Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-06-05 CVE-2017-8837 Insufficiently Protected Credentials vulnerability in Peplink products
Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093.
network
low complexity
peplink CWE-522
critical
9.8
2017-06-05 CVE-2017-8835 SQL Injection vulnerability in Peplink products
SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093.
network
low complexity
peplink CWE-89
critical
9.8
2017-06-05 CVE-2017-9430 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dnstracer Project Dnstracer 1.9
Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0].
network
low complexity
dnstracer-project CWE-119
critical
9.8
2017-06-05 CVE-2017-9433 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libmwaw Project Libmwaw 0.3.11
Document Liberation Project libmwaw before 2017-04-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in lib/MsWrd1Parser.cxx.
network
low complexity
libmwaw-project CWE-119
critical
9.8
2017-06-05 CVE-2017-9432 Out-of-bounds Write vulnerability in Libstaroffice Project Libstaroffice 0.0.3
Document Liberation Project libstaroffice before 2017-04-07 has an out-of-bounds write caused by a stack-based buffer overflow related to the DatabaseName::read function in lib/StarWriterStruct.cxx.
network
low complexity
libstaroffice-project CWE-787
critical
9.8
2017-06-05 CVE-2017-9431 Out-of-bounds Write vulnerability in Grpc
Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.
network
low complexity
grpc CWE-787
critical
9.8
2017-06-04 CVE-2017-9417 Unspecified vulnerability in Broadcom Bcm43Xx Wi-Fi Chipset Firmware
Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.
network
low complexity
broadcom
critical
9.8
2017-06-02 CVE-2017-9364 Unrestricted Upload of File with Dangerous Type vulnerability in Bigtreecms Bigtree CMS
Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.
network
low complexity
bigtreecms CWE-434
critical
9.8
2017-06-02 CVE-2017-9363 Deserialization of Untrusted Data vulnerability in Soffid IAM 1.7.4
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request.
network
low complexity
soffid CWE-502
critical
9.8
2017-06-02 CVE-2017-9360 SQL Injection vulnerability in Websitebaker 2.10.0
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.
network
low complexity
websitebaker CWE-89
critical
9.8