Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-21 | CVE-2016-1557 | Information Exposure vulnerability in Netgear products Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. | 9.8 |
| 2017-04-21 | CVE-2016-1555 | Command Injection vulnerability in Netgear products (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. | 9.8 |
| 2017-04-20 | CVE-2017-5158 | Information Exposure vulnerability in Aveva Wonderware Intouch Access Anywhere 11.5.2 An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. | 9.8 |
| 2017-04-20 | CVE-2016-8721 | OS Command Injection vulnerability in Moxa Awk-3131A Firmware 1.1 An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. | 9.1 |
| 2017-04-20 | CVE-2016-5762 | Integer Overflow or Wraparound vulnerability in Novell Groupwise Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow. | 9.8 |
| 2017-04-20 | CVE-2016-1219 | Improper Authentication vulnerability in Cybozu Garoon Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. | 9.8 |
| 2017-04-20 | CVE-2017-7938 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mor-Pah.Net Dmitry Deepmagic Information Gathering Tool 1.3A Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. | 9.8 |
| 2017-04-19 | CVE-2017-7964 | Insecure Default Initialization of Resource vulnerability in Zyxel Wre6505 Firmware V1.00(Aaqb.3)C0 Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process. | 10.0 |
| 2017-04-17 | CVE-2017-5645 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | 9.8 |
| 2017-04-17 | CVE-2017-5651 | Unspecified vulnerability in Apache Tomcat In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. | 9.8 |