CVE Daily
← All years

All CVEs — 2017

Page 103/103.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2017-01-05
Medium

CVE-2016-7169

Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authent…

CVSS: 6.3 CWE: CWE-22
Read more
Medium

CVE-2016-7168

Cross-site scripting (XSS) vulnerability in the media_handle_upload function in wp-admin/includes/media.php in WordPress before 4.6.1 might allow remote attackers to inject arbitrary web script or HT…

CVSS: 4.8 CWE: CWE-79
Read more
High

CVE-2016-10012

The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local use…

CVSS: 7.8 CWE: CWE-119
Read more
High

CVE-2016-10009

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-s…

CVSS: 7.3 CWE: CWE-426
Read more
2017-01-04
High

CVE-2016-7902

Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by u…

CVSS: 8.8 CWE: CWE-434
Read more
Critical

CVE-2016-7399

scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metac…

CVSS: 9.8 CWE: CWE-77
Read more
Critical

CVE-2016-9936

The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via craft…

CVSS: 9.8 CWE: CWE-416
Read more
Critical

CVE-2016-9935

The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or pos…

CVSS: 9.8 CWE: CWE-125
Read more
High

CVE-2016-9934

ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as…

CVSS: 7.5 CWE: CWE-476
Read more
High

CVE-2016-9933

Stack consumption vulnerability in the gdImageFillToBorder function in gd.c in the GD Graphics Library (aka libgd) before 2.2.2, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote atta…

CVSS: 7.5 CWE: CWE-119
Read more
Critical

CVE-2016-9138

PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other im…

CVSS: 9.8 CWE: CWE-416
Read more
Critical

CVE-2016-9137

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have un…

CVSS: 9.8 CWE: CWE-416
Read more
High

CVE-2016-8860

Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that…

CVSS: 7.5 CWE: CWE-119
Read more
Critical

CVE-2016-8670

Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers…

CVSS: 9.8 CWE: CWE-119
Read more
Critical

CVE-2014-9912

The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp…

CVSS: 9.8 CWE: CWE-119
Read more
Critical

CVE-2014-9911

Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a den…

CVSS: 9.8 CWE: CWE-119
Read more
Critical

CVE-2016-10115

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default passw…

CVSS: 9.8 CWE: CWE-798
Read more
Critical

CVE-2016-10114

SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving catego…

CVSS: 9.8 CWE: CWE-89
Read more
Medium

CVE-2016-10112

Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted ta…

CVSS: 4.8 CWE: CWE-79
Read more
2017-01-03
Medium

CVE-2016-5024

Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Tra…

CVSS: 5.9 CWE: CWE-20
Read more
Critical

CVE-2016-10108

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.

CVSS: 9.8 CWE: CWE-77
Read more
Critical

CVE-2016-10107

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.

CVSS: 9.8 CWE: CWE-77
Read more
Medium

CVE-2016-10106

Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitra…

CVSS: 6.5 CWE: CWE-22
Read more
Critical

CVE-2016-10105

admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.

CVSS: 9.8 CWE: CWE-200
Read more
2017-01-02
Critical

CVE-2017-5005

Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to…

CVSS: 9.8 CWE: CWE-787
Read more
Medium

CVE-2016-10100

Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive.

CVSS: 5.3 CWE: CWE-20
Read more
High

CVE-2016-10097

XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.

CVSS: 7.5 CWE: CWE-611
Read more
2017-01-01
High

CVE-2016-10096

SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.

CVSS: 7.3 CWE: CWE-89
Read more