Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-31 | CVE-2016-9039 | Resource Exhaustion vulnerability in Joyent Smartos 20161110T013148Z An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. | 5.5 |
| 2017-01-31 | CVE-2016-6621 | Server-Side Request Forgery (SSRF) vulnerability in PHPmyadmin The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. | 8.6 |
| 2017-01-31 | CVE-2016-5117 | 7PK - Security Features vulnerability in Openntpd 6.0 OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate. | 5.9 |
| 2017-01-31 | CVE-2016-3176 | Improper Authentication vulnerability in Saltstack Salt Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient. | 5.6 |
| 2017-01-31 | CVE-2016-2050 | Out-of-bounds Write vulnerability in Libdwarf Project Libdwarf 20151114 The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file. | 6.5 |
| 2017-01-31 | CVE-2016-10043 | OS Command Injection vulnerability in MRF web Panel 9.0.1 An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. | 10.0 |
| 2017-01-31 | CVE-2016-9249 | Improper Input Validation vulnerability in F5 products An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS). | 7.5 |
| 2017-01-30 | CVE-2016-9132 | Integer Overflow or Wraparound vulnerability in Botan Project Botan In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. | 9.8 |
| 2017-01-30 | CVE-2016-9119 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2017-01-30 | CVE-2016-7798 | Inadequate Encryption Strength vulnerability in multiple products The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism. | 7.5 |