Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-31 CVE-2017-16945 Incorrect Permission Assignment for Critical Resource vulnerability in Haystacksoftware ARQ
The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path.
local
low complexity
haystacksoftware CWE-732
7.8
2018-01-31 CVE-2017-16928 Incorrect Permission Assignment for Critical Resource vulnerability in Haystacksoftware ARQ
The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.
local
low complexity
haystacksoftware CWE-732
7.8
2018-01-31 CVE-2017-15656 Insufficiently Protected Credentials vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743
Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.
network
low complexity
asus CWE-522
8.8
2018-01-31 CVE-2017-15654 Use of Insufficiently Random Values vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743
Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.
network
high complexity
asus CWE-330
8.3
2018-01-31 CVE-2017-15653 Insufficient Session Expiration vulnerability in Asus Asuswrt
Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string.
network
low complexity
asus CWE-613
8.8
2018-01-31 CVE-2018-6475 Untrusted Search Path vulnerability in Superantispyware 6.0.1254
In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges.
local
low complexity
superantispyware CWE-426
7.8
2018-01-31 CVE-2018-6474 Improper Input Validation vulnerability in Superantispyware 6.0.1254
In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402148.
local
low complexity
superantispyware CWE-20
7.8
2018-01-31 CVE-2018-6473 Improper Input Validation vulnerability in Superantispyware 6.0.1254
In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402080.
local
low complexity
superantispyware CWE-20
7.8
2018-01-31 CVE-2018-6472 Improper Input Validation vulnerability in Superantispyware 6.0.1254
In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40204c.
local
low complexity
superantispyware CWE-20
7.8
2018-01-31 CVE-2018-6471 Improper Input Validation vulnerability in Superantispyware 6.0.1254
In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402078.
local
low complexity
superantispyware CWE-20
7.8