Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-31 | CVE-2017-15654 | Use of Insufficiently Random Values vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743 Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access. | 8.3 |
| 2018-01-31 | CVE-2017-15653 | Insufficient Session Expiration vulnerability in Asus Asuswrt Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string. | 8.8 |
| 2018-01-31 | CVE-2018-6475 | Untrusted Search Path vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe allows DLL hijacking, leading to Escalation of Privileges. | 7.8 |
| 2018-01-31 | CVE-2018-6474 | Improper Input Validation vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402148. | 7.8 |
| 2018-01-31 | CVE-2018-6473 | Improper Input Validation vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402080. | 7.8 |
| 2018-01-31 | CVE-2018-6472 | Improper Input Validation vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40204c. | 7.8 |
| 2018-01-31 | CVE-2018-6471 | Improper Input Validation vulnerability in Superantispyware 6.0.1254 In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file (SASKUTIL.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402078. | 7.8 |
| 2018-01-31 | CVE-2018-6462 | Out-of-bounds Write vulnerability in Tracker-Software Pdf-Xchange Viewer and Viewer AX SDK Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document. | 7.8 |
| 2018-01-31 | CVE-2018-5996 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. | 7.8 |
| 2018-01-31 | CVE-2014-1632 | Permission Issues vulnerability in Eventum Project Eventum htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter. | 8.1 |