Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-02 | CVE-2017-2279 | Untrusted Search Path vulnerability in Kiri Tween Untrusted search path vulnerability in Tween Ver1.6.6.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-08-02 | CVE-2017-2138 | Cross-Site Request Forgery (CSRF) vulnerability in Cs-Cart and Cs-Cart Multivendor Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2017-08-02 | CVE-2017-11364 | Improper Certificate Validation vulnerability in Joomla Joomla! The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. | 8.8 |
| 2017-08-01 | CVE-2017-8663 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Outlook Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code execution vulnerability due to the way Microsoft Outlook parses specially crafted email messages, aka "Microsoft Office Outlook Memory Corruption Vulnerability" | 7.8 |
| 2017-08-01 | CVE-2017-8571 | Improper Input Validation vulnerability in Microsoft Outlook Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability". | 7.8 |
| 2017-08-01 | CVE-2017-4921 | Unspecified vulnerability in VMWare Vcenter Server 6.5 VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. | 8.8 |
| 2017-08-01 | CVE-2017-11379 | Insufficient Verification of Data Authenticity vulnerability in Trendmicro Deep Discovery Director 1.1 Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1. | 7.5 |
| 2017-08-01 | CVE-2017-11135 | Missing Authorization vulnerability in Stashcat Heinekingmedia 0.0.80W/0.0.86W/1.7.5 An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. | 7.5 |
| 2017-08-01 | CVE-2017-11133 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Stashcat Heinekingmedia 0.0.80W/0.0.86W/1.7.5 An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. | 7.5 |
| 2017-08-01 | CVE-2017-11132 | Improper Certificate Validation vulnerability in Heinekingmedia Stashcat An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. | 7.5 |