Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-05 | CVE-2017-8837 | Insufficiently Protected Credentials vulnerability in Peplink products Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. | 9.8 |
| 2017-06-05 | CVE-2017-8835 | SQL Injection vulnerability in Peplink products SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. | 9.8 |
| 2017-06-05 | CVE-2017-9430 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dnstracer Project Dnstracer 1.9 Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. | 9.8 |
| 2017-06-05 | CVE-2017-9433 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libmwaw Project Libmwaw 0.3.11 Document Liberation Project libmwaw before 2017-04-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in lib/MsWrd1Parser.cxx. | 9.8 |
| 2017-06-05 | CVE-2017-9432 | Out-of-bounds Write vulnerability in Libstaroffice Project Libstaroffice 0.0.3 Document Liberation Project libstaroffice before 2017-04-07 has an out-of-bounds write caused by a stack-based buffer overflow related to the DatabaseName::read function in lib/StarWriterStruct.cxx. | 9.8 |
| 2017-06-05 | CVE-2017-9431 | Out-of-bounds Write vulnerability in Grpc Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c. | 9.8 |
| 2017-06-04 | CVE-2017-9417 | Unspecified vulnerability in Broadcom Bcm43Xx Wi-Fi Chipset Firmware Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. | 9.8 |
| 2017-06-02 | CVE-2017-9364 | Unrestricted Upload of File with Dangerous Type vulnerability in Bigtreecms Bigtree CMS Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code. | 9.8 |
| 2017-06-02 | CVE-2017-9363 | Deserialization of Untrusted Data vulnerability in Soffid IAM 1.7.4 Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request. | 9.8 |
| 2017-06-02 | CVE-2017-9360 | SQL Injection vulnerability in Websitebaker 2.10.0 WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php. | 9.8 |