Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-09 | CVE-2016-5727 | Code Injection vulnerability in Simplemachines Simple Machines Forum 2.1 LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. | 8.8 |
| 2017-02-09 | CVE-2016-4986 | Path Traversal vulnerability in Jenkins TAP Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter. | 7.5 |
| 2017-02-09 | CVE-2016-3102 | 7PK - Security Features vulnerability in Jenkins Script Security The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations. | 7.3 |
| 2017-02-09 | CVE-2016-2147 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. | 7.5 |
| 2017-02-09 | CVE-2016-10199 | Out-of-bounds Read vulnerability in Gstreamer Project Gstreamer The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value. | 7.5 |
| 2017-02-09 | CVE-2015-8832 | Improper Access Control vulnerability in Dotclear Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code by uploading a file with a (1) .pht, (2) .phps, or (3) .phtml extension. | 8.8 |
| 2017-02-09 | CVE-2015-6023 | Improper Access Control vulnerability in Netcommwireless Hspa 3G10Wve Firmware 3G10Wvel101S306Etsc01R03 ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. | 7.3 |
| 2017-02-08 | CVE-2016-5934 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Storage Manager Fastback IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. | 7.3 |
| 2017-02-08 | CVE-2016-0214 | Improper Access Control vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. | 7.8 |
| 2017-02-08 | CVE-2017-0450 | Unspecified vulnerability in Google Android An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. | 7.8 |