Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-07 | CVE-2016-6241 | Integer Overflow or Wraparound vulnerability in Openbsd 5.8/5.9 Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value. | 7.8 |
| 2017-03-07 | CVE-2016-6240 | Numeric Errors vulnerability in Openbsd 5.8/5.9 Integer truncation error in the amap_alloc function in OpenBSD 5.8 and 5.9 allows local users to execute arbitrary code with kernel privileges via a large size value. | 7.8 |
| 2017-03-07 | CVE-2016-4950 | Information Exposure vulnerability in Cloudera Manager Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions. | 7.5 |
| 2017-03-07 | CVE-2016-4949 | Information Exposure vulnerability in Cloudera Manager Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs. | 7.5 |
| 2017-03-07 | CVE-2016-9164 | Path Traversal vulnerability in CA Unified Infrastructure Management Directory traversal vulnerability in diag.jsp file in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) 8.4 SP1 and earlier and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |
| 2017-03-07 | CVE-2016-6244 | Improper Input Validation vulnerability in Openbsd 5.9 The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative "ts.tv_sec" value. | 7.5 |
| 2017-03-06 | CVE-2017-6411 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dsl-2730U Firmware In1.00 Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password. | 8.8 |
| 2017-03-06 | CVE-2017-5999 | Inadequate Encryption Strength vulnerability in Syspass 2.0 An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. | 7.5 |
| 2017-03-06 | CVE-2017-5633 | Cross-Site Request Forgery (CSRF) vulnerability in D-Link Di-524 Firmware 9.01 Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs. | 8.0 |
| 2017-03-06 | CVE-2016-10244 | Out-of-bounds Read vulnerability in multiple products The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file. | 7.8 |