Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-05 | CVE-2016-7169 | Path Traversal vulnerability in Wordpress Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter. | 6.3 |
| 2017-01-05 | CVE-2016-7168 | Cross-site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HTML by tricking an administrator into uploading an image file that has a crafted filename. | 4.8 |
| 2017-01-05 | CVE-2016-10011 | Key Management Errors vulnerability in Openbsd Openssh authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process. | 5.5 |
| 2017-01-04 | CVE-2016-6595 | Resource Management Errors vulnerability in Docker 1.12.0 The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. | 6.5 |
| 2017-01-04 | CVE-2016-10112 | Cross-site Scripting vulnerability in Woocommerce Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format. | 4.8 |
| 2017-01-03 | CVE-2016-5024 | Improper Input Validation vulnerability in F5 products Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic. | 5.9 |
| 2017-01-03 | CVE-2016-10106 | Path Traversal vulnerability in Netgear products Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitrary files via a .. | 6.5 |
| 2017-01-02 | CVE-2016-10100 | Improper Input Validation vulnerability in Borg Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive. | 5.3 |
| 2017-01-02 | CVE-2016-10099 | Cryptographic Issues vulnerability in Borg Project Borg Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest (list of archives), potentially allowing an attacker to spoof the list of archives. | 5.3 |
| 2016-12-31 | CVE-2016-6859 | Information Exposure vulnerability in SAP Hybris Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to obtain sensitive information by triggering an error and then reading a Java stack trace. | 4.3 |