Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-01 | CVE-2017-6520 | Channel and Path Errors vulnerability in Bose Soundtouch 30 The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. | 9.1 |
| 2017-05-01 | CVE-2017-6519 | Origin Validation Error vulnerability in multiple products avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. | 9.1 |
| 2017-04-30 | CVE-2017-8366 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ettercap Project Ettercap 0.8.2 The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted filter that is mishandled by etterfilter. | 9.8 |
| 2017-04-30 | CVE-2017-8359 | Out-of-bounds Write vulnerability in Grpc Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c. | 9.8 |
| 2017-04-30 | CVE-2017-8358 | Out-of-bounds Write vulnerability in Libreoffice LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx. | 9.8 |
| 2017-04-29 | CVE-2017-6553 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Quest Privilege Manager for Unix 6.0.050 Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory corruption in the pmmasterd daemon. | 9.8 |
| 2017-04-29 | CVE-2017-7945 | Information Exposure Through an Error Message vulnerability in Paloaltonetworks Pan-Os The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769. | 9.8 |
| 2017-04-28 | CVE-2016-8584 | Improper Access Control vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062 Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value. | 9.8 |
| 2017-04-28 | CVE-2017-2142 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iodata Wn-G300R3 Firmware 1.01/1.03 Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 9.8 |
| 2017-04-28 | CVE-2017-2096 | OS Command Injection vulnerability in Smalruby Smalruby-Editor smalruby-editor v0.4.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 9.8 |