Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-11 | CVE-2016-4445 | Command Injection vulnerability in multiple products The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function. | 7.0 |
| 2017-04-11 | CVE-2016-4444 | Command Injection vulnerability in multiple products The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function. | 7.0 |
| 2017-04-11 | CVE-2016-4483 | Deserialization of Untrusted Data vulnerability in multiple products The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. | 7.5 |
| 2017-04-11 | CVE-2016-4468 | SQL Injection vulnerability in multiple products SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 8.8 |
| 2017-04-11 | CVE-2016-6811 | Permissions, Privileges, and Access Controls vulnerability in Apache Hadoop In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user. | 8.8 |
| 2017-04-10 | CVE-2017-7648 | Use of Hard-coded Credentials vulnerability in Foscam products Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | 8.1 |
| 2017-04-10 | CVE-2017-7647 | Unspecified vulnerability in Solarwinds LOG & Event Manager 6.3.1 SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands. | 8.8 |
| 2017-04-10 | CVE-2016-8237 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Updates Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code. | 8.1 |
| 2017-04-10 | CVE-2016-8235 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Customer Care Software Development KIT 2.0.16 Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges. | 7.8 |
| 2017-04-10 | CVE-2016-10323 | Permissions, Privileges, and Access Controls vulnerability in Synology Photo Station Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command. | 7.8 |