Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-31 | CVE-2017-16928 | Incorrect Permission Assignment for Critical Resource vulnerability in Haystacksoftware ARQ The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip. | 7.8 |
| 2018-01-31 | CVE-2017-15656 | Insufficiently Protected Credentials vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743 Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt. | 8.8 |
| 2018-01-31 | CVE-2017-15654 | Use of Insufficiently Random Values vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743 Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access. | 8.3 |
| 2018-01-31 | CVE-2017-15653 | Insufficient Session Expiration vulnerability in Asus Asuswrt Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string. | 8.8 |
| 2018-01-31 | CVE-2018-6475 | Untrusted Search Path vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges. | 7.8 |
| 2018-01-31 | CVE-2018-6474 | Improper Input Validation vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402148. | 7.8 |
| 2018-01-31 | CVE-2018-6473 | Improper Input Validation vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402080. | 7.8 |
| 2018-01-31 | CVE-2018-6472 | Improper Input Validation vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40204c. | 7.8 |
| 2018-01-31 | CVE-2018-6471 | Improper Input Validation vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402078. | 7.8 |
| 2018-01-31 | CVE-2018-6462 | Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Viewer and Viewer AX SDK Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document. | 7.8 |