Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-24 | CVE-2015-8556 | Race Condition vulnerability in Qemu Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. | 10.0 |
| 2017-03-23 | CVE-2017-6950 | Incorrect Permission Assignment for Critical Resource vulnerability in SAP GUI for Windows SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended security policy restrictions and execute arbitrary code via a crafted ABAP code, aka SAP Security Note 2407616. | 9.8 |
| 2017-03-23 | CVE-2017-6895 | XXE vulnerability in USB Pratirodh Project USB Pratirodh USB Pratirodh allows remote attackers to conduct XML External Entity (XXE) attacks via XML data in usb.xml. | 9.8 |
| 2017-03-23 | CVE-2017-6517 | Uncontrolled Search Path Element vulnerability in Microsoft Skype 7.16.0.102 Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. | 9.8 |
| 2017-03-23 | CVE-2015-8626 | Credentials Management vulnerability in Mediawiki The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack. | 9.8 |
| 2017-03-23 | CVE-2015-5729 | Information Exposure vulnerability in Samsung products The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain sensitive information or bypass authentication via a brute-force attack. | 9.8 |
| 2017-03-23 | CVE-2015-4166 | Key Management Errors vulnerability in Cloudera KEY Trustee Server 5.4.2 Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key. | 9.8 |
| 2017-03-23 | CVE-2015-0855 | Code Injection vulnerability in Pitivi 0.94 The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path. | 9.8 |
| 2017-03-23 | CVE-2014-8731 | Deserialization of Untrusted Data vulnerability in PHPmemcachedadmin Project PHPmemcachedadmin 1.2.2 PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot. | 9.8 |
| 2017-03-23 | CVE-2014-7279 | Permissions, Privileges, and Access Controls vulnerability in Kankunit Konke Smart Plug Firmware K The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23. | 9.8 |