Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-6606 (GCVE-0-2016-6606)
Vulnerability from cvelistv5 – Published: 2016-12-11 02:00 – Updated: 2024-08-06 01:36
VLAI?
EPSS
Summary
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phpmyadmin.net/security/PMASA-2016-29"
},
{
"name": "94114",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94114"
},
{
"name": "GLSA-201701-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-32"
},
{
"name": "[debian-lts-announce] 20190617 [SECURITY] [DLA 1821-1] phpmyadmin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user\u0027s browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-17T22:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phpmyadmin.net/security/PMASA-2016-29"
},
{
"name": "94114",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94114"
},
{
"name": "GLSA-201701-32",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-32"
},
{
"name": "[debian-lts-announce] 20190617 [SECURITY] [DLA 1821-1] phpmyadmin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user\u0027s browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.phpmyadmin.net/security/PMASA-2016-29",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-29"
},
{
"name": "94114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94114"
},
{
"name": "GLSA-201701-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-32"
},
{
"name": "[debian-lts-announce] 20190617 [SECURITY] [DLA 1821-1] phpmyadmin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6606",
"datePublished": "2016-12-11T02:00:00",
"dateReserved": "2016-08-06T00:00:00",
"dateUpdated": "2024-08-06T01:36:28.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13CD0228-728B-437A-84C1-BD7AFA52FFB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFF55485-9892-4E7B-AEE0-017E61EAA7C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6100FE3E-0A31-4B55-90F2-90AF765A8EB7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBAAC8D9-AAA5-487C-B4AA-84BAE5DB109E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E06B1D3-29B4-45B7-B81F-C864AF579011\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B2E3923-0E2B-411A-B091-088E6FF050D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1848C748-804D-4FE4-AB9C-B1BF9E58A19C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12296322-DFAD-4B36-83EC-D01BF5DF7F2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA321C14-C8F4-41FC-B601-2F646064ABBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54DBCF86-0CE8-46C4-B2E7-E3224765CCFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BF3DBC5-7020-48D0-ADEA-E71776DB2285\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"317F952E-5F12-4ED3-8FA3-FC1106B50F85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87B97F98-C0A7-4D9E-8333-7EE9EC456A12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A1E753D-5653-4D7A-8E41-6C02511EBFCE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"417230C7-0EC2-49F4-B810-A8AE84A302AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"103FEAB1-194E-4CEF-935A-4DBCCA298205\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5814003-9FF8-4F8E-9D90-A2BBB80B8451\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6D742A8-B9D0-4BC0-8E3E-E0FDCC1083FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16D28B77-9353-4259-9299-30638A78CCD4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C022292B-6E06-4328-842F-135A872D22AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F15F00FB-BB9B-4D54-B198-0A74D418B8DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC10AF20-7B65-4FAE-A2AD-783867D60A8D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EB7190C-0401-4E2E-B15F-4CFC79D5A4E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BED20D9-C571-4BC5-9A54-450A364C6E43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A2B646D-DDFC-4CB2-B7F4-0C33AF18D14F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CBF68B2-2BCF-4EEB-8A7C-D83DCAF1AFB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36B92C51-B51B-4538-8A2A-102881F8024C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F06DC95-76B1-4E24-A55F-1358A25ED0E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CA76CB4-6167-446A-8D4F-6D5B38046334\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8D28655-7F37-474D-A4E2-772AF24B94E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FA1951E-BD85-42BF-BF7F-79A14D165914\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D08BEE8-5ACF-438D-9F06-86C6227C9A5F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58DD0910-DBBA-4858-B9B1-FA93D08323D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50DA8EBE-52AA-45A5-A5FB-75AF84E415E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC8D93A3-8997-4EB9-A411-74B296D1341F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E5A81B2-E16F-4AE2-9691-92D3E8A25CCB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0245AF2D-F856-4CAA-A830-36D43026D1E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00BD9E52-A6BB-48BB-9FEE-D0272AD9B6DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C69E253E-157D-45BA-A977-079A49F74A72\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6325E2AE-BB86-4953-AA9E-0433C00B096E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C54B828-8B23-4C62-907E-8EE7E757B721\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02DD18C8-172B-41CD-87DD-58BDEC0D9418\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10666E30-D98A-47A9-881A-B281066F0EC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3993826B-CA66-4BC2-8E1B-06CF9230B214\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14928F51-761E-4FCA-B13C-A11530C7FC46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB761644-20F5-4E0D-B301-7809EAECA813\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"896439D0-6C98-44A6-8C9D-0D57D57782D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"978B828C-1FCB-4386-B685-5BEE5A8A500C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51A3261B-23BE-42D7-8A52-AE2E8C274A3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0B7EA51-27EC-4884-8D60-FB9477D2B91A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6C9F2CC-778B-4604-B463-7A1D3FB8B9C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B20C44D-0EF1-48F2-B0AA-C8FF0BD9E252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40F85FEC-427E-487D-997E-7EE359475876\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C825978-7E00-4C20-A806-0B968AA589AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34986C36-1C93-4DA8-A4C2-0CB8B24BAD3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B744FB8F-C58C-446C-B4B9-53548EBE12D3\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C641F362-D37D-47CB-BE6C-36E5F116F844\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85631B69-7060-42D1-AE24-466BA10EB390\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E62EDC79-47AA-4CED-AB7F-1E4D158EB653\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0B800AA-6290-4032-AA17-21025A19C392\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user\u0027s browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.\"}, {\"lang\": \"es\", \"value\": \"Se descubri\\u00f3 un problema en el cifrado de cookie en phpMyAdmin. El descifrado del nombre de usuario/contrase\\u00f1a es vulnerable a un ataque oracle de relleno. Esto puede permitir a un atacante que tenga acceso al archivo de cookies del usuario del navegador para descifrar el nombre de usuario y la contrase\\u00f1a. Adem\\u00e1s, se utiliza la el mismo vector de inicializaci\\u00f3n (IV) para hash del nombre de usuario y contrase\\u00f1a almacenados en la cookie de phpMyAdmin. Si un usuario tiene la misma contrase\\u00f1a que su nombre de usuario, un atacante que examine la cookie del navegador puede ver que son iguales, pero el atacante no puede decodificar directamente estos valores de la cookie ya que sigue siendo hash. Todas las versiones 4.6.x (anteriores a 4.6.4), versiones 4.4.x (anteriores a 4.4.15.8) y versiones 4.0.x (anteriores a 4.0.10.17) est\\u00e1n afectadas.\"}]",
"id": "CVE-2016-6606",
"lastModified": "2024-11-21T02:56:25.760",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2016-12-11T02:59:10.420",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/94114\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/201701-32\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.phpmyadmin.net/security/PMASA-2016-29\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/94114\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201701-32\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.phpmyadmin.net/security/PMASA-2016-29\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}, {\"lang\": \"en\", \"value\": \"CWE-310\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-6606\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-12-11T02:59:10.420\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user\u0027s browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en el cifrado de cookie en phpMyAdmin. El descifrado del nombre de usuario/contrase\u00f1a es vulnerable a un ataque oracle de relleno. Esto puede permitir a un atacante que tenga acceso al archivo de cookies del usuario del navegador para descifrar el nombre de usuario y la contrase\u00f1a. Adem\u00e1s, se utiliza la el mismo vector de inicializaci\u00f3n (IV) para hash del nombre de usuario y contrase\u00f1a almacenados en la cookie de phpMyAdmin. Si un usuario tiene la misma contrase\u00f1a que su nombre de usuario, un atacante que examine la cookie del navegador puede ver que son iguales, pero el atacante no puede decodificar directamente estos valores de la cookie ya que sigue siendo hash. Todas las versiones 4.6.x (anteriores a 4.6.4), versiones 4.4.x (anteriores a 4.4.15.8) y versiones 4.0.x (anteriores a 4.0.10.17) est\u00e1n afectadas.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13CD0228-728B-437A-84C1-BD7AFA52FFB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFF55485-9892-4E7B-AEE0-017E61EAA7C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6100FE3E-0A31-4B55-90F2-90AF765A8EB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBAAC8D9-AAA5-487C-B4AA-84BAE5DB109E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E06B1D3-29B4-45B7-B81F-C864AF579011\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B2E3923-0E2B-411A-B091-088E6FF050D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1848C748-804D-4FE4-AB9C-B1BF9E58A19C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12296322-DFAD-4B36-83EC-D01BF5DF7F2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA321C14-C8F4-41FC-B601-2F646064ABBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54DBCF86-0CE8-46C4-B2E7-E3224765CCFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BF3DBC5-7020-48D0-ADEA-E71776DB2285\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"317F952E-5F12-4ED3-8FA3-FC1106B50F85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87B97F98-C0A7-4D9E-8333-7EE9EC456A12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A1E753D-5653-4D7A-8E41-6C02511EBFCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"417230C7-0EC2-49F4-B810-A8AE84A302AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"103FEAB1-194E-4CEF-935A-4DBCCA298205\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5814003-9FF8-4F8E-9D90-A2BBB80B8451\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6D742A8-B9D0-4BC0-8E3E-E0FDCC1083FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16D28B77-9353-4259-9299-30638A78CCD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C022292B-6E06-4328-842F-135A872D22AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F15F00FB-BB9B-4D54-B198-0A74D418B8DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC10AF20-7B65-4FAE-A2AD-783867D60A8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EB7190C-0401-4E2E-B15F-4CFC79D5A4E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BED20D9-C571-4BC5-9A54-450A364C6E43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A2B646D-DDFC-4CB2-B7F4-0C33AF18D14F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CBF68B2-2BCF-4EEB-8A7C-D83DCAF1AFB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36B92C51-B51B-4538-8A2A-102881F8024C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F06DC95-76B1-4E24-A55F-1358A25ED0E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CA76CB4-6167-446A-8D4F-6D5B38046334\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8D28655-7F37-474D-A4E2-772AF24B94E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FA1951E-BD85-42BF-BF7F-79A14D165914\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D08BEE8-5ACF-438D-9F06-86C6227C9A5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58DD0910-DBBA-4858-B9B1-FA93D08323D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50DA8EBE-52AA-45A5-A5FB-75AF84E415E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC8D93A3-8997-4EB9-A411-74B296D1341F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E5A81B2-E16F-4AE2-9691-92D3E8A25CCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0245AF2D-F856-4CAA-A830-36D43026D1E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00BD9E52-A6BB-48BB-9FEE-D0272AD9B6DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C69E253E-157D-45BA-A977-079A49F74A72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6325E2AE-BB86-4953-AA9E-0433C00B096E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C54B828-8B23-4C62-907E-8EE7E757B721\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02DD18C8-172B-41CD-87DD-58BDEC0D9418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10666E30-D98A-47A9-881A-B281066F0EC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3993826B-CA66-4BC2-8E1B-06CF9230B214\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14928F51-761E-4FCA-B13C-A11530C7FC46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB761644-20F5-4E0D-B301-7809EAECA813\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"896439D0-6C98-44A6-8C9D-0D57D57782D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"978B828C-1FCB-4386-B685-5BEE5A8A500C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51A3261B-23BE-42D7-8A52-AE2E8C274A3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0B7EA51-27EC-4884-8D60-FB9477D2B91A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6C9F2CC-778B-4604-B463-7A1D3FB8B9C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B20C44D-0EF1-48F2-B0AA-C8FF0BD9E252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40F85FEC-427E-487D-997E-7EE359475876\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C825978-7E00-4C20-A806-0B968AA589AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34986C36-1C93-4DA8-A4C2-0CB8B24BAD3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B744FB8F-C58C-446C-B4B9-53548EBE12D3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C641F362-D37D-47CB-BE6C-36E5F116F844\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85631B69-7060-42D1-AE24-466BA10EB390\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E62EDC79-47AA-4CED-AB7F-1E4D158EB653\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0B800AA-6290-4032-AA17-21025A19C392\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/94114\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201701-32\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.phpmyadmin.net/security/PMASA-2016-29\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94114\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201701-32\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.phpmyadmin.net/security/PMASA-2016-29\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
OPENSUSE-SU-2024:10054-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
phpMyAdmin-4.6.5.2-1.1 on GA media
Notes
Title of the patch
phpMyAdmin-4.6.5.2-1.1 on GA media
Description of the patch
These are all security issues fixed in the phpMyAdmin-4.6.5.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10054
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "phpMyAdmin-4.6.5.2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the phpMyAdmin-4.6.5.2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10054",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10054-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-4107 page",
"url": "https://www.suse.com/security/cve/CVE-2011-4107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-4634 page",
"url": "https://www.suse.com/security/cve/CVE-2011-4634/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-4780 page",
"url": "https://www.suse.com/security/cve/CVE-2011-4780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2011-4782 page",
"url": "https://www.suse.com/security/cve/CVE-2011-4782/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-4219 page",
"url": "https://www.suse.com/security/cve/CVE-2012-4219/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-4345 page",
"url": "https://www.suse.com/security/cve/CVE-2012-4345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-5339 page",
"url": "https://www.suse.com/security/cve/CVE-2012-5339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-5368 page",
"url": "https://www.suse.com/security/cve/CVE-2012-5368/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-1937 page",
"url": "https://www.suse.com/security/cve/CVE-2013-1937/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-3238 page",
"url": "https://www.suse.com/security/cve/CVE-2013-3238/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-3239 page",
"url": "https://www.suse.com/security/cve/CVE-2013-3239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-3240 page",
"url": "https://www.suse.com/security/cve/CVE-2013-3240/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-3241 page",
"url": "https://www.suse.com/security/cve/CVE-2013-3241/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-3242 page",
"url": "https://www.suse.com/security/cve/CVE-2013-3242/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-4729 page",
"url": "https://www.suse.com/security/cve/CVE-2013-4729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-4995 page",
"url": "https://www.suse.com/security/cve/CVE-2013-4995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-4996 page",
"url": "https://www.suse.com/security/cve/CVE-2013-4996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-4997 page",
"url": "https://www.suse.com/security/cve/CVE-2013-4997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-4998 page",
"url": "https://www.suse.com/security/cve/CVE-2013-4998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-4999 page",
"url": "https://www.suse.com/security/cve/CVE-2013-4999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-5000 page",
"url": "https://www.suse.com/security/cve/CVE-2013-5000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-5001 page",
"url": "https://www.suse.com/security/cve/CVE-2013-5001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-5002 page",
"url": "https://www.suse.com/security/cve/CVE-2013-5002/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-5003 page",
"url": "https://www.suse.com/security/cve/CVE-2013-5003/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-5029 page",
"url": "https://www.suse.com/security/cve/CVE-2013-5029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-1879 page",
"url": "https://www.suse.com/security/cve/CVE-2014-1879/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4348 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4349 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4954 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4955 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4986 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-4987 page",
"url": "https://www.suse.com/security/cve/CVE-2014-4987/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-5273 page",
"url": "https://www.suse.com/security/cve/CVE-2014-5273/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-5274 page",
"url": "https://www.suse.com/security/cve/CVE-2014-5274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-6300 page",
"url": "https://www.suse.com/security/cve/CVE-2014-6300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-7217 page",
"url": "https://www.suse.com/security/cve/CVE-2014-7217/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8326 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8326/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8958 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8959 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8960 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8961 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8961/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9218 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9218/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-9219 page",
"url": "https://www.suse.com/security/cve/CVE-2014-9219/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-2206 page",
"url": "https://www.suse.com/security/cve/CVE-2015-2206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3902 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3903 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-6830 page",
"url": "https://www.suse.com/security/cve/CVE-2015-6830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-7873 page",
"url": "https://www.suse.com/security/cve/CVE-2015-7873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8669 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8669/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1927 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2038 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2038/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2039 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2040 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2040/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2041 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2041/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2042 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2043 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2044 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2044/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2045 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2559 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2560 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2560/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2561 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2561/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-2562 page",
"url": "https://www.suse.com/security/cve/CVE-2016-2562/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5097 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5099 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5701 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5701/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5702 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5703 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5703/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5704 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5704/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5705 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5705/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5706 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5706/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5730 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5731 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5732 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5733 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5734 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5739 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6606 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6607 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6607/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6608 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6608/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6609 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6609/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6610 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6610/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6611 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6611/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6612 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6612/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6613 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6614 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6614/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6615 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6616 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6617 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6618 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6619 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6620 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6620/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6621 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6622 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6623 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6623/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6624 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6624/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6625 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6626 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6626/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6627 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6627/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6628 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6628/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6629 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6629/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6630 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6630/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6631 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6632 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6632/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-6633 page",
"url": "https://www.suse.com/security/cve/CVE-2016-6633/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9847 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9848 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9849 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9850 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9851 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9851/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9852 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9853 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9854 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9855 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9856 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9857 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9858 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9859 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9860 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9861 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9862 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9863 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9864 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9865 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9866 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9866/"
}
],
"title": "phpMyAdmin-4.6.5.2-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10054-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "phpMyAdmin-4.6.5.2-1.1.aarch64",
"product": {
"name": "phpMyAdmin-4.6.5.2-1.1.aarch64",
"product_id": "phpMyAdmin-4.6.5.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "phpMyAdmin-4.6.5.2-1.1.ppc64le",
"product": {
"name": "phpMyAdmin-4.6.5.2-1.1.ppc64le",
"product_id": "phpMyAdmin-4.6.5.2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "phpMyAdmin-4.6.5.2-1.1.s390x",
"product": {
"name": "phpMyAdmin-4.6.5.2-1.1.s390x",
"product_id": "phpMyAdmin-4.6.5.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "phpMyAdmin-4.6.5.2-1.1.x86_64",
"product": {
"name": "phpMyAdmin-4.6.5.2-1.1.x86_64",
"product_id": "phpMyAdmin-4.6.5.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-4.6.5.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64"
},
"product_reference": "phpMyAdmin-4.6.5.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-4.6.5.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le"
},
"product_reference": "phpMyAdmin-4.6.5.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-4.6.5.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x"
},
"product_reference": "phpMyAdmin-4.6.5.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "phpMyAdmin-4.6.5.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
},
"product_reference": "phpMyAdmin-4.6.5.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-4107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-4107"
}
],
"notes": [
{
"category": "general",
"text": "The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-4107",
"url": "https://www.suse.com/security/cve/CVE-2011-4107"
},
{
"category": "external",
"summary": "SUSE Bug 728243 for CVE-2011-4107",
"url": "https://bugzilla.suse.com/728243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-4107"
},
{
"cve": "CVE-2011-4634",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-4634"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-4634",
"url": "https://www.suse.com/security/cve/CVE-2011-4634"
},
{
"category": "external",
"summary": "SUSE Bug 736772 for CVE-2011-4634",
"url": "https://bugzilla.suse.com/736772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-4634"
},
{
"cve": "CVE-2011-4780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-4780"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-4780",
"url": "https://www.suse.com/security/cve/CVE-2011-4780"
},
{
"category": "external",
"summary": "SUSE Bug 738411 for CVE-2011-4780",
"url": "https://bugzilla.suse.com/738411"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-4780"
},
{
"cve": "CVE-2011-4782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2011-4782"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2011-4782",
"url": "https://www.suse.com/security/cve/CVE-2011-4782"
},
{
"category": "external",
"summary": "SUSE Bug 738411 for CVE-2011-4782",
"url": "https://bugzilla.suse.com/738411"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2011-4782"
},
{
"cve": "CVE-2012-4219",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-4219"
}
],
"notes": [
{
"category": "general",
"text": "show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-4219",
"url": "https://www.suse.com/security/cve/CVE-2012-4219"
},
{
"category": "external",
"summary": "SUSE Bug 776698 for CVE-2012-4219",
"url": "https://bugzilla.suse.com/776698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-4219"
},
{
"cve": "CVE-2012-4345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-4345"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-4345",
"url": "https://www.suse.com/security/cve/CVE-2012-4345"
},
{
"category": "external",
"summary": "SUSE Bug 776701 for CVE-2012-4345",
"url": "https://bugzilla.suse.com/776701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2012-4345"
},
{
"cve": "CVE-2012-5339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-5339"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-5339",
"url": "https://www.suse.com/security/cve/CVE-2012-5339"
},
{
"category": "external",
"summary": "SUSE Bug 788103 for CVE-2012-5339",
"url": "https://bugzilla.suse.com/788103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2012-5339"
},
{
"cve": "CVE-2012-5368",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-5368"
}
],
"notes": [
{
"category": "general",
"text": "phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-5368",
"url": "https://www.suse.com/security/cve/CVE-2012-5368"
},
{
"category": "external",
"summary": "SUSE Bug 788103 for CVE-2012-5368",
"url": "https://bugzilla.suse.com/788103"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-5368"
},
{
"cve": "CVE-2013-1937",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-1937"
}
],
"notes": [
{
"category": "general",
"text": "** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. NOTE: a third party reports that this is \"not exploitable.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-1937",
"url": "https://www.suse.com/security/cve/CVE-2013-1937"
},
{
"category": "external",
"summary": "SUSE Bug 814678 for CVE-2013-1937",
"url": "https://bugzilla.suse.com/814678"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-1937"
},
{
"cve": "CVE-2013-3238",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-3238"
}
],
"notes": [
{
"category": "general",
"text": "phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\\x00 sequence, which is not properly handled before making a preg_replace function call within the \"Replace table prefix\" feature.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-3238",
"url": "https://www.suse.com/security/cve/CVE-2013-3238"
},
{
"category": "external",
"summary": "SUSE Bug 824301 for CVE-2013-3238",
"url": "https://bugzilla.suse.com/824301"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-3238"
},
{
"cve": "CVE-2013-3239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-3239"
}
],
"notes": [
{
"category": "general",
"text": "phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-3239",
"url": "https://www.suse.com/security/cve/CVE-2013-3239"
},
{
"category": "external",
"summary": "SUSE Bug 824302 for CVE-2013-3239",
"url": "https://bugzilla.suse.com/824302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-3239"
},
{
"cve": "CVE-2013-3240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-3240"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-3240",
"url": "https://www.suse.com/security/cve/CVE-2013-3240"
},
{
"category": "external",
"summary": "SUSE Bug 824304 for CVE-2013-3240",
"url": "https://bugzilla.suse.com/824304"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-3240"
},
{
"cve": "CVE-2013-3241",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-3241"
}
],
"notes": [
{
"category": "general",
"text": "export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-3241",
"url": "https://www.suse.com/security/cve/CVE-2013-3241"
},
{
"category": "external",
"summary": "SUSE Bug 824305 for CVE-2013-3241",
"url": "https://bugzilla.suse.com/824305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2013-3241"
},
{
"cve": "CVE-2013-3242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-3242"
}
],
"notes": [
{
"category": "general",
"text": "plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-3242",
"url": "https://www.suse.com/security/cve/CVE-2013-3242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-3242"
},
{
"cve": "CVE-2013-4729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-4729"
}
],
"notes": [
{
"category": "general",
"text": "import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-4729",
"url": "https://www.suse.com/security/cve/CVE-2013-4729"
},
{
"category": "external",
"summary": "SUSE Bug 828319 for CVE-2013-4729",
"url": "https://bugzilla.suse.com/828319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-4729"
},
{
"cve": "CVE-2013-4995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-4995"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-4995",
"url": "https://www.suse.com/security/cve/CVE-2013-4995"
},
{
"category": "external",
"summary": "SUSE Bug 843671 for CVE-2013-4995",
"url": "https://bugzilla.suse.com/843671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-4995"
},
{
"cve": "CVE-2013-4996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-4996"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted database name, (2) a crafted user name, (3) a crafted logo URL in the navigation panel, (4) a crafted entry in a certain proxy list, or (5) crafted content in a version.json file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-4996",
"url": "https://www.suse.com/security/cve/CVE-2013-4996"
},
{
"category": "external",
"summary": "SUSE Bug 843671 for CVE-2013-4996",
"url": "https://bugzilla.suse.com/843671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-4996"
},
{
"cve": "CVE-2013-4997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-4997"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-4997",
"url": "https://www.suse.com/security/cve/CVE-2013-4997"
},
{
"category": "external",
"summary": "SUSE Bug 843671 for CVE-2013-4997",
"url": "https://bugzilla.suse.com/843671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-4997"
},
{
"cve": "CVE-2013-4998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-4998"
}
],
"notes": [
{
"category": "general",
"text": "phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-4998",
"url": "https://www.suse.com/security/cve/CVE-2013-4998"
},
{
"category": "external",
"summary": "SUSE Bug 843671 for CVE-2013-4998",
"url": "https://bugzilla.suse.com/843671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-4998"
},
{
"cve": "CVE-2013-4999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-4999"
}
],
"notes": [
{
"category": "general",
"text": "phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-4999",
"url": "https://www.suse.com/security/cve/CVE-2013-4999"
},
{
"category": "external",
"summary": "SUSE Bug 843671 for CVE-2013-4999",
"url": "https://bugzilla.suse.com/843671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-4999"
},
{
"cve": "CVE-2013-5000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-5000"
}
],
"notes": [
{
"category": "general",
"text": "phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-5000",
"url": "https://www.suse.com/security/cve/CVE-2013-5000"
},
{
"category": "external",
"summary": "SUSE Bug 843671 for CVE-2013-5000",
"url": "https://bugzilla.suse.com/843671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-5000"
},
{
"cve": "CVE-2013-5001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-5001"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-5001",
"url": "https://www.suse.com/security/cve/CVE-2013-5001"
},
{
"category": "external",
"summary": "SUSE Bug 843671 for CVE-2013-5001",
"url": "https://bugzilla.suse.com/843671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2013-5001"
},
{
"cve": "CVE-2013-5002",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-5002"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-5002",
"url": "https://www.suse.com/security/cve/CVE-2013-5002"
},
{
"category": "external",
"summary": "SUSE Bug 843671 for CVE-2013-5002",
"url": "https://bugzilla.suse.com/843671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-5002"
},
{
"cve": "CVE-2013-5003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-5003"
}
],
"notes": [
{
"category": "general",
"text": "Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-5003",
"url": "https://www.suse.com/security/cve/CVE-2013-5003"
},
{
"category": "external",
"summary": "SUSE Bug 843671 for CVE-2013-5003",
"url": "https://bugzilla.suse.com/843671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-5003"
},
{
"cve": "CVE-2013-5029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-5029"
}
],
"notes": [
{
"category": "general",
"text": "phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-5029",
"url": "https://www.suse.com/security/cve/CVE-2013-5029"
},
{
"category": "external",
"summary": "SUSE Bug 833731 for CVE-2013-5029",
"url": "https://bugzilla.suse.com/833731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-5029"
},
{
"cve": "CVE-2014-1879",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-1879"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-1879",
"url": "https://www.suse.com/security/cve/CVE-2014-1879"
},
{
"category": "external",
"summary": "SUSE Bug 864917 for CVE-2014-1879",
"url": "https://bugzilla.suse.com/864917"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2014-1879"
},
{
"cve": "CVE-2014-4348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4348"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4348",
"url": "https://www.suse.com/security/cve/CVE-2014-4348"
},
{
"category": "external",
"summary": "SUSE Bug 892310 for CVE-2014-4348",
"url": "https://bugzilla.suse.com/892310"
},
{
"category": "external",
"summary": "SUSE Bug 892401 for CVE-2014-4348",
"url": "https://bugzilla.suse.com/892401"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2014-4348"
},
{
"cve": "CVE-2014-4349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4349"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4349",
"url": "https://www.suse.com/security/cve/CVE-2014-4349"
},
{
"category": "external",
"summary": "SUSE Bug 892310 for CVE-2014-4349",
"url": "https://bugzilla.suse.com/892310"
},
{
"category": "external",
"summary": "SUSE Bug 892401 for CVE-2014-4349",
"url": "https://bugzilla.suse.com/892401"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-4349"
},
{
"cve": "CVE-2014-4954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4954"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4954",
"url": "https://www.suse.com/security/cve/CVE-2014-4954"
},
{
"category": "external",
"summary": "SUSE Bug 892310 for CVE-2014-4954",
"url": "https://bugzilla.suse.com/892310"
},
{
"category": "external",
"summary": "SUSE Bug 892401 for CVE-2014-4954",
"url": "https://bugzilla.suse.com/892401"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2014-4954"
},
{
"cve": "CVE-2014-4955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4955"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4955",
"url": "https://www.suse.com/security/cve/CVE-2014-4955"
},
{
"category": "external",
"summary": "SUSE Bug 892310 for CVE-2014-4955",
"url": "https://bugzilla.suse.com/892310"
},
{
"category": "external",
"summary": "SUSE Bug 892401 for CVE-2014-4955",
"url": "https://bugzilla.suse.com/892401"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-4955"
},
{
"cve": "CVE-2014-4986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4986"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4986",
"url": "https://www.suse.com/security/cve/CVE-2014-4986"
},
{
"category": "external",
"summary": "SUSE Bug 892310 for CVE-2014-4986",
"url": "https://bugzilla.suse.com/892310"
},
{
"category": "external",
"summary": "SUSE Bug 892401 for CVE-2014-4986",
"url": "https://bugzilla.suse.com/892401"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2014-4986"
},
{
"cve": "CVE-2014-4987",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-4987"
}
],
"notes": [
{
"category": "general",
"text": "server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-4987",
"url": "https://www.suse.com/security/cve/CVE-2014-4987"
},
{
"category": "external",
"summary": "SUSE Bug 892310 for CVE-2014-4987",
"url": "https://bugzilla.suse.com/892310"
},
{
"category": "external",
"summary": "SUSE Bug 892401 for CVE-2014-4987",
"url": "https://bugzilla.suse.com/892401"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2014-4987"
},
{
"cve": "CVE-2014-5273",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-5273"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-5273",
"url": "https://www.suse.com/security/cve/CVE-2014-5273"
},
{
"category": "external",
"summary": "SUSE Bug 892310 for CVE-2014-5273",
"url": "https://bugzilla.suse.com/892310"
},
{
"category": "external",
"summary": "SUSE Bug 892401 for CVE-2014-5273",
"url": "https://bugzilla.suse.com/892401"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2014-5273"
},
{
"cve": "CVE-2014-5274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-5274"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-5274",
"url": "https://www.suse.com/security/cve/CVE-2014-5274"
},
{
"category": "external",
"summary": "SUSE Bug 892310 for CVE-2014-5274",
"url": "https://bugzilla.suse.com/892310"
},
{
"category": "external",
"summary": "SUSE Bug 892401 for CVE-2014-5274",
"url": "https://bugzilla.suse.com/892401"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2014-5274"
},
{
"cve": "CVE-2014-6300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-6300"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-6300",
"url": "https://www.suse.com/security/cve/CVE-2014-6300"
},
{
"category": "external",
"summary": "SUSE Bug 896635 for CVE-2014-6300",
"url": "https://bugzilla.suse.com/896635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-6300"
},
{
"cve": "CVE-2014-7217",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-7217"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-7217",
"url": "https://www.suse.com/security/cve/CVE-2014-7217"
},
{
"category": "external",
"summary": "SUSE Bug 899452 for CVE-2014-7217",
"url": "https://bugzilla.suse.com/899452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2014-7217"
},
{
"cve": "CVE-2014-8326",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8326"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8326",
"url": "https://www.suse.com/security/cve/CVE-2014-8326"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-8326"
},
{
"cve": "CVE-2014-8958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8958"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly handled during rendering of the home page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8958",
"url": "https://www.suse.com/security/cve/CVE-2014-8958"
},
{
"category": "external",
"summary": "SUSE Bug 906485 for CVE-2014-8958",
"url": "https://bugzilla.suse.com/906485"
},
{
"category": "external",
"summary": "SUSE Bug 908363 for CVE-2014-8958",
"url": "https://bugzilla.suse.com/908363"
},
{
"category": "external",
"summary": "SUSE Bug 908364 for CVE-2014-8958",
"url": "https://bugzilla.suse.com/908364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-8958"
},
{
"cve": "CVE-2014-8959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8959"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8959",
"url": "https://www.suse.com/security/cve/CVE-2014-8959"
},
{
"category": "external",
"summary": "SUSE Bug 906486 for CVE-2014-8959",
"url": "https://bugzilla.suse.com/906486"
},
{
"category": "external",
"summary": "SUSE Bug 908363 for CVE-2014-8959",
"url": "https://bugzilla.suse.com/908363"
},
{
"category": "external",
"summary": "SUSE Bug 908364 for CVE-2014-8959",
"url": "https://bugzilla.suse.com/908364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-8959"
},
{
"cve": "CVE-2014-8960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8960"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8960",
"url": "https://www.suse.com/security/cve/CVE-2014-8960"
},
{
"category": "external",
"summary": "SUSE Bug 906487 for CVE-2014-8960",
"url": "https://bugzilla.suse.com/906487"
},
{
"category": "external",
"summary": "SUSE Bug 908363 for CVE-2014-8960",
"url": "https://bugzilla.suse.com/908363"
},
{
"category": "external",
"summary": "SUSE Bug 908364 for CVE-2014-8960",
"url": "https://bugzilla.suse.com/908364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2014-8960"
},
{
"cve": "CVE-2014-8961",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8961"
}
],
"notes": [
{
"category": "general",
"text": "Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file\u0027s line count via a crafted parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8961",
"url": "https://www.suse.com/security/cve/CVE-2014-8961"
},
{
"category": "external",
"summary": "SUSE Bug 906488 for CVE-2014-8961",
"url": "https://bugzilla.suse.com/906488"
},
{
"category": "external",
"summary": "SUSE Bug 908363 for CVE-2014-8961",
"url": "https://bugzilla.suse.com/908363"
},
{
"category": "external",
"summary": "SUSE Bug 908364 for CVE-2014-8961",
"url": "https://bugzilla.suse.com/908364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2014-8961"
},
{
"cve": "CVE-2014-9218",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9218"
}
],
"notes": [
{
"category": "general",
"text": "libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9218",
"url": "https://www.suse.com/security/cve/CVE-2014-9218"
},
{
"category": "external",
"summary": "SUSE Bug 908363 for CVE-2014-9218",
"url": "https://bugzilla.suse.com/908363"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9218"
},
{
"cve": "CVE-2014-9219",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-9219"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-9219",
"url": "https://www.suse.com/security/cve/CVE-2014-9219"
},
{
"category": "external",
"summary": "SUSE Bug 908364 for CVE-2014-9219",
"url": "https://bugzilla.suse.com/908364"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-9219"
},
{
"cve": "CVE-2015-2206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-2206"
}
],
"notes": [
{
"category": "general",
"text": "libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-2206",
"url": "https://www.suse.com/security/cve/CVE-2015-2206"
},
{
"category": "external",
"summary": "SUSE Bug 920773 for CVE-2015-2206",
"url": "https://bugzilla.suse.com/920773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-2206"
},
{
"cve": "CVE-2015-3902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3902"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3902",
"url": "https://www.suse.com/security/cve/CVE-2015-3902"
},
{
"category": "external",
"summary": "SUSE Bug 930992 for CVE-2015-3902",
"url": "https://bugzilla.suse.com/930992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3902"
},
{
"cve": "CVE-2015-3903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3903"
}
],
"notes": [
{
"category": "general",
"text": "libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3903",
"url": "https://www.suse.com/security/cve/CVE-2015-3903"
},
{
"category": "external",
"summary": "SUSE Bug 930993 for CVE-2015-3903",
"url": "https://bugzilla.suse.com/930993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3903"
},
{
"cve": "CVE-2015-6830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-6830"
}
],
"notes": [
{
"category": "general",
"text": "libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allows remote attackers to bypass a multiple-reCaptcha protection mechanism against brute-force credential guessing by providing a correct response to a single reCaptcha.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-6830",
"url": "https://www.suse.com/security/cve/CVE-2015-6830"
},
{
"category": "external",
"summary": "SUSE Bug 945420 for CVE-2015-6830",
"url": "https://bugzilla.suse.com/945420"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-6830"
},
{
"cve": "CVE-2015-7873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-7873"
}
],
"notes": [
{
"category": "general",
"text": "The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-7873",
"url": "https://www.suse.com/security/cve/CVE-2015-7873"
},
{
"category": "external",
"summary": "SUSE Bug 951960 for CVE-2015-7873",
"url": "https://bugzilla.suse.com/951960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-7873"
},
{
"cve": "CVE-2015-8669",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8669"
}
],
"notes": [
{
"category": "general",
"text": "libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8669",
"url": "https://www.suse.com/security/cve/CVE-2015-8669"
},
{
"category": "external",
"summary": "SUSE Bug 960282 for CVE-2015-8669",
"url": "https://bugzilla.suse.com/960282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-8669"
},
{
"cve": "CVE-2016-1927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1927"
}
],
"notes": [
{
"category": "general",
"text": "The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1927",
"url": "https://www.suse.com/security/cve/CVE-2016-1927"
},
{
"category": "external",
"summary": "SUSE Bug 964024 for CVE-2016-1927",
"url": "https://bugzilla.suse.com/964024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-1927"
},
{
"cve": "CVE-2016-2038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2038"
}
],
"notes": [
{
"category": "general",
"text": "phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2038",
"url": "https://www.suse.com/security/cve/CVE-2016-2038"
},
{
"category": "external",
"summary": "SUSE Bug 964024 for CVE-2016-2038",
"url": "https://bugzilla.suse.com/964024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-2038"
},
{
"cve": "CVE-2016-2039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2039"
}
],
"notes": [
{
"category": "general",
"text": "libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2039",
"url": "https://www.suse.com/security/cve/CVE-2016-2039"
},
{
"category": "external",
"summary": "SUSE Bug 964024 for CVE-2016-2039",
"url": "https://bugzilla.suse.com/964024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-2039"
},
{
"cve": "CVE-2016-2040",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2040"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) table name, (2) SET value, (3) search query, or (4) hostname in a Location header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2040",
"url": "https://www.suse.com/security/cve/CVE-2016-2040"
},
{
"category": "external",
"summary": "SUSE Bug 964024 for CVE-2016-2040",
"url": "https://bugzilla.suse.com/964024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-2040"
},
{
"cve": "CVE-2016-2041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2041"
}
],
"notes": [
{
"category": "general",
"text": "libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2041",
"url": "https://www.suse.com/security/cve/CVE-2016-2041"
},
{
"category": "external",
"summary": "SUSE Bug 964024 for CVE-2016-2041",
"url": "https://bugzilla.suse.com/964024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-2041"
},
{
"cve": "CVE-2016-2042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2042"
}
],
"notes": [
{
"category": "general",
"text": "phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2042",
"url": "https://www.suse.com/security/cve/CVE-2016-2042"
},
{
"category": "external",
"summary": "SUSE Bug 964024 for CVE-2016-2042",
"url": "https://bugzilla.suse.com/964024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-2042"
},
{
"cve": "CVE-2016-2043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2043"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2043",
"url": "https://www.suse.com/security/cve/CVE-2016-2043"
},
{
"category": "external",
"summary": "SUSE Bug 964024 for CVE-2016-2043",
"url": "https://bugzilla.suse.com/964024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-2043"
},
{
"cve": "CVE-2016-2044",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2044"
}
],
"notes": [
{
"category": "general",
"text": "libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2044",
"url": "https://www.suse.com/security/cve/CVE-2016-2044"
},
{
"category": "external",
"summary": "SUSE Bug 964024 for CVE-2016-2044",
"url": "https://bugzilla.suse.com/964024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-2044"
},
{
"cve": "CVE-2016-2045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2045"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2045",
"url": "https://www.suse.com/security/cve/CVE-2016-2045"
},
{
"category": "external",
"summary": "SUSE Bug 964024 for CVE-2016-2045",
"url": "https://bugzilla.suse.com/964024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-2045"
},
{
"cve": "CVE-2016-2559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2559"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2559",
"url": "https://www.suse.com/security/cve/CVE-2016-2559"
},
{
"category": "external",
"summary": "SUSE Bug 968940 for CVE-2016-2559",
"url": "https://bugzilla.suse.com/968940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-2559"
},
{
"cve": "CVE-2016-2560",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2560"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2560",
"url": "https://www.suse.com/security/cve/CVE-2016-2560"
},
{
"category": "external",
"summary": "SUSE Bug 968938 for CVE-2016-2560",
"url": "https://bugzilla.suse.com/968938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-2560"
},
{
"cve": "CVE-2016-2561",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2561"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2561",
"url": "https://www.suse.com/security/cve/CVE-2016-2561"
},
{
"category": "external",
"summary": "SUSE Bug 968941 for CVE-2016-2561",
"url": "https://bugzilla.suse.com/968941"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-2561"
},
{
"cve": "CVE-2016-2562",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-2562"
}
],
"notes": [
{
"category": "general",
"text": "The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-2562",
"url": "https://www.suse.com/security/cve/CVE-2016-2562"
},
{
"category": "external",
"summary": "SUSE Bug 968928 for CVE-2016-2562",
"url": "https://bugzilla.suse.com/968928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-2562"
},
{
"cve": "CVE-2016-5097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5097"
}
],
"notes": [
{
"category": "general",
"text": "phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5097",
"url": "https://www.suse.com/security/cve/CVE-2016-5097"
},
{
"category": "external",
"summary": "SUSE Bug 982126 for CVE-2016-5097",
"url": "https://bugzilla.suse.com/982126"
},
{
"category": "external",
"summary": "SUSE Bug 982128 for CVE-2016-5097",
"url": "https://bugzilla.suse.com/982128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-5097"
},
{
"cve": "CVE-2016-5099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5099"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5099",
"url": "https://www.suse.com/security/cve/CVE-2016-5099"
},
{
"category": "external",
"summary": "SUSE Bug 982126 for CVE-2016-5099",
"url": "https://bugzilla.suse.com/982126"
},
{
"category": "external",
"summary": "SUSE Bug 982128 for CVE-2016-5099",
"url": "https://bugzilla.suse.com/982128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-5099"
},
{
"cve": "CVE-2016-5701",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5701"
}
],
"notes": [
{
"category": "general",
"text": "setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5701",
"url": "https://www.suse.com/security/cve/CVE-2016-5701"
},
{
"category": "external",
"summary": "SUSE Bug 986154 for CVE-2016-5701",
"url": "https://bugzilla.suse.com/986154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-5701"
},
{
"cve": "CVE-2016-5702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5702"
}
],
"notes": [
{
"category": "general",
"text": "phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5702",
"url": "https://www.suse.com/security/cve/CVE-2016-5702"
},
{
"category": "external",
"summary": "SUSE Bug 986154 for CVE-2016-5702",
"url": "https://bugzilla.suse.com/986154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-5702"
},
{
"cve": "CVE-2016-5703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5703"
}
],
"notes": [
{
"category": "general",
"text": "SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5703",
"url": "https://www.suse.com/security/cve/CVE-2016-5703"
},
{
"category": "external",
"summary": "SUSE Bug 986154 for CVE-2016-5703",
"url": "https://bugzilla.suse.com/986154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-5703"
},
{
"cve": "CVE-2016-5704",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5704"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5704",
"url": "https://www.suse.com/security/cve/CVE-2016-5704"
},
{
"category": "external",
"summary": "SUSE Bug 986154 for CVE-2016-5704",
"url": "https://bugzilla.suse.com/986154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-5704"
},
{
"cve": "CVE-2016-5705",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5705"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an \"invalid JSON\" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5705",
"url": "https://www.suse.com/security/cve/CVE-2016-5705"
},
{
"category": "external",
"summary": "SUSE Bug 986154 for CVE-2016-5705",
"url": "https://bugzilla.suse.com/986154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-5705"
},
{
"cve": "CVE-2016-5706",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5706"
}
],
"notes": [
{
"category": "general",
"text": "js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5706",
"url": "https://www.suse.com/security/cve/CVE-2016-5706"
},
{
"category": "external",
"summary": "SUSE Bug 986154 for CVE-2016-5706",
"url": "https://bugzilla.suse.com/986154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-5706"
},
{
"cve": "CVE-2016-5730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5730"
}
],
"notes": [
{
"category": "general",
"text": "phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5730",
"url": "https://www.suse.com/security/cve/CVE-2016-5730"
},
{
"category": "external",
"summary": "SUSE Bug 986154 for CVE-2016-5730",
"url": "https://bugzilla.suse.com/986154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-5730"
},
{
"cve": "CVE-2016-5731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5731"
}
],
"notes": [
{
"category": "general",
"text": "Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5731",
"url": "https://www.suse.com/security/cve/CVE-2016-5731"
},
{
"category": "external",
"summary": "SUSE Bug 986154 for CVE-2016-5731",
"url": "https://bugzilla.suse.com/986154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-5731"
},
{
"cve": "CVE-2016-5732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5732"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5732",
"url": "https://www.suse.com/security/cve/CVE-2016-5732"
},
{
"category": "external",
"summary": "SUSE Bug 986154 for CVE-2016-5732",
"url": "https://bugzilla.suse.com/986154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-5732"
},
{
"cve": "CVE-2016-5733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5733"
}
],
"notes": [
{
"category": "general",
"text": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5733",
"url": "https://www.suse.com/security/cve/CVE-2016-5733"
},
{
"category": "external",
"summary": "SUSE Bug 986154 for CVE-2016-5733",
"url": "https://bugzilla.suse.com/986154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-5733"
},
{
"cve": "CVE-2016-5734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5734"
}
],
"notes": [
{
"category": "general",
"text": "phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5734",
"url": "https://www.suse.com/security/cve/CVE-2016-5734"
},
{
"category": "external",
"summary": "SUSE Bug 986154 for CVE-2016-5734",
"url": "https://bugzilla.suse.com/986154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-5734"
},
{
"cve": "CVE-2016-5739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5739"
}
],
"notes": [
{
"category": "general",
"text": "The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5739",
"url": "https://www.suse.com/security/cve/CVE-2016-5739"
},
{
"category": "external",
"summary": "SUSE Bug 986154 for CVE-2016-5739",
"url": "https://bugzilla.suse.com/986154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-5739"
},
{
"cve": "CVE-2016-6606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6606"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user\u0027s browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6606",
"url": "https://www.suse.com/security/cve/CVE-2016-6606"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6606",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6606"
},
{
"cve": "CVE-2016-6607",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6607"
}
],
"notes": [
{
"category": "general",
"text": "XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are not properly escaped and can be used to trigger an XSS attack); Relation view; the following Transformations: Formatted, Imagelink, JPEG: Upload, RegexValidation, JPEG inline, PNG inline, and transformation wrapper; XML export; MediaWiki export; Designer; When the MySQL server is running with a specially-crafted log_bin directive; Database tab; Replication feature; and Database search. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6607",
"url": "https://www.suse.com/security/cve/CVE-2016-6607"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6607",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6607"
},
{
"cve": "CVE-2016-6608",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6608"
}
],
"notes": [
{
"category": "general",
"text": "XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the \"Remove partitioning\" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions (prior to 4.6.4) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6608",
"url": "https://www.suse.com/security/cve/CVE-2016-6608"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6608",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6608"
},
{
"cve": "CVE-2016-6609",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6609"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6609",
"url": "https://www.suse.com/security/cve/CVE-2016-6609"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6609",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6609"
},
{
"cve": "CVE-2016-6610",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6610"
}
],
"notes": [
{
"category": "general",
"text": "A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6610",
"url": "https://www.suse.com/security/cve/CVE-2016-6610"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6610",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6610"
},
{
"cve": "CVE-2016-6611",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6611"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6611",
"url": "https://www.suse.com/security/cve/CVE-2016-6611"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6611",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6611"
},
{
"cve": "CVE-2016-6612",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6612"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6612",
"url": "https://www.suse.com/security/cve/CVE-2016-6612"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6612",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6612"
},
{
"cve": "CVE-2016-6613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6613"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6613",
"url": "https://www.suse.com/security/cve/CVE-2016-6613"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6613",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6613"
},
{
"cve": "CVE-2016-6614",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6614"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin involving the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6614",
"url": "https://www.suse.com/security/cve/CVE-2016-6614"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6614",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6614"
},
{
"cve": "CVE-2016-6615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6615"
}
],
"notes": [
{
"category": "general",
"text": "XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the \"Tracking\" feature (a specially-crafted query can be used to trigger an XSS attack); and GIS visualization feature. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6615",
"url": "https://www.suse.com/security/cve/CVE-2016-6615"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6615",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6615"
},
{
"cve": "CVE-2016-6616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6616"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. In the \"User group\" and \"Designer\" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6616",
"url": "https://www.suse.com/security/cve/CVE-2016-6616"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6616",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6616"
},
{
"cve": "CVE-2016-6617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6617"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6617",
"url": "https://www.suse.com/security/cve/CVE-2016-6617"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6617",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6617"
},
{
"cve": "CVE-2016-6618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6618"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. The transformation feature allows a user to trigger a denial-of-service (DoS) attack against the server. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6618",
"url": "https://www.suse.com/security/cve/CVE-2016-6618"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6618",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6618"
},
{
"cve": "CVE-2016-6619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6619"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6619",
"url": "https://www.suse.com/security/cve/CVE-2016-6619"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6619",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6619"
},
{
"cve": "CVE-2016-6620",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6620"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize() function without verification that it\u0027s valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6620",
"url": "https://www.suse.com/security/cve/CVE-2016-6620"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6620",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6620"
},
{
"cve": "CVE-2016-6621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6621"
}
],
"notes": [
{
"category": "general",
"text": "The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6621",
"url": "https://www.suse.com/security/cve/CVE-2016-6621"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6621",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-6621"
},
{
"cve": "CVE-2016-6622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6622"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service (DoS) attack by forcing persistent connections when phpMyAdmin is running with $cfg[\u0027AllowArbitraryServer\u0027]=true. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6622",
"url": "https://www.suse.com/security/cve/CVE-2016-6622"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6622",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6622"
},
{
"cve": "CVE-2016-6623",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6623"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. An authorized user can cause a denial-of-service (DoS) attack on a server by passing large values to a loop. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6623",
"url": "https://www.suse.com/security/cve/CVE-2016-6623"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6623",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6623"
},
{
"cve": "CVE-2016-6624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6624"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6624",
"url": "https://www.suse.com/security/cve/CVE-2016-6624"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6624",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6624"
},
{
"cve": "CVE-2016-6625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6625"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user\u0027s session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6625",
"url": "https://www.suse.com/security/cve/CVE-2016-6625"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6625",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6625"
},
{
"cve": "CVE-2016-6626",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6626"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6626",
"url": "https://www.suse.com/security/cve/CVE-2016-6626"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6626",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6626"
},
{
"cve": "CVE-2016-6627",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6627"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6627",
"url": "https://www.suse.com/security/cve/CVE-2016-6627"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6627",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6627"
},
{
"cve": "CVE-2016-6628",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6628"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6628",
"url": "https://www.suse.com/security/cve/CVE-2016-6628"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6628",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6628"
},
{
"cve": "CVE-2016-6629",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6629"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin involving the $cfg[\u0027ArbitraryServerRegexp\u0027] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6629",
"url": "https://www.suse.com/security/cve/CVE-2016-6629"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6629",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6629"
},
{
"cve": "CVE-2016-6630",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6630"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. An authenticated user can trigger a denial-of-service (DoS) attack by entering a very long password at the change password dialog. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6630",
"url": "https://www.suse.com/security/cve/CVE-2016-6630"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6630",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6630"
},
{
"cve": "CVE-2016-6631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6631"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6631",
"url": "https://www.suse.com/security/cve/CVE-2016-6631"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6631",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6631"
},
{
"cve": "CVE-2016-6632",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6632"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6632",
"url": "https://www.suse.com/security/cve/CVE-2016-6632"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6632",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2016-6632"
},
{
"cve": "CVE-2016-6633",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-6633"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-6633",
"url": "https://www.suse.com/security/cve/CVE-2016-6633"
},
{
"category": "external",
"summary": "SUSE Bug 994313 for CVE-2016-6633",
"url": "https://bugzilla.suse.com/994313"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-6633"
},
{
"cve": "CVE-2016-9847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9847"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user\u0027s blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9847",
"url": "https://www.suse.com/security/cve/CVE-2016-9847"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9847"
},
{
"cve": "CVE-2016-9848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9848"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9848",
"url": "https://www.suse.com/security/cve/CVE-2016-9848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9848"
},
{
"cve": "CVE-2016-9849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9849"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg[\u0027Servers\u0027][$i][\u0027AllowRoot\u0027]) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9849",
"url": "https://www.suse.com/security/cve/CVE-2016-9849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-9849"
},
{
"cve": "CVE-2016-9850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9850"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9850",
"url": "https://www.suse.com/security/cve/CVE-2016-9850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9850"
},
{
"cve": "CVE-2016-9851",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9851"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9851",
"url": "https://www.suse.com/security/cve/CVE-2016-9851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9851"
},
{
"cve": "CVE-2016-9852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9852"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the curl wrapper issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9852",
"url": "https://www.suse.com/security/cve/CVE-2016-9852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9852"
},
{
"cve": "CVE-2016-9853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9853"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the fopen wrapper issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9853",
"url": "https://www.suse.com/security/cve/CVE-2016-9853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9853"
},
{
"cve": "CVE-2016-9854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9854"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the json_decode issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9854",
"url": "https://www.suse.com/security/cve/CVE-2016-9854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9854"
},
{
"cve": "CVE-2016-9855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9855"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9855",
"url": "https://www.suse.com/security/cve/CVE-2016-9855"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9855"
},
{
"cve": "CVE-2016-9856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9856"
}
],
"notes": [
{
"category": "general",
"text": "An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9856",
"url": "https://www.suse.com/security/cve/CVE-2016-9856"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9856"
},
{
"cve": "CVE-2016-9857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9857"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9857",
"url": "https://www.suse.com/security/cve/CVE-2016-9857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9857"
},
{
"cve": "CVE-2016-9858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9858"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9858",
"url": "https://www.suse.com/security/cve/CVE-2016-9858"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9858"
},
{
"cve": "CVE-2016-9859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9859"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9859",
"url": "https://www.suse.com/security/cve/CVE-2016-9859"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9859"
},
{
"cve": "CVE-2016-9860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9860"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg[\u0027AllowArbitraryServer\u0027]=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9860",
"url": "https://www.suse.com/security/cve/CVE-2016-9860"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9860"
},
{
"cve": "CVE-2016-9861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9861"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. Due to the limitation in URL matching, it was possible to bypass the URL white-list protection. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9861",
"url": "https://www.suse.com/security/cve/CVE-2016-9861"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9861"
},
{
"cve": "CVE-2016-9862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9862"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9862",
"url": "https://www.suse.com/security/cve/CVE-2016-9862"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9862"
},
{
"cve": "CVE-2016-9863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9863"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9863",
"url": "https://www.suse.com/security/cve/CVE-2016-9863"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9863"
},
{
"cve": "CVE-2016-9864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9864"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9864",
"url": "https://www.suse.com/security/cve/CVE-2016-9864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9864"
},
{
"cve": "CVE-2016-9865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9865"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9865",
"url": "https://www.suse.com/security/cve/CVE-2016-9865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-9865"
},
{
"cve": "CVE-2016-9866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9866"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in phpMyAdmin. When the arg_separator is different from its default \u0026 value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9866",
"url": "https://www.suse.com/security/cve/CVE-2016-9866"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.aarch64",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.ppc64le",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.s390x",
"openSUSE Tumbleweed:phpMyAdmin-4.6.5.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9866"
}
]
}
GHSA-8PVH-2357-G3C2
Vulnerability from github – Published: 2022-05-17 02:37 – Updated: 2022-05-17 02:37
VLAI?
Details
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Severity ?
8.1 (High)
{
"affected": [],
"aliases": [
"CVE-2016-6606"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-11T02:59:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user\u0027s browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"id": "GHSA-8pvh-2357-g3c2",
"modified": "2022-05-17T02:37:29Z",
"published": "2022-05-17T02:37:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6606"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-32"
},
{
"type": "WEB",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-29"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94114"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2016-6606
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-6606",
"description": "An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user\u0027s browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"id": "GSD-2016-6606",
"references": [
"https://www.suse.com/security/cve/CVE-2016-6606.html",
"https://advisories.mageia.org/CVE-2016-6606.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-6606"
],
"details": "An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user\u0027s browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.",
"id": "GSD-2016-6606",
"modified": "2023-12-13T01:21:23.099765Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user\u0027s browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.phpmyadmin.net/security/PMASA-2016-29",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2016-29"
},
{
"name": "94114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94114"
},
{
"name": "GLSA-201701-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-32"
},
{
"name": "[debian-lts-announce] 20190617 [SECURITY] [DLA 1821-1] phpmyadmin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6606"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user\u0027s browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
},
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.phpmyadmin.net/security/PMASA-2016-29",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.phpmyadmin.net/security/PMASA-2016-29"
},
{
"name": "94114",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94114"
},
{
"name": "GLSA-201701-32",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201701-32"
},
{
"name": "[debian-lts-announce] 20190617 [SECURITY] [DLA 1821-1] phpmyadmin security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
},
"lastModifiedDate": "2017-07-01T01:30Z",
"publishedDate": "2016-12-11T02:59Z"
}
}
}
FKIE_CVE-2016-6606
Vulnerability from fkie_nvd - Published: 2016-12-11 02:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13CD0228-728B-437A-84C1-BD7AFA52FFB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF55485-9892-4E7B-AEE0-017E61EAA7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6100FE3E-0A31-4B55-90F2-90AF765A8EB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FBAAC8D9-AAA5-487C-B4AA-84BAE5DB109E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E06B1D3-29B4-45B7-B81F-C864AF579011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2E3923-0E2B-411A-B091-088E6FF050D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1848C748-804D-4FE4-AB9C-B1BF9E58A19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "12296322-DFAD-4B36-83EC-D01BF5DF7F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA321C14-C8F4-41FC-B601-2F646064ABBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "54DBCF86-0CE8-46C4-B2E7-E3224765CCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF3DBC5-7020-48D0-ADEA-E71776DB2285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "317F952E-5F12-4ED3-8FA3-FC1106B50F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87B97F98-C0A7-4D9E-8333-7EE9EC456A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1E753D-5653-4D7A-8E41-6C02511EBFCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "417230C7-0EC2-49F4-B810-A8AE84A302AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "103FEAB1-194E-4CEF-935A-4DBCCA298205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5814003-9FF8-4F8E-9D90-A2BBB80B8451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D742A8-B9D0-4BC0-8E3E-E0FDCC1083FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16D28B77-9353-4259-9299-30638A78CCD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C022292B-6E06-4328-842F-135A872D22AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F15F00FB-BB9B-4D54-B198-0A74D418B8DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC10AF20-7B65-4FAE-A2AD-783867D60A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB7190C-0401-4E2E-B15F-4CFC79D5A4E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED20D9-C571-4BC5-9A54-450A364C6E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A2B646D-DDFC-4CB2-B7F4-0C33AF18D14F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9CBF68B2-2BCF-4EEB-8A7C-D83DCAF1AFB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "36B92C51-B51B-4538-8A2A-102881F8024C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F06DC95-76B1-4E24-A55F-1358A25ED0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA76CB4-6167-446A-8D4F-6D5B38046334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D28655-7F37-474D-A4E2-772AF24B94E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA1951E-BD85-42BF-BF7F-79A14D165914",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D08BEE8-5ACF-438D-9F06-86C6227C9A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DD0910-DBBA-4858-B9B1-FA93D08323D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "50DA8EBE-52AA-45A5-A5FB-75AF84E415E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8D93A3-8997-4EB9-A411-74B296D1341F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6E5A81B2-E16F-4AE2-9691-92D3E8A25CCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0245AF2D-F856-4CAA-A830-36D43026D1E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "00BD9E52-A6BB-48BB-9FEE-D0272AD9B6DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69E253E-157D-45BA-A977-079A49F74A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6325E2AE-BB86-4953-AA9E-0433C00B096E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C54B828-8B23-4C62-907E-8EE7E757B721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02DD18C8-172B-41CD-87DD-58BDEC0D9418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "10666E30-D98A-47A9-881A-B281066F0EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3993826B-CA66-4BC2-8E1B-06CF9230B214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "14928F51-761E-4FCA-B13C-A11530C7FC46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB761644-20F5-4E0D-B301-7809EAECA813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "896439D0-6C98-44A6-8C9D-0D57D57782D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "978B828C-1FCB-4386-B685-5BEE5A8A500C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "51A3261B-23BE-42D7-8A52-AE2E8C274A3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B7EA51-27EC-4884-8D60-FB9477D2B91A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C9F2CC-778B-4604-B463-7A1D3FB8B9C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4B20C44D-0EF1-48F2-B0AA-C8FF0BD9E252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.13:*:*:*:*:*:*:*",
"matchCriteriaId": "40F85FEC-427E-487D-997E-7EE359475876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2C825978-7E00-4C20-A806-0B968AA589AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.15:*:*:*:*:*:*:*",
"matchCriteriaId": "34986C36-1C93-4DA8-A4C2-0CB8B24BAD3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B744FB8F-C58C-446C-B4B9-53548EBE12D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C641F362-D37D-47CB-BE6C-36E5F116F844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85631B69-7060-42D1-AE24-466BA10EB390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E62EDC79-47AA-4CED-AB7F-1E4D158EB653",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B800AA-6290-4032-AA17-21025A19C392",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user\u0027s browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en el cifrado de cookie en phpMyAdmin. El descifrado del nombre de usuario/contrase\u00f1a es vulnerable a un ataque oracle de relleno. Esto puede permitir a un atacante que tenga acceso al archivo de cookies del usuario del navegador para descifrar el nombre de usuario y la contrase\u00f1a. Adem\u00e1s, se utiliza la el mismo vector de inicializaci\u00f3n (IV) para hash del nombre de usuario y contrase\u00f1a almacenados en la cookie de phpMyAdmin. Si un usuario tiene la misma contrase\u00f1a que su nombre de usuario, un atacante que examine la cookie del navegador puede ver que son iguales, pero el atacante no puede decodificar directamente estos valores de la cookie ya que sigue siendo hash. Todas las versiones 4.6.x (anteriores a 4.6.4), versiones 4.4.x (anteriores a 4.4.15.8) y versiones 4.0.x (anteriores a 4.0.10.17) est\u00e1n afectadas."
}
],
"id": "CVE-2016-6606",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-11T02:59:10.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94114"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201701-32"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.phpmyadmin.net/security/PMASA-2016-29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.phpmyadmin.net/security/PMASA-2016-29"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2016-10814
Vulnerability from cnvd - Published: 2016-11-09
VLAI Severity ?
Title
phpMyAdmin安全绕过漏洞(CNVD-2016-10814)
Description
phpMyAdmin是phpMyAdmin团队开发的一套免费的、基于Web的MySQL数据库管理工具。该工具能够创建和删除数据库,创建、删除、修改数据库表,执行SQL脚本命令等。
phpMyAdmin中存在安全绕过漏洞。攻击者可以利用该漏洞获取敏感信息或绕过安全限制,执行未授权操作。
Severity
中
Patch Name
phpMyAdmin安全绕过漏洞(CNVD-2016-10814)的补丁
Patch Description
phpMyAdmin是phpMyAdmin团队开发的一套免费的、基于Web的MySQL数据库管理工具。该工具能够创建和删除数据库,创建、删除、修改数据库表,执行SQL脚本命令等。
phpMyAdmin中存在安全绕过漏洞。攻击者可以利用该漏洞获取敏感信息或绕过安全限制,执行未授权操作。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://www.phpmyadmin.net/security/PMASA-2016-29/
Reference
http://www.securityfocus.com/bid/94114
Impacted products
| Name | ['phpMyAdmin phpMyAdmin 4.6.x<4.6.4', 'phpMyAdmin phpMyAdmin 4.4.x<4.4.15.8', 'phpMyAdmin phpMyAdmin 4.0.x<4.0.10.17'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "94114"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-6606"
}
},
"description": "phpMyAdmin\u662fphpMyAdmin\u56e2\u961f\u5f00\u53d1\u7684\u4e00\u5957\u514d\u8d39\u7684\u3001\u57fa\u4e8eWeb\u7684MySQL\u6570\u636e\u5e93\u7ba1\u7406\u5de5\u5177\u3002\u8be5\u5de5\u5177\u80fd\u591f\u521b\u5efa\u548c\u5220\u9664\u6570\u636e\u5e93\uff0c\u521b\u5efa\u3001\u5220\u9664\u3001\u4fee\u6539\u6570\u636e\u5e93\u8868\uff0c\u6267\u884cSQL\u811a\u672c\u547d\u4ee4\u7b49\u3002\r\n\r\nphpMyAdmin\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002",
"discovererName": "Emanuel Bronshtein @e3amn2l.",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://www.phpmyadmin.net/security/PMASA-2016-29/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-10814",
"openTime": "2016-11-09",
"patchDescription": "phpMyAdmin\u662fphpMyAdmin\u56e2\u961f\u5f00\u53d1\u7684\u4e00\u5957\u514d\u8d39\u7684\u3001\u57fa\u4e8eWeb\u7684MySQL\u6570\u636e\u5e93\u7ba1\u7406\u5de5\u5177\u3002\u8be5\u5de5\u5177\u80fd\u591f\u521b\u5efa\u548c\u5220\u9664\u6570\u636e\u5e93\uff0c\u521b\u5efa\u3001\u5220\u9664\u3001\u4fee\u6539\u6570\u636e\u5e93\u8868\uff0c\u6267\u884cSQL\u811a\u672c\u547d\u4ee4\u7b49\u3002\r\n\r\nphpMyAdmin\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "phpMyAdmin\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2016-10814\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"phpMyAdmin phpMyAdmin 4.6.x\u003c4.6.4",
"phpMyAdmin phpMyAdmin 4.4.x\u003c4.4.15.8",
"phpMyAdmin phpMyAdmin 4.0.x\u003c4.0.10.17"
]
},
"referenceLink": "http://www.securityfocus.com/bid/94114",
"serverity": "\u4e2d",
"submitTime": "2016-11-08",
"title": "phpMyAdmin\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2016-10814\uff09"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…