Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-07 | CVE-2017-6601 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. | 7.1 |
| 2017-04-07 | CVE-2017-6600 | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. | 7.8 |
| 2017-04-07 | CVE-2017-6597 | OS Command Injection vulnerability in Cisco products A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. | 7.8 |
| 2017-04-07 | CVE-2017-7578 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libming 0.4.7 Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. | 7.8 |
| 2017-04-07 | CVE-2017-7570 | Code Injection vulnerability in Pivotx 2.3.11 PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension. | 8.8 |
| 2017-04-06 | CVE-2017-4964 | Code Injection vulnerability in Cloudfoundry Bosh Azure CPI 22 Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability." | 8.8 |
| 2017-04-06 | CVE-2017-7572 | Race Condition vulnerability in Backintime Project Backintime The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). | 8.1 |
| 2017-04-06 | CVE-2017-3832 | Improper Handling of Exceptional Conditions vulnerability in Cisco Wireless LAN Controller Firmware 8.3.102.0 A vulnerability in the web management interface of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2017-04-06 | CVE-2016-9219 | Improper Input Validation vulnerability in Cisco products A vulnerability with IPv6 UDP ingress packet processing in Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device. | 7.5 |
| 2017-04-06 | CVE-2016-10320 | OS Command Injection vulnerability in Textract Project Textract textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. | 7.8 |