Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-02-09 CVE-2016-3102 7PK - Security Features vulnerability in Jenkins Script Security
The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations.
network
low complexity
jenkins CWE-254
7.3
2017-02-09 CVE-2016-2147 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.
network
low complexity
busybox debian canonical CWE-190
7.5
2017-02-09 CVE-2016-10199 Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.
network
low complexity
gstreamer-project CWE-125
7.5
2017-02-09 CVE-2015-8832 Improper Access Control vulnerability in Dotclear
Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code by uploading a file with a (1) .pht, (2) .phps, or (3) .phtml extension.
network
low complexity
dotclear CWE-284
8.8
2017-02-09 CVE-2015-6023 Improper Access Control vulnerability in Netcommwireless Hspa 3G10Wve Firmware 3G10Wvel101S306Etsc01R03
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request.
network
low complexity
netcommwireless CWE-284
7.3
2017-02-08 CVE-2016-5934 Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager Fastback
IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system.
local
low complexity
ibm CWE-264
7.3
2017-02-08 CVE-2016-0214 Improper Access Control vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files.
local
low complexity
ibm CWE-284
7.8
2017-02-08 CVE-2017-0450 Unspecified vulnerability in Google Android
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process.
local
low complexity
google
7.8
2017-02-08 CVE-2017-0449 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
local
high complexity
google linux
7.0
2017-02-08 CVE-2017-0447 An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel.
local
high complexity
google linux
7.0