Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-31 | CVE-2016-9707 | XXE vulnerability in IBM products IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.1 |
| 2017-03-31 | CVE-2016-8917 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling Selling and Fulfillment Foundation IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-03-31 | CVE-2017-3009 | Out-of-bounds Read vulnerability in Adobe products Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. | 7.5 |
| 2017-03-31 | CVE-2015-4624 | Improper Access Control vulnerability in Hak5 Wi-Fi Pineapple Firmware Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. | 7.5 |
| 2017-03-31 | CVE-2014-9114 | Command Injection vulnerability in multiple products Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. | 7.8 |
| 2017-03-31 | CVE-2017-2647 | NULL Pointer Dereference vulnerability in Linux Kernel The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. | 7.8 |
| 2017-03-30 | CVE-2017-7253 | Insecure Storage of Sensitive Information vulnerability in Dahuasecurity IP Camera Firmware 3.200.0001.6 Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: 1. | 8.8 |
| 2017-03-30 | CVE-2017-6412 | Session Fixation vulnerability in Sophos web Appliance In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310. | 8.1 |
| 2017-03-30 | CVE-2017-6183 | Command Injection vulnerability in Sophos web Appliance In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314. | 7.2 |
| 2017-03-30 | CVE-2017-5185 | Improper Input Validation vulnerability in Microfocus Sentinel 8.0/8.0.0.1 A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service. | 7.5 |