Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-16 | CVE-2017-3190 | Improper Certificate Validation vulnerability in AXS Flash Seats Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | 7.5 |
| 2017-12-16 | CVE-2017-14092 | Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Scanmail 12.0 The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 12.0 web interface forms could allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain. | 8.8 |
| 2017-12-16 | CVE-2017-14091 | Insufficient Verification of Data Authenticity vulnerability in Trendmicro Scanmail 12.0 A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory. | 7.5 |
| 2017-12-16 | CVE-2017-11397 | Untrusted Search Path vulnerability in Trendmicro Encryption for Email 5.6.0.1073 A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. | 7.8 |
| 2017-12-16 | CVE-2017-17712 | Race Condition vulnerability in Linux Kernel The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges. | 7.0 |
| 2017-12-15 | CVE-2017-14184 | Information Exposure vulnerability in Fortinet Forticlient An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations. | 8.8 |
| 2017-12-15 | CVE-2017-16788 | Path Traversal vulnerability in Meinbergglobal Lantime Firmware Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory. | 7.2 |
| 2017-12-15 | CVE-2017-16776 | Unspecified vulnerability in Mckesson Conserus Workflow Intelligence 2.0.2 Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. | 8.1 |
| 2017-12-15 | CVE-2017-17697 | Server-Side Request Forgery (SSRF) vulnerability in Linuxfoundation Harbor The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | 8.6 |
| 2017-12-15 | CVE-2017-17695 | SQL Injection vulnerability in Techno - Portfolio Management Panel Project Techno - Portfolio Management Panel 1.0/20171116 Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter. | 8.8 |