Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-01-03 CVE-2016-5024 Improper Input Validation vulnerability in F5 products
Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic.
network
high complexity
f5 CWE-20
5.9
2017-01-03 CVE-2016-10108 Command Injection vulnerability in Western Digital Mycloud NAS 2.11.142
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.
network
low complexity
western-digital CWE-77
critical
9.8
2017-01-03 CVE-2016-10107 Command Injection vulnerability in Western Digital Mycloud NAS 2.11.142
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.
network
low complexity
western-digital CWE-77
critical
9.8
2017-01-03 CVE-2016-10106 Path Traversal vulnerability in Netgear products
Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a ..
network
low complexity
netgear CWE-22
6.5
2017-01-03 CVE-2016-10105 Improper Access Control vulnerability in Piwigo
admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files.
network
low complexity
piwigo CWE-284
critical
9.8
2017-01-02 CVE-2017-5005 Out-of-bounds Write vulnerability in Quickheal Antivirus Pro, Internet Security and Total Security
Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsize field in a Mach-O file that is mishandled during a Security Scan (aka Custom Scan) operation.
network
low complexity
quickheal CWE-787
critical
9.8
2017-01-02 CVE-2016-10100 Improper Input Validation vulnerability in Borg
Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive.
network
low complexity
borg CWE-20
5.3
2017-01-02 CVE-2016-10099 Cryptographic Issues vulnerability in Borg Project Borg
Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest (list of archives), potentially allowing an attacker to spoof the list of archives.
network
low complexity
borg-project CWE-310
5.3
2017-01-02 CVE-2016-10097 XXE vulnerability in Forgerock Openam 10.1.0
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.
network
low complexity
forgerock CWE-611
7.5
2017-01-01 CVE-2016-10096 SQL Injection vulnerability in Genixcms
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.
network
low complexity
genixcms CWE-89
7.3