CVE-2015-9099: The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service via a crafted audio file with a negative sample rate.
CVE-2016-6606: Weakness with cookie encryption All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6607: Multiple XSS vulnerabilities All 4.6.x versions , 4.4.x versions , and 4.0.x versions are affected. Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch. CVE-2016-6608: ...
CVE-2018-12581: XSS in Designer feature¶ A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially-crafted database name. Affected Versions:¶ phpMyAdmin versions prior to 4.8.2.
A Cross-Site Scripting vulnerability was found in the file import feature, where an attacker can deliver a payload to a user through importing a specially-crafted file. Affected Versions:¶ phpMyAdmin versions prior to 4.8.3
An error within the "tar_directory_for_file" function in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file. Fixed In Version libgsf 1.14.41 Reference Patch
An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service via a misformatted relay descriptor that is mishandled during voting. Fixed In Version:¶ tor 0.2.9.15, tor 0.3.1.10, tor 0.3.2.10, tor 0.3.3.3-alpha
It has been discovered that Tor, a connection-based low-latency anonymous communication system, contains a protocol-list handling bug that could be used to remotely crash directory authorities with a null-pointer exception .