Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-27 | CVE-2016-8385 | Out-of-bounds Write vulnerability in Iceni Argus 6.6.04 An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. | 7.8 |
| 2017-02-27 | CVE-2017-2683 | Cross-site Scripting vulnerability in Siemens Ruggedcom Network Management Software 2.0.2 A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions. | 8.2 |
| 2017-02-27 | CVE-2017-2682 | Cross-Site Request Forgery (CSRF) vulnerability in Siemens Ruggedcom Network Management Software 2.0.2 The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request. | 8.8 |
| 2017-02-27 | CVE-2017-6343 | Improper Authentication vulnerability in Dahuasecurity Camera Firmware, NVR Firmware and Smartpss Firmware The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117. | 8.1 |
| 2017-02-27 | CVE-2017-5927 | Information Exposure vulnerability in multiple products Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. | 7.5 |
| 2017-02-27 | CVE-2017-5926 | Information Exposure vulnerability in multiple products Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. | 7.5 |
| 2017-02-27 | CVE-2017-5925 | Information Exposure vulnerability in multiple products Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. | 7.5 |
| 2017-02-26 | CVE-2017-0037 | Type Confusion vulnerability in Microsoft Edge and Internet Explorer Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element. | 8.1 |
| 2017-02-24 | CVE-2017-2791 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Justsystems Ichitaro 2016 JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. | 7.8 |
| 2017-02-24 | CVE-2016-4041 | Permissions, Privileges, and Access Controls vulnerability in Plone Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors. | 7.3 |