Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-23 | CVE-2017-6214 | Infinite Loop vulnerability in Linux Kernel The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. | 7.5 |
| 2017-02-23 | CVE-2016-8974 | XXE vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.1 |
| 2017-02-23 | CVE-2017-6206 | Information Exposure vulnerability in Dlink Websmart Dgs-1510 Series Firmware 1.31.B001 D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors. | 7.5 |
| 2017-02-22 | CVE-2017-5585 | Injection vulnerability in Opentext Documentum Content Server 7.3 OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. | 8.8 |
| 2017-02-22 | CVE-2016-9956 | Improper Access Control vulnerability in multiple products The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script. | 7.5 |
| 2017-02-22 | CVE-2016-8636 | Integer Overflow or Wraparound vulnerability in Linux Kernel Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology. | 7.8 |
| 2017-02-22 | CVE-2014-4677 | Command Injection vulnerability in Gpgtools Libmacgpg 0.6 The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument. | 7.8 |
| 2017-02-22 | CVE-2017-3841 | Information Exposure vulnerability in Cisco Secure Access Control System 5.8(2.5) A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. | 7.5 |
| 2017-02-22 | CVE-2017-3837 | Improper Input Validation vulnerability in Cisco Meeting Server An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. | 8.1 |
| 2017-02-22 | CVE-2017-3835 | SQL Injection vulnerability in Cisco Identity Services Engine Software 1.4(0.908) A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. | 8.8 |