Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-02-09 | CVE-2016-3102 | 7PK - Security Features vulnerability in Jenkins Script Security The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations. | 7.3 |
2017-02-09 | CVE-2016-2147 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. | 7.5 |
2017-02-09 | CVE-2016-10199 | Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value. | 7.5 |
2017-02-09 | CVE-2015-8832 | Improper Access Control vulnerability in Dotclear Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code by uploading a file with a (1) .pht, (2) .phps, or (3) .phtml extension. | 8.8 |
2017-02-09 | CVE-2015-6023 | Improper Access Control vulnerability in Netcommwireless Hspa 3G10Wve Firmware 3G10Wvel101S306Etsc01R03 ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. | 7.3 |
2017-02-08 | CVE-2016-5934 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager Fastback IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. | 7.3 |
2017-02-08 | CVE-2016-0214 | Improper Access Control vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. | 7.8 |
2017-02-08 | CVE-2017-0450 | Unspecified vulnerability in Google Android An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. | 7.8 |
2017-02-08 | CVE-2017-0449 | An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | 7.0 |
2017-02-08 | CVE-2017-0447 | An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. | 7.0 |