Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-27 | CVE-2016-2572 | Improper Input Validation vulnerability in Squid-Cache Squid http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. | 7.5 |
| 2016-02-27 | CVE-2016-2571 | Improper Input Validation vulnerability in Squid-Cache Squid http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. | 7.5 |
| 2016-02-27 | CVE-2016-2570 | Improper Input Validation vulnerability in Squid-Cache Squid The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h. | 7.5 |
| 2016-02-27 | CVE-2016-2569 | Improper Input Validation vulnerability in Squid-Cache Squid Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header. | 7.5 |
| 2016-02-27 | CVE-2015-7262 | Source Code vulnerability in Qnap Iartist Lite and Signage Station QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remote authenticated users to gain privileges by registering an executable file, and then waiting for this file to be run in a privileged context after a reboot. | 7.5 |
| 2016-02-27 | CVE-2015-6036 | Unspecified vulnerability in Qnap Sinage Station 2.0.0 QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request. | 7.5 |
| 2016-02-27 | CVE-2015-6022 | Unspecified vulnerability in Qnap Signage Station 2.0 Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file via an unspecified URL. | 8.8 |
| 2016-02-26 | CVE-2016-1297 | OS Command Injection vulnerability in Cisco Application Control Engine Software The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801. | 8.8 |
| 2016-02-25 | CVE-2016-0714 | Permissions, Privileges, and Access Controls vulnerability in multiple products The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. | 8.8 |
| 2016-02-25 | CVE-2015-5351 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. | 8.8 |