Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-04-10 | CVE-2016-8237 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Updates Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code. | 8.1 |
2017-04-10 | CVE-2016-8235 | Permissions, Privileges, and Access Controls vulnerability in Lenovo Customer Care Software Development KIT 2.0.16 Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges. | 7.8 |
2017-04-10 | CVE-2016-10323 | Permissions, Privileges, and Access Controls vulnerability in Synology Photo Station Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command. | 7.8 |
2017-04-10 | CVE-2016-10322 | Command Injection vulnerability in Synology Photo Station Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php. | 8.8 |
2017-04-10 | CVE-2017-7622 | Missing Authorization vulnerability in Deepin Desktop Environment dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. | 8.8 |
2017-04-10 | CVE-2016-5041 | NULL Pointer Dereference vulnerability in Libdwarf Project Libdwarf dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name. | 7.5 |
2017-04-10 | CVE-2017-7185 | Use After Free vulnerability in Cesanta Mongoose Embedded web Server Library and Mongoose OS Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string. | 7.5 |
2017-04-10 | CVE-2017-5988 | Unspecified vulnerability in Netapp Clustered Data Ontap NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors. | 7.5 |
2017-04-10 | CVE-2016-6879 | Key Management Errors vulnerability in Botan Project Botan The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value. | 7.5 |
2017-04-10 | CVE-2015-7825 | Unspecified vulnerability in Botan Project Botan botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain. | 7.5 |