Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-04 | CVE-2015-1611 | Improper Input Validation vulnerability in Opendaylight Openflow OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to "fake LLDP injection." | 7.5 |
| 2017-04-04 | CVE-2017-7414 | OS Command Injection vulnerability in Horde Groupware In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. | 7.5 |
| 2017-04-04 | CVE-2017-7413 | OS Command Injection vulnerability in Horde Groupware In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address. | 8.8 |
| 2017-04-04 | CVE-2017-7398 | Cross-Site Request Forgery (CSRF) vulnerability in D-Link Dir-615 Firmware 20.09 D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. | 8.8 |
| 2017-04-04 | CVE-2017-7228 | Improper Validation of Array Index vulnerability in XEN An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. | 8.2 |
| 2017-04-04 | CVE-2017-5683 | Unspecified vulnerability in Intel Hardware Accelerated Execution Manager 6.0.4 Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access. | 7.8 |
| 2017-04-04 | CVE-2017-3204 | Unspecified vulnerability in Golang Crypto The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. | 8.1 |
| 2017-04-04 | CVE-2014-9922 | Permissions, Privileges, and Access Controls vulnerability in multiple products The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c. | 7.8 |
| 2017-04-04 | CVE-2017-7412 | Unspecified vulnerability in Nixos 17.03 NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands. | 7.8 |
| 2017-04-03 | CVE-2017-7397 | Resource Exhaustion vulnerability in Backbox Linux 4.6 BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). | 7.5 |