Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-21 | CVE-2016-2433 | Improper Access Control vulnerability in Google Android The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel. | 8.8 |
| 2017-04-21 | CVE-2016-2347 | Integer Overflow or Wraparound vulnerability in multiple products Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. | 7.8 |
| 2017-04-21 | CVE-2016-1561 | Information Exposure vulnerability in Exagrid products ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image. | 7.5 |
| 2017-04-21 | CVE-2016-1520 | 7PK - Security Features vulnerability in Grandstream Wave 1.0.1.26 The Grandstream Wave app 1.0.1.26 and earlier for Android does not use HTTPS when retrieving update information, which might allow man-in-the-middle attackers to execute arbitrary code via a crafted application. | 7.8 |
| 2017-04-21 | CVE-2016-1518 | Improper Access Control vulnerability in Grandstream Wave 1.0.1.26 The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 and earlier for Android and Grandstream Video IP phones allows man-in-the-middle attackers to spoof provisioning data and consequently modify device functionality, obtain sensitive information from system logs, and have unspecified other impact by leveraging failure to use an HTTPS session for downloading configuration files from http://fm.grandstream.com/gs/. | 8.1 |
| 2017-04-21 | CVE-2017-8050 | Unspecified vulnerability in Tenable Appliance Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web UI that allows for the unauthorized manipulation of the admin password. | 7.5 |
| 2017-04-21 | CVE-2016-1559 | Information Exposure vulnerability in D-Link products D-Link DAP-1353 H/W vers. | 8.1 |
| 2017-04-21 | CVE-2016-1556 | Information Exposure vulnerability in Netgear products Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages. | 7.5 |
| 2017-04-21 | CVE-2016-10091 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unrtf Project Unrtf 0.21.9 Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function. | 7.5 |
| 2017-04-21 | CVE-2016-0721 | Session Fixation vulnerability in multiple products Session fixation vulnerability in pcsd in pcs before 0.9.157. | 8.1 |