Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-24 | CVE-2017-3234 | Unspecified vulnerability in Oracle Automatic Service Request Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). | 9.8 |
| 2017-04-24 | CVE-2016-6903 | Permissions, Privileges, and Access Controls vulnerability in Lshell Project Lshell 0.9.16 lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. | 9.9 |
| 2017-04-24 | CVE-2016-6902 | Permissions, Privileges, and Access Controls vulnerability in Lshell Project Lshell 0.9.16 lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands. | 9.9 |
| 2017-04-24 | CVE-2011-3428 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Quicktime 4.1.2/7.7.6 Buffer overflow in QuickTime before 7.7.1 for Windows allows remote attackers to execute arbitrary code. | 9.8 |
| 2017-04-24 | CVE-2017-8105 | Out-of-bounds Write vulnerability in multiple products FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c. | 9.8 |
| 2017-04-24 | CVE-2015-7568 | SQL Injection vulnerability in Yeager CMS 1.2.1 SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter. | 9.8 |
| 2017-04-24 | CVE-2015-7247 | Information Exposure vulnerability in D-Link Dvg-N5402Sp Firmware W1000Cn00/W1000Cn03/W2000En00 D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information. | 9.8 |
| 2017-04-24 | CVE-2015-7246 | Use of Hard-coded Credentials vulnerability in D-Link Dvg-N5402Sp Firmware W1000Cn00/W1000Cn03/W2000En00 D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. | 9.8 |
| 2017-04-24 | CVE-2017-2320 | Information Exposure vulnerability in Juniper Northstar Controller 2.1.0 A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials. | 10.0 |
| 2017-04-24 | CVE-2014-9654 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted string, a related issue to CVE-2014-7923. | 9.8 |