Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-16 | CVE-2017-6377 | Incorrect Authorization vulnerability in Drupal When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass. | 7.5 |
| 2017-03-15 | CVE-2017-3854 | Improper Authentication vulnerability in Cisco products A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. | 8.8 |
| 2017-03-15 | CVE-2017-3846 | Improper Input Validation vulnerability in Cisco Tidal Enterprise Scheduler A vulnerability in the Client Manager Server of Cisco Workload Automation and Cisco Tidal Enterprise Scheduler could allow an unauthenticated, remote attacker to retrieve any file from the Client Manager Server. | 8.6 |
| 2017-03-15 | CVE-2017-3819 | Missing Authentication for Critical Function vulnerability in Cisco ASR 5000 Series Software and Virtualized Packet Core A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. | 8.8 |
| 2017-03-15 | CVE-2015-8982 | Integer Overflow or Wraparound vulnerability in GNU Glibc Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. | 8.1 |
| 2017-03-15 | CVE-2015-8895 | Integer Overflow or Wraparound vulnerability in Imagemagick Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow. | 7.5 |
| 2017-03-15 | CVE-2017-6914 | Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS 4.1.8/4.2.16 CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. | 7.1 |
| 2017-03-15 | CVE-2017-6429 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Broadcom Tcpreplay Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet. | 7.8 |
| 2017-03-15 | CVE-2017-6189 | Untrusted Search Path vulnerability in Amazon Kindle for PC 1.17.44183/1.3.0.30884 Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working directory of the Kindle Setup installer. | 7.3 |
| 2017-03-15 | CVE-2017-5580 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Virglrenderer Project Virglrenderer 0.2.0/0.4.0/0.5.0 The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process crash) via a crafted texture instruction. | 7.1 |