Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-05 | CVE-2017-10913 | Unspecified vulnerability in XEN The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1. | 9.8 |
| 2017-07-05 | CVE-2017-10912 | Unspecified vulnerability in XEN Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217. | 10.0 |
| 2017-07-04 | CVE-2017-10804 | Missing Authentication for Critical Function vulnerability in Odoo 10.0/8.0/9.0 In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 characters are truncated before reaching the database layer. | 9.8 |
| 2017-07-04 | CVE-2017-10807 | Improper Authentication vulnerability in Jabberd2 JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled. | 9.8 |
| 2017-07-04 | CVE-2017-7317 | Information Exposure vulnerability in Humaxdigital Hg100R Firmware 2.0.6 An issue was discovered on Humax Digital HG100 2.0.6 devices. | 9.8 |
| 2017-07-04 | CVE-2017-7315 | Insufficiently Protected Credentials vulnerability in Humaxdigital Hg100R Firmware 2.0.6 An issue was discovered on Humax Digital HG100R 2.0.6 devices. | 9.8 |
| 2017-07-03 | CVE-2017-9248 | Insufficiently Protected Credentials vulnerability in multiple products Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. | 9.8 |
| 2017-07-03 | CVE-2017-7919 | Improper Authentication vulnerability in Newport Xps-Cx Firmware and Xps-Qx Firmware An Improper Authentication issue was discovered in Newport XPS-Cx and XPS-Qx. | 9.8 |
| 2017-07-03 | CVE-2017-8116 | OS Command Injection vulnerability in Teltonika products The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request. | 9.8 |
| 2017-07-01 | CVE-2017-10788 | Use After Free vulnerability in Dbd-Mysql Project Dbd-Mysql The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. | 9.8 |