Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-10 CVE-2017-7617 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Asterisk
Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.
network
low complexity
digium CWE-119
8.8
8.8
2017-04-10 CVE-2017-6190 Path Traversal vulnerability in Dlink Dwr-116 Firmware V1.00(Cp)B10/V1.01(Eu)/V1.05(Au)
Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a ..
network
low complexity
dlink CWE-22
7.5
7.5
2017-04-10 CVE-2016-6605 Improper Access Control vulnerability in Cloudera CDH
Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.
network
low complexity
cloudera CWE-284
7.5
7.5
2017-04-10 CVE-2015-8378 Information Exposure vulnerability in Keepassx Project Keepassx
In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action.
network
low complexity
keepassx-project CWE-200
7.5
7.5
2017-04-10 CVE-2016-6534 Command Injection vulnerability in Opmantek Network Management Information System 4.3.6F/8.5.10G
Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script.
network
high complexity
opmantek CWE-77
7.5
7.5
2017-04-10 CVE-2016-5076 Information Exposure vulnerability in Cloudviewnms Cloudview NMS
CloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct request for admin/auto.def.
network
low complexity
cloudviewnms CWE-200
7.5
7.5
2017-04-10 CVE-2016-5072 Code Injection vulnerability in Oxidforge Oxid Eshop 4.9.8/5.2.8
OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class.
network
low complexity
oxidforge CWE-94
8.8
8.8
2017-04-10 CVE-2016-5071 Permissions, Privileges, and Access Controls vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.
network
low complexity
sierrawireless CWE-264
8.8
8.8
2017-04-10 CVE-2016-5067 Command Injection vulnerability in Sierrawireless Aleos Firmware 4.3.2
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
network
low complexity
sierrawireless CWE-77
8.8
8.8
2017-04-10 CVE-2016-5058 Improper Access Control vulnerability in Osram Lightify PRO
OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay.
network
low complexity
osram CWE-284
7.5
7.5