Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-03-20 CVE-2016-4927 Improper Input Validation vulnerability in Juniper Junos Space
Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices.
network
high complexity
juniper CWE-20
8.1
2017-03-20 CVE-2016-6816 Improper Input Validation vulnerability in Apache Tomcat
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters.
network
low complexity
apache CWE-20
7.1
2017-03-20 CVE-2017-6803 Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds FTP Voyager 16.2.0
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml.
network
low complexity
solarwinds CWE-352
8.8
2017-03-20 CVE-2017-6318 Information Exposure vulnerability in multiple products
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.
network
low complexity
opensuse sane-backends-project CWE-200
7.5
2017-03-20 CVE-2017-6178 NULL Pointer Dereference vulnerability in Usbpcap Project Usbpcap 1.1.0.0
The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference.
local
low complexity
usbpcap-project CWE-476
7.8
2017-03-20 CVE-2017-6058 Classic Buffer Overflow vulnerability in Qemu
Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping.
network
low complexity
qemu CWE-120
7.5
2017-03-20 CVE-2017-5618 Incorrect Authorization vulnerability in GNU Screen
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.
local
low complexity
gnu CWE-863
7.8
2017-03-20 CVE-2017-1151 Unspecified vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID Connect (OIDC) configured with a Trust Association Interceptor (TAI) could allow a user to gain elevated privileges on the system.
network
high complexity
ibm
8.1
2017-03-20 CVE-2017-1145 Improper Resource Shutdown or Release vulnerability in IBM Websphere MQ 8.0.0.6
IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion.
network
low complexity
ibm CWE-404
8.6
2017-03-20 CVE-2017-1134 Unspecified vulnerability in IBM Power Hardware Management Console 3.3.2/4.1
IBM Reliable Scalable Cluster Technology could allow a local user to escalate their privileges to gain root access.
local
low complexity
ibm
7.8