Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-14 | CVE-2016-8027 | SQL Injection vulnerability in Mcafee Epolicy Orchestrator SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post. | 10.0 |
| 2017-03-14 | CVE-2014-9921 | Permissions, Privileges, and Access Controls vulnerability in Mcafee Cloud Analysis and Deconstructive Services 1.0.0.3/1.0.0.4D Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, and remove users via a configuration error. | 9.8 |
| 2017-03-14 | CVE-2017-5668 | NULL Pointer Dereference vulnerability in Bitlbee and Bitlbee-Libpurple bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. | 9.8 |
| 2017-03-14 | CVE-2016-10188 | Use After Free vulnerability in Bitlbee Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire. | 9.8 |
| 2017-03-14 | CVE-2013-4659 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. | 9.8 |
| 2017-03-13 | CVE-2017-6080 | Cross-Site Request Forgery (CSRF) vulnerability in Zammad An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. | 9.8 |
| 2017-03-13 | CVE-2017-5929 | Deserialization of Untrusted Data vulnerability in multiple products QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. | 9.8 |
| 2017-03-13 | CVE-2017-5674 | Information Exposure vulnerability in Embedthis Goahead A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the request) request that will disclose the configuration file with the login password. | 9.8 |
| 2017-03-13 | CVE-2017-5619 | Improper Authentication vulnerability in Zammad An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. | 9.8 |
| 2017-03-12 | CVE-2017-5626 | Unspecified vulnerability in Oneplus Oxygenos 3.2.8/3.5.4 OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. | 9.8 |