Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-05 | CVE-2016-7168 | Cross-site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename. | 4.8 |
| 2017-01-05 | CVE-2016-10012 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openbsd Openssh The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures. | 7.8 |
| 2017-01-05 | CVE-2016-10011 | Key Management Errors vulnerability in Openbsd Openssh authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. | 5.5 |
| 2017-01-05 | CVE-2016-10010 | Permissions, Privileges, and Access Controls vulnerability in Openbsd Openssh sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. | 7.0 |
| 2017-01-05 | CVE-2016-10009 | Untrusted Search Path vulnerability in Openbsd Openssh Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket. | 7.3 |
| 2017-01-04 | CVE-2016-7903 | Permissions, Privileges, and Access Controls vulnerability in Dotclear Dotclear before 2.10.3, when the Host header is not part of the web server routing process, allows remote attackers to modify the password reset address link via the HTTP Host header. | 3.7 |
| 2017-01-04 | CVE-2016-7902 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotclear Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .php%20. | 8.8 |
| 2017-01-04 | CVE-2016-7399 | Command Injection vulnerability in Veritas Netbackup Appliance Firmware scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense. | 9.8 |
| 2017-01-04 | CVE-2016-6894 | Resource Management Errors vulnerability in Arista products Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets to the control plane. | 7.5 |
| 2017-01-04 | CVE-2016-9936 | Use After Free vulnerability in PHP The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. | 9.8 |