Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-03-28 CVE-2014-6440 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC 2.1.4
VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.
network
low complexity
videolan CWE-119
critical
9.8
2017-03-28 CVE-2016-10152 Permissions, Privileges, and Access Controls vulnerability in Hesiod Project Hesiod
The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache.
network
low complexity
hesiod-project CWE-264
critical
9.8
2017-03-28 CVE-2016-9470 7PK - Security Features vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download.
network
low complexity
revive-adserver CWE-254
critical
9.0
2017-03-28 CVE-2016-9125 Session Fixation vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication.
network
low complexity
revive-adserver CWE-384
critical
9.8
2017-03-28 CVE-2016-9124 Improper Authentication vulnerability in Revive-Adserver Revive Adserver
Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts.
network
low complexity
revive-adserver CWE-287
critical
9.8
2017-03-28 CVE-2016-9121 Inadequate Encryption Strength vulnerability in Go-Jose Project Go-Jose
go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm.
network
low complexity
go-jose-project CWE-326
critical
9.1
2017-03-27 CVE-2017-7191 Use After Free vulnerability in Irssi
The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors.
network
low complexity
irssi CWE-416
critical
9.8
2017-03-27 CVE-2017-6542 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.
network
low complexity
putty opensuse-project opensuse CWE-119
critical
9.8
2017-03-27 CVE-2017-7269 Classic Buffer Overflow vulnerability in Microsoft Internet Information Services 6.0
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
network
low complexity
microsoft CWE-120
critical
9.8
2017-03-27 CVE-2017-6013 SQL Injection vulnerability in Intelliants Subrion CMS 4.0.5.10
Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter.
network
low complexity
intelliants CWE-89
critical
9.8