Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-23 | CVE-2016-5747 | Improper Access Control vulnerability in Novell Edirectory A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies. | 7.5 |
| 2017-03-23 | CVE-2016-1602 | Code Injection vulnerability in Suse products A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). | 7.8 |
| 2017-03-23 | CVE-2016-1597 | Permissions, Privileges, and Access Controls vulnerability in Netiq Access Governance Suite A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator. | 8.8 |
| 2017-03-23 | CVE-2017-7235 | Improper Input Validation vulnerability in Cloudflare-Scrape Project Cloudflare-Scrape An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. | 8.8 |
| 2017-03-22 | CVE-2017-3864 | Unspecified vulnerability in Cisco IOS A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 8.6 |
| 2017-03-22 | CVE-2017-3859 | Use of Externally-Controlled Format String vulnerability in Cisco IOS XE A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. | 7.5 |
| 2017-03-22 | CVE-2017-3858 | Improper Input Validation vulnerability in Cisco IOS XE 16.2/16.2.1 A vulnerability in the web framework of Cisco IOS XE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges. | 8.8 |
| 2017-03-22 | CVE-2017-3857 | Resource Exhaustion vulnerability in Cisco IOS A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. | 7.5 |
| 2017-03-22 | CVE-2017-3856 | Resource Exhaustion vulnerability in Cisco IOS XE A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. | 7.5 |
| 2017-03-22 | CVE-2017-3852 | Improper Input Validation vulnerability in Cisco IOX 1.1.0/1.1(0) A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected device. | 8.1 |