Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-10 CVE-2016-8237 Permissions, Privileges, and Access Controls vulnerability in Lenovo Updates
Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code.
network
high complexity
lenovo CWE-264
8.1
2017-04-10 CVE-2016-8235 Permissions, Privileges, and Access Controls vulnerability in Lenovo Customer Care Software Development KIT 2.0.16
Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges.
local
low complexity
lenovo CWE-264
7.8
2017-04-10 CVE-2016-10323 Permissions, Privileges, and Access Controls vulnerability in Synology Photo Station
Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.
local
low complexity
synology CWE-264
7.8
2017-04-10 CVE-2016-10322 Command Injection vulnerability in Synology Photo Station
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.
network
low complexity
synology CWE-77
8.8
2017-04-10 CVE-2017-7622 Missing Authorization vulnerability in Deepin Desktop Environment
dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus.
network
low complexity
deepin CWE-862
8.8
2017-04-10 CVE-2016-5041 NULL Pointer Dereference vulnerability in Libdwarf Project Libdwarf
dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.
network
low complexity
libdwarf-project CWE-476
7.5
2017-04-10 CVE-2017-7185 Use After Free vulnerability in Cesanta Mongoose Embedded web Server Library and Mongoose OS
Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string.
network
low complexity
cesanta CWE-416
7.5
2017-04-10 CVE-2017-5988 Unspecified vulnerability in Netapp Clustered Data Ontap
NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enabled, allows remote attackers to cause a denial of service via unspecified vectors.
network
low complexity
netapp
7.5
2017-04-10 CVE-2016-6879 Key Management Errors vulnerability in Botan Project Botan
The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value.
network
low complexity
botan-project CWE-320
7.5
2017-04-10 CVE-2015-7825 Unspecified vulnerability in Botan Project Botan
botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain.
network
low complexity
botan-project
7.5