Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2016-12-11 CVE-2016-6631 OS Command Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
high complexity
phpmyadmin CWE-78
7.5
7.5
2016-12-11 CVE-2016-6619 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
low complexity
phpmyadmin CWE-89
8.8
8.8
2016-12-11 CVE-2016-6617 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
high complexity
phpmyadmin CWE-89
8.1
8.1
2016-12-11 CVE-2016-6616 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
high complexity
phpmyadmin CWE-89
7.5
7.5
2016-12-11 CVE-2016-6611 SQL Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
high complexity
phpmyadmin CWE-89
8.1
8.1
2016-12-11 CVE-2016-6609 Command Injection vulnerability in PHPmyadmin
An issue was discovered in phpMyAdmin.
network
low complexity
phpmyadmin CWE-77
8.8
8.8
2016-12-11 CVE-2016-6606 Information Exposure vulnerability in PHPmyadmin
An issue was discovered in cookie encryption in phpMyAdmin.
network
high complexity
phpmyadmin CWE-200
8.1
8.1
2016-12-09 CVE-2016-5424 Code Injection vulnerability in multiple products
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
network
high complexity
debian postgresql CWE-94
7.1
7.1
2016-12-09 CVE-2016-5423 NULL Pointer Dereference vulnerability in multiple products
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
network
low complexity
debian postgresql CWE-476
8.3
8.3
2016-12-09 CVE-2016-6321 Path Traversal vulnerability in GNU TAR
Directory traversal vulnerability in the safer_name_suffix function in GNU tar 1.14 through 1.29 might allow remote attackers to bypass an intended protection mechanism and write to arbitrary files via vectors related to improper sanitization of the file_name parameter, aka POINTYFEATHER.
network
low complexity
gnu CWE-22
7.5
7.5