Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-23 | CVE-2016-5747 | Improper Access Control vulnerability in Novell Edirectory A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. | 7.5 |
| 2017-03-23 | CVE-2016-1603 | Information Exposure vulnerability in Novell Netiq IDM Servicenow Driver An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 could expose cryptographic attributes to logged-in users. | 6.5 |
| 2017-03-23 | CVE-2016-1602 | Code Injection vulnerability in Suse products A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). | 7.8 |
| 2017-03-23 | CVE-2016-1597 | Permissions, Privileges, and Access Controls vulnerability in Netiq Access Governance Suite A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator. | 8.8 |
| 2017-03-23 | CVE-2017-7235 | Improper Input Validation vulnerability in Cloudflare-Scrape Project Cloudflare-Scrape An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. | 8.8 |
| 2017-03-22 | CVE-2017-6972 | Improper Check for Dropped Privileges vulnerability in multiple products AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping and unnecessarily execute the NfSen Perl code as root, aka AlienVault ID ENG-104945, a different vulnerability than CVE-2017-6970 and CVE-2017-6971. | 9.8 |
| 2017-03-22 | CVE-2017-3864 | Unspecified vulnerability in Cisco IOS A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 8.6 |
| 2017-03-22 | CVE-2017-3859 | Use of Externally-Controlled Format String vulnerability in Cisco IOS XE A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. | 7.5 |
| 2017-03-22 | CVE-2017-3858 | Improper Input Validation vulnerability in Cisco IOS XE 16.2/16.2.1 A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. | 8.8 |
| 2017-03-22 | CVE-2017-3857 | Resource Exhaustion vulnerability in Cisco IOS A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. | 7.5 |