Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-01-04 CVE-2016-7399 Command Injection vulnerability in Veritas Netbackup Appliance Firmware
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.
network
low complexity
veritas CWE-77
critical
9.8
2017-01-04 CVE-2016-6894 Resource Management Errors vulnerability in Arista products
Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets to the control plane.
network
low complexity
arista CWE-399
7.5
2017-01-04 CVE-2016-9936 Use After Free vulnerability in PHP
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data.
network
low complexity
php CWE-416
critical
9.8
2017-01-04 CVE-2016-9935 Out-of-bounds Read vulnerability in PHP
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document.
network
low complexity
php CWE-125
critical
9.8
2017-01-04 CVE-2016-9934 NULL Pointer Dereference vulnerability in PHP
ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string.
network
low complexity
php CWE-476
7.5
2017-01-04 CVE-2016-9933 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libgd 2.2.1
Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (segmentation violation) via a crafted imagefilltoborder call that triggers use of a negative color value.
network
low complexity
libgd CWE-119
7.5
2017-01-04 CVE-2016-9138 Use After Free vulnerability in PHP
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.
network
low complexity
php CWE-416
critical
9.8
2017-01-04 CVE-2016-9137 Use After Free vulnerability in PHP
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing.
network
low complexity
php CWE-416
critical
9.8
2017-01-04 CVE-2016-8860 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Torproject TOR
Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.
network
low complexity
torproject CWE-119
7.5
2017-01-04 CVE-2016-8670 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libgd
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.
network
low complexity
libgd CWE-119
critical
9.8