Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-06 | CVE-2015-8965 | Permissions, Privileges, and Access Controls vulnerability in multiple products Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. | 9.8 |
| 2017-04-06 | CVE-2017-3834 | Insecure Default Initialization of Resource vulnerability in Cisco Aironet Access Point Firmware A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points running Cisco Mobility Express Software could allow an unauthenticated, remote attacker to take complete control of an affected device. | 9.8 |
| 2017-04-06 | CVE-2017-7237 | Unspecified vulnerability in Spiceworks 7.5 The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file. | 9.8 |
| 2017-04-06 | CVE-2017-0305 | Unspecified vulnerability in F5 SSL Intercept Iapp 1.5.0/1.5.7 F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic. | 9.8 |
| 2017-04-05 | CVE-2017-7450 | Improper Authentication vulnerability in Airtame Hdmi Dongle Firmware 2.1.1 AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. | 9.8 |
| 2017-04-04 | CVE-2016-10229 | Improperly Implemented Security Check for Standard vulnerability in multiple products udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. | 9.8 |
| 2017-04-03 | CVE-2017-7410 | SQL Injection vulnerability in Websitebaker Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter. | 9.8 |
| 2017-04-03 | CVE-2017-7402 | Code Injection vulnerability in Lucidcrew Pixie 1.04 Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg. | 9.8 |
| 2017-04-03 | CVE-2017-5642 | Incorrect Default Permissions vulnerability in Apache Ambari 2.4.0/2.4.1/2.4.2 During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs. | 9.8 |
| 2017-04-03 | CVE-2014-3928 | Improper Access Control vulnerability in LG Project LG Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials. | 9.8 |