Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-23 | CVE-2016-10109 | Use After Free vulnerability in multiple products Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function. | 7.5 |
| 2017-02-23 | CVE-2017-6100 | Exposure of Resource to Wrong Sphere vulnerability in Tcpdf Project Tcpdf tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. | 7.5 |
| 2017-02-23 | CVE-2017-6214 | Infinite Loop vulnerability in Linux Kernel The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. | 7.5 |
| 2017-02-23 | CVE-2016-8974 | XXE vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.1 |
| 2017-02-23 | CVE-2017-6206 | Information Exposure vulnerability in Dlink Websmart Dgs-1510 Series Firmware 1.31.B001 D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors. | 7.5 |
| 2017-02-22 | CVE-2017-5585 | Injection vulnerability in Opentext Documentum Content Server 7.3 OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. | 8.8 |
| 2017-02-22 | CVE-2016-9956 | Improper Access Control vulnerability in multiple products The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. | 7.5 |
| 2017-02-22 | CVE-2016-8636 | Integer Overflow or Wraparound vulnerability in Linux Kernel Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology. | 7.8 |
| 2017-02-22 | CVE-2014-4677 | Command Injection vulnerability in Gpgtools Libmacgpg 0.6 The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument. | 7.8 |
| 2017-02-22 | CVE-2017-3841 | Information Exposure vulnerability in Cisco Secure Access Control System 5.8(2.5) A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. | 7.5 |