Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-12 | CVE-2017-5350 | Unspecified vulnerability in Samsung Mobile Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. | 7.5 |
| 2017-01-12 | CVE-2017-5347 | SQL Injection vulnerability in Metalgenix Genixcms 0.0.8 SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php. | 7.2 |
| 2017-01-12 | CVE-2017-5346 | SQL Injection vulnerability in Genixcms 0.0.8 SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php. | 7.2 |
| 2017-01-12 | CVE-2017-5345 | SQL Injection vulnerability in Metalgenix Genixcms 0.0.8 SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI. | 8.8 |
| 2017-01-12 | CVE-2016-9444 | Improper Input Validation vulnerability in ISC Bind named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer. | 7.5 |
| 2017-01-12 | CVE-2016-9147 | Improper Input Validation vulnerability in ISC Bind 9.10.4/9.11.0/9.9.9 named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets. | 7.5 |
| 2017-01-12 | CVE-2016-9131 | Improper Input Validation vulnerability in multiple products named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. | 7.5 |
| 2017-01-12 | CVE-2016-10131 | Injection vulnerability in Codeigniter system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments. | 9.8 |
| 2017-01-12 | CVE-2016-7479 | Use After Free vulnerability in PHP In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. | 9.8 |
| 2017-01-11 | CVE-2017-5209 | Out-of-bounds Read vulnerability in Libimobiledevice Libplist The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data. | 9.1 |