Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-03 | CVE-2016-5024 | Improper Input Validation vulnerability in F5 products Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic. | 5.9 |
| 2017-01-03 | CVE-2016-10108 | Command Injection vulnerability in Western Digital Mycloud NAS 2.11.142 Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data. | 9.8 |
| 2017-01-03 | CVE-2016-10107 | Command Injection vulnerability in Western Digital Mycloud NAS 2.11.142 Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header. | 9.8 |
| 2017-01-03 | CVE-2016-10106 | Path Traversal vulnerability in Netgear products Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. | 6.5 |
| 2017-01-03 | CVE-2016-10105 | Improper Access Control vulnerability in Piwigo admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. | 9.8 |
| 2017-01-02 | CVE-2017-5005 | Out-of-bounds Write vulnerability in Quickheal Antivirus Pro, Internet Security and Total Security Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation. | 9.8 |
| 2017-01-02 | CVE-2016-10100 | Improper Input Validation vulnerability in Borg Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive. | 5.3 |
| 2017-01-02 | CVE-2016-10099 | Cryptographic Issues vulnerability in Borg Project Borg Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest (list of archives), potentially allowing an attacker to spoof the list of archives. | 5.3 |
| 2017-01-02 | CVE-2016-10097 | XXE vulnerability in Forgerock Openam 10.1.0 XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter. | 7.5 |
| 2017-01-01 | CVE-2016-10096 | SQL Injection vulnerability in Genixcms SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter. | 7.3 |