Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-07 | CVE-2017-0561 | Out-of-bounds Write vulnerability in Linux Kernel 3.10/3.18 A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. | 9.8 |
| 2017-04-07 | CVE-2007-6760 | Improper Authentication vulnerability in Dataprobe Ibootbar Firmware 20070920 Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie. | 9.8 |
| 2017-04-07 | CVE-2007-6759 | Improper Authentication vulnerability in Dataprobe Ibootbar Firmware 20070920 Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie. | 9.8 |
| 2017-04-07 | CVE-2017-7581 | SQL Injection vulnerability in News System Project News System SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed. | 9.8 |
| 2017-04-07 | CVE-2017-7577 | Path Traversal vulnerability in Xiongmaitech Uc-Httpd XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request. | 9.8 |
| 2017-04-06 | CVE-2017-7576 | Use of Hard-coded Credentials vulnerability in Dragonwavex Horizon Wireless Radio Firmware 1.01.03 DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. | 9.8 |
| 2017-04-06 | CVE-2017-7575 | Information Exposure vulnerability in Schneider-Electric Modicon Tm221Ce16R Firmware 1.3.3.3 Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus port (502/tcp). | 9.8 |
| 2017-04-06 | CVE-2017-7574 | Use of Hard-coded Credentials vulnerability in Schneider-Electric Modicon Tm221Ce16R Firmware and Somachine Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. | 9.8 |
| 2017-04-06 | CVE-2016-8735 | Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. | 9.8 |
| 2017-04-06 | CVE-2016-6809 | Deserialization of Untrusted Data vulnerability in Apache Nutch and Tika Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. | 9.8 |