Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-481-1:91517
HistoryMay 18, 2016 - 6:57 p.m.

[SECURITY] [DLA 481-1] phpmyadmin security update

2016-05-1818:57:16
lists.debian.org
28

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.3

Confidence

High

EPSS

0.006

Percentile

78.9%

JSON

Package : phpmyadmin
Version : 4:3.4.11.1-2+deb7u3
CVE ID : CVE-2016-1927 CVE-2016-2038 CVE-2016-2039 CVE-2016-2040
CVE-2016-2041 CVE-2016-2045 CVE-2016-2560

This security update fixes a number of security issues in
phpMyAdmin. We recommend you upgrade your phpmyadmin packages.

CVE-2016-1927

 suggestPassword generates weak passphrases

CVE-2016-2038

 information disclosure via crafted requests

CVE-2016-2039

 weak CSRF token values

CVE-2016-2040

 XSS vulnerabilities in authenticated users

CVE-2016-2041

 information breach in CSRF token comparison

CVE-2016-2045

 XSS injection via crafted SQL queries

CVE-2016-2560

 XSS injection

Further information about Debian LTS security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: Digital signature

Related

osv 7
nessus 24
openvas 14
debian 3
mageia 2
f5 2
fedora 6
typo3 1
prion 7
debiancve 7
ubuntucve 7
cvelist 7
cve 7
phpmyadmin 7
freebsd 7
nvd 7
github 3
osv
osv
phpmyadmin - regression update
2016-05-18 00:00:00
phpmyadmin - security update
2016-05-18 00:00:00
phpmyadmin - security update
2016-01-30 00:00:00
nessus
nessus
Debian DLA-481-2 : phpmyadmin regression update
2016-05-19 00:00:00
phpMyAdmin 4.0.x < 4.0.10.13 / 4.4.x < 4.4.15.3 / 4.5.x < 4.5.4 Multiple Vulnerabilities (PMASA-2016-1 - PMASA-2016-5)
2016-02-26 00:00:00
phpMyAdmin 4.0.x < 4.0.10.13 / 4.4.x < 4.4.15.3 / 4.5.x < 4.5.4 Multiple Vulnerabilities (PMASA-2016-1 - PMASA-2016-5)
2016-03-02 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-481-1)
2023-03-08 00:00:00
Mageia: Security Advisory (MGASA-2016-0051)
2016-02-08 00:00:00
phpMyAdmin Multiple Vulnerabilities -01 (Feb 2016)
2016-02-23 00:00:00
debian
debian
[SECURITY] [DLA 481-2] phpmyadmin regression update
2016-05-30 18:36:20
[SECURITY] [DLA 406-1] phpmyadmin security update
2016-01-30 22:52:45
[SECURITY] [DSA 3627-1] phpmyadmin security update
2016-07-24 16:03:22
mageia
mageia
Updated phpmyadmin/phpseclib packages fix security vulnerability
2016-02-05 20:26:09
Updated phpmyadmin packages fix security vulnerabilities
2016-03-02 21:28:46
f5
f5
SOL93445609 - phpMyAdmin vulnerabilities
2016-02-29 00:00:00
K93445609 : phpMyAdmin vulnerabilities
2016-02-29 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: phpMyAdmin-4.5.4-1.fc22
2016-02-01 06:34:04
[SECURITY] Fedora 23 Update: phpMyAdmin-4.5.4.1-1.fc23
2016-02-03 20:52:02
[SECURITY] Fedora 22 Update: phpMyAdmin-4.5.5.1-1.fc22
2016-03-14 00:20:48
typo3
typo3
Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)
2016-03-10 00:00:00
prion
prion
Cross site scripting
2016-03-01 11:59:00
Design/Logic Flaw
2016-02-20 01:59:00
Cross site scripting
2016-02-20 01:59:00
debiancve
debiancve
CVE-2016-2038
2016-02-20 01:59:01
CVE-2016-2045
2016-02-20 01:59:08
CVE-2016-2041
2016-02-20 01:59:04
ubuntucve
ubuntucve
CVE-2016-2038
2016-02-20 00:00:00
CVE-2016-2045
2016-02-20 00:00:00
CVE-2016-2041
2016-02-20 00:00:00
cvelist
cvelist
CVE-2016-2038
2016-02-20 01:00:00
CVE-2016-2045
2016-02-20 01:00:00
CVE-2016-2040
2016-02-20 01:00:00
cve
cve
CVE-2016-2045
2016-02-20 01:59:08
CVE-2016-2560
2016-03-01 11:59:02
CVE-2016-2040
2016-02-20 01:59:03
phpmyadmin
phpmyadmin
Multiple full path disclosure vulnerabilities.
2016-01-23 00:00:00
XSS vulnerability in SQL editor.
2016-01-24 00:00:00
Unsafe comparison of XSRF/CSRF token.
2016-01-24 00:00:00
freebsd
freebsd
phpmyadmin -- Multiple XSS vulnerabilities
2016-01-28 00:00:00
phpmyadmin -- XSS vulnerability in SQL editor
2016-01-28 00:00:00
phpmyadmin -- Unsafe comparison of XSRF/CSRF token
2016-01-28 00:00:00
nvd
nvd
CVE-2016-2040
2016-02-20 01:59:03
CVE-2016-2041
2016-02-20 01:59:04
CVE-2016-2045
2016-02-20 01:59:08
github
github
phpMyAdmin Unsafe comparison of XSRF/CSRF token
2022-05-14 02:08:30
phpMyAdmin XSS Vulnerability
2022-05-14 02:08:30
phpMyAdmin Cryptographic Vulnerability
2022-05-17 03:43:03

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.3

Confidence

High

EPSS

0.006

Percentile

78.9%

JSON
Related for DEBIAN:DLA-481-1:91517
osv7nessus24openvas14debian3mageia2f52fedora6typo31prion7debiancve7ubuntucve7cvelist7cve7phpmyadmin7freebsd7nvd7github3