Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-28 | CVE-2017-7895 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. | 9.8 |
| 2017-04-27 | CVE-2017-8305 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in 13Thmonkey Udfclient The UDFclient (before 0.8.8) custom strlcpy implementation has a buffer overflow. | 9.8 |
| 2017-04-27 | CVE-2017-8307 | Unspecified vulnerability in Avast Antivirus In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. | 9.8 |
| 2017-04-27 | CVE-2017-8297 | Path Traversal vulnerability in Simple-File-Manager Project Simple-File-Manager 20170419 A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component). | 9.8 |
| 2017-04-27 | CVE-2017-5135 | Unspecified vulnerability in Technicolor Dpc3928Sl Firmware D3928Slp1513A386C3420R55105160127A Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. | 9.1 |
| 2017-04-27 | CVE-2017-3066 | Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 10.0/11.0/2016 Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. | 9.8 |
| 2017-04-27 | CVE-2017-8289 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Riot Project Riot Stack-based buffer overflow in the ipv6_addr_from_str function in sys/net/network_layer/ipv6/addr/ipv6_addr_from_str.c in RIOT prior to 2017-04-25 allows local attackers, and potentially remote attackers, to cause a denial of service or possibly have unspecified other impact via a malformed IPv6 address. | 9.8 |
| 2017-04-27 | CVE-2017-8287 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freetype FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c. | 9.8 |
| 2017-04-26 | CVE-2017-8283 | Path Traversal vulnerability in Debian Dpkg dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. | 9.8 |
| 2017-04-25 | CVE-2017-8225 | Insufficiently Protected Credentials vulnerability in Wificam Wireless IP Camera (P2P) Firmware On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. | 9.8 |