Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-07 | CVE-2016-3180 | 7PK - Security Features vulnerability in TOR Browser Launcher Project TOR Browser Launcher 0.2.3 Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature. | 8.1 |
| 2017-02-07 | CVE-2016-3063 | Improper Encoding or Escaping of Output vulnerability in Netapp Oncommand System Manager Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors. | 7.5 |
| 2017-02-07 | CVE-2016-1894 | Improper Access Control vulnerability in Netapp Oncommand Workflow Automation 2.2.1/3.0/3.1 NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors. | 8.1 |
| 2017-02-07 | CVE-2016-1502 | Improper Authentication vulnerability in Netapp Snapcenter Server 1.0 NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. | 7.3 |
| 2017-02-07 | CVE-2015-8544 | Information Exposure vulnerability in Netapp Snapdrive NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors. | 7.5 |
| 2017-02-07 | CVE-2015-8322 | Unspecified vulnerability in Netapp Data Ontap 8.3/8.3.1 NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors. | 8.8 |
| 2017-02-07 | CVE-2015-7599 | Integer Overflow or Wraparound vulnerability in Windriver Vxworks Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password. | 8.1 |
| 2017-02-07 | CVE-2016-6104 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system. | 7.2 |
| 2017-02-07 | CVE-2016-7164 | Improper Input Validation vulnerability in Libtorrent 1.1 The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response. | 7.5 |
| 2017-02-07 | CVE-2016-6131 | Improper Input Validation vulnerability in GNU Libiberty The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. | 7.5 |