Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-21 | CVE-2016-1520 | 7PK - Security Features vulnerability in Grandstream Wave 1.0.1.26 The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application. | 7.8 |
| 2017-04-21 | CVE-2016-1518 | Improper Access Control vulnerability in Grandstream Wave 1.0.1.26 The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/. | 8.1 |
| 2017-04-21 | CVE-2017-8050 | Unspecified vulnerability in Tenable Appliance Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password. | 7.5 |
| 2017-04-21 | CVE-2016-1559 | Information Exposure vulnerability in D-Link products D-Link DAP-1353 H/W vers. | 8.1 |
| 2017-04-21 | CVE-2016-1556 | Information Exposure vulnerability in Netgear products Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages. | 7.5 |
| 2017-04-21 | CVE-2016-10091 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unrtf Project Unrtf 0.21.9 Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function. | 7.5 |
| 2017-04-21 | CVE-2016-0721 | Session Fixation vulnerability in multiple products Session fixation vulnerability in pcsd in pcs before 0.9.157. | 8.1 |
| 2017-04-21 | CVE-2016-0720 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | 8.8 |
| 2017-04-21 | CVE-2016-4846 | Untrusted Search Path vulnerability in Securebrain Phishwall Client 3.7.8.1 Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.7.8.2. | 7.8 |
| 2017-04-21 | CVE-2016-1148 | Improper Certificate Validation vulnerability in Photosynth Akerun 1.2.3 Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. | 8.1 |