Security Vulnerabilities - CVEs Published In January 2017
Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive.
CVSS Score
5.3
EPSS Score
0.003
Published
2017-01-02
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.
CVSS Score
7.5
EPSS Score
0.008
Published
2017-01-02
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.
CVSS Score
7.3
EPSS Score
0.005
Published
2017-01-01
Page 109