes in GD files. An attacker who could submit a crafted GD file for conversion could cause applications using libgd to crash, leading to denial of service. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00086.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html http://rhn.redhat.com/errata/RHSA-2016-2750.html http://www.debian.org/security/2016/dsa-3619 http://www.openwall.com/lists/oss-security/2016/06/30/1 http://www.securityfocus.com/bid/91509 http://www.securitytracker.com/id/1036276 http://www.ubuntu.com/usn/USN-3030-1 https://bugs.php.net/72494 https://github.com/libgd/libgd/commi • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 49EXPL: 0CVE-2016-5116
https://notcve.org/view.php?id=CVE-2016-5116
gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name. gd_xbm.c en la GD Graphics Library (también conocido como libgd) en versiones anteriores a 2.2.0, como se utiliza en ciertas configuraciones personalizadas PHP 5.5.x, permite a atacantes dependientes del contexto obtener información sensible del proceso de memoria o provocar una denegación de servicio (lectura debajo de desbordamiento de búfer basado en la pila y caída de aplicación) a través de un nombre largo. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00078.html http://www.debian.org/security/2016/dsa-3619 http://www.openwall.com/lists/oss-security/2016/05/29/5 http://www.ubuntu.com/usn/USN-3030-1 https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4 https://github.com/libgd/libgd/issues/211 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 62EXPL: 0CVE-2016-5701
https://notcve.org/view.php?id=CVE-2016-5701
setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI. setup/frames/index.inc.php en phpMyAdmin 4.0.10.x en versiones anteriores a 4.0.10.16, 4.4.15.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones anteriores a 4.6.3 permite a atacantes remotos llevar a cabo ataques de inyección BBCode contra sesiones HTTP a través de una URI manipulada. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html http://www.debian.org/security/2016/dsa-3627 http://www.securityfocus.com/bid/91383 https://github.com/phpmyadmin/phpmyadmin/commit/1dca386505f396f0c2035112a403cc80768a141f https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-17 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 62EXPL: 0CVE-2016-5731
https://notcve.org/view.php?id=CVE-2016-5731
Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message. Vulnerabilidad de XSS en examples/openid.php en phpMyAdmin 4.0.x en versiones anteriores a 4.0.10.16, 4.4.x en versiones anteriores a 4.4.15.7 y 4.6.x en versiones anteriores a 4.6.3 permiten a atacantes remotos inyectar comandos de secuencias web o HTML arbitrarios a través de vectores relacionados con un error de mensaje OpenID. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00113.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00114.html http://www.debian.org/security/2016/dsa-3627 https://github.com/phpmyadmin/phpmyadmin/commit/418aeea3d83b0b6021bac311d849570acfc6e48c https://github.com/phpmyadmin/phpmyadmin/commit/94cf3864254ffaf3a69e97d8fc454888368b94ab https://security.gentoo.org/glsa/201701-32 https://www.phpmyadmin.net/security/PMASA-2016-24 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •