Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-31 | CVE-2017-16945 | Incorrect Permission Assignment for Critical Resource vulnerability in Haystacksoftware ARQ The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path. | 7.8 |
| 2018-01-31 | CVE-2017-16928 | Incorrect Permission Assignment for Critical Resource vulnerability in Haystacksoftware ARQ The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip. | 7.8 |
| 2018-01-31 | CVE-2017-15656 | Insufficiently Protected Credentials vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743 Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt. | 8.8 |
| 2018-01-31 | CVE-2017-15654 | Use of Insufficiently Random Values vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743 Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access. | 8.3 |
| 2018-01-31 | CVE-2017-15653 | Insufficient Session Expiration vulnerability in Asus Asuswrt Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string. | 8.8 |
| 2018-01-31 | CVE-2018-6475 | Untrusted Search Path vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges. | 7.8 |
| 2018-01-31 | CVE-2018-6474 | Improper Input Validation vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402148. | 7.8 |
| 2018-01-31 | CVE-2018-6473 | Improper Input Validation vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402080. | 7.8 |
| 2018-01-31 | CVE-2018-6472 | Improper Input Validation vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40204c. | 7.8 |
| 2018-01-31 | CVE-2018-6471 | Improper Input Validation vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402078. | 7.8 |