Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-04 | CVE-2016-7903 | Permissions, Privileges, and Access Controls vulnerability in Dotclear Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header. | 3.7 |
| 2017-01-04 | CVE-2016-7902 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotclear Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .php%20. | 8.8 |
| 2017-01-04 | CVE-2016-7399 | Command Injection vulnerability in Veritas Netbackup Appliance Firmware scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense. | 9.8 |
| 2017-01-04 | CVE-2016-6894 | Resource Management Errors vulnerability in Arista products Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets to the control plane. | 7.5 |
| 2017-01-04 | CVE-2016-9936 | Use After Free vulnerability in PHP The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. | 9.8 |
| 2017-01-04 | CVE-2016-9935 | Out-of-bounds Read vulnerability in PHP The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. | 9.8 |
| 2017-01-04 | CVE-2016-9934 | NULL Pointer Dereference vulnerability in PHP ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. | 7.5 |
| 2017-01-04 | CVE-2016-9933 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libgd 2.2.1 Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value. | 7.5 |
| 2017-01-04 | CVE-2016-9138 | Use After Free vulnerability in PHP PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup. | 9.8 |
| 2017-01-04 | CVE-2016-9137 | Use After Free vulnerability in PHP Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. | 9.8 |