[3.6] phpmyadmin: Multiple vulnerabilities (Various CVEs)ID: oval:org.secpod.oval:def:1800617 | Date: (C)2018-03-28 (M)2023-12-20 |
Class: PATCH | Family: unix |
CVE-2016-9847: Unsafe generation of blowfish secret; All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected Upgrade to phpMyAdmin* 4.6.5, 4.4.15.9*, 4.0.10.18, or newer or apply patch. Reference: CVE-2016-9848: phpinfo information leak value of sensitive cookies; All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9, 4.0.10.18. Reference: CVE-2016-9849: Username deny rules bypass by using Null Byte; All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9, 4.0.10.18, or newer or apply patch. Reference: CVE-2016-9850: Username rule matching issues; All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9, 4.0.10.18, or newer or apply patch. Reference: CVE-2016-9851: With a crafted request parameter value it is possible to bypass the logout timeout.; All 4.6.x versions , and 4.4.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9 or newer or apply patch. Reference: CVE-2016-9852 CVE-2016-9853 CVE-2016-9854 CVE-2016-9855: Multiple full path disclosure vulnerabilities; All 4.6.x versions , and 4.4.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9, or newer or apply patch. Reference: CVE-2016-9856 CVE-2016-9857: Multiple XSS vulnerabilities; All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9, 4.0.10.18, or newer or apply patch. Reference: CVE-2016-9858 CVE-2016-9859 CVE-2016-9860: We consider these vulnerabilities to be of moderate severity.; All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9, 4.0.10.18, or newer apply patch. Reference: CVE-2016-9861Bypass white-list protection for URL redirection; All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Reference: CVE-2016-9862: BBCode injection vulnerability; All 4.6.x versions are affected. Upgrade to phpMyAdmin 4.6.5 or newer or apply patch. Reference: CVE-2016-9863: DOS vulnerability in table partitioning; All 4.6.x versions are affected. Upgrade to phpMyAdmin 4.6.5 or newer or apply patch. Reference: CVE-2016-9864: Multiple SQL injection vulnerabilities; All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9, 4.0.10.18, or newer or apply patch. Reference: CVE-2016-9865: Incorrect serialized string parsing; All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9, 4.0.10.18, or newer or apply patch. CVE-2016-9866: CSRF token not stripped from the URL; All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.5, 4.4.15.9, 4.0.10.18, or newer or apply patch.
Platform: |
Alpine Linux 3.6 |