Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-01 | CVE-2016-1608 | Improper Access Control vulnerability in Novell Filr 1.2/2.0 vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter. | 8.8 |
| 2016-08-01 | CVE-2016-1607 | Cross-Site Request Forgery (CSRF) vulnerability in Novell Filr 1.2/2.0 Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request. | 7.2 |
| 2016-08-01 | CVE-2016-1461 | Improper Input Validation vulnerability in Cisco Asyncos Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932. | 7.5 |
| 2016-07-28 | CVE-2016-4469 | Cross-Site Request Forgery (CSRF) vulnerability in Apache Archiva Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add new repository proxy connectors via the token parameter to admin/addProxyConnector_commit.action, (2) new repositories via the token parameter to admin/addRepository_commit.action, (3) edit existing repositories via the token parameter to admin/editRepository_commit.action, (4) add legacy artifact paths via the token parameter to admin/addLegacyArtifactPath_commit.action, (5) change the organizational appearance via the token parameter to admin/saveAppearance.action, or (6) upload new artifacts via the token parameter to upload_submit.action. | 8.8 |
| 2016-07-28 | CVE-2016-4531 | Improper Authorization vulnerability in Rockwellautomation Factorytalk Energrymetrix 2.10.00 Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon a logout action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 7.3 |
| 2016-07-28 | CVE-2016-1463 | Improper Input Validation vulnerability in Cisco Firesight System Software Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737. | 7.5 |
| 2016-07-28 | CVE-2016-1374 | Improper Input Validation vulnerability in Cisco Unified Computing System Performance Manager The web framework in Cisco Unified Computing System (UCS) Performance Manager 2.0.0 and earlier allows remote authenticated users to execute arbitrary commands via crafted parameters in a GET request, aka Bug ID CSCuy07827. | 8.8 |
| 2016-07-26 | CVE-2015-5738 | Information Exposure vulnerability in multiple products The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack. | 7.5 |
| 2016-07-26 | CVE-2016-6152 | CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors. | 8.8 |
| 2016-07-26 | CVE-2016-6151 | Unspecified vulnerability in CA Ehealth 6.2/6.2.1/6.2.2 CA eHealth 6.2.x allows remote authenticated users to cause a denial of service or possibly execute arbitrary commands via unspecified vectors. | 8.8 |