Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-28 | CVE-2014-6440 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Videolan VLC 2.1.4 VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service. | 9.8 |
| 2017-03-28 | CVE-2016-10152 | Permissions, Privileges, and Access Controls vulnerability in Hesiod Project Hesiod The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache. | 9.8 |
| 2017-03-28 | CVE-2016-9470 | 7PK - Security Features vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. | 9.0 |
| 2017-03-28 | CVE-2016-9125 | Session Fixation vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. | 9.8 |
| 2017-03-28 | CVE-2016-9124 | Improper Authentication vulnerability in Revive-Adserver Revive Adserver Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. | 9.8 |
| 2017-03-28 | CVE-2016-9121 | Inadequate Encryption Strength vulnerability in Go-Jose Project Go-Jose go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. | 9.1 |
| 2017-03-27 | CVE-2017-7191 | Use After Free vulnerability in Irssi The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors. | 9.8 |
| 2017-03-27 | CVE-2017-6542 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow. | 9.8 |
| 2017-03-27 | CVE-2017-7269 | Classic Buffer Overflow vulnerability in Microsoft Internet Information Services 6.0 Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. | 9.8 |
| 2017-03-27 | CVE-2017-6013 | SQL Injection vulnerability in Intelliants Subrion CMS 4.0.5.10 Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter. | 9.8 |