Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-12-09 CVE-2017-16363 Out-of-bounds Read vulnerability in Adobe products
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.
network
low complexity
adobe CWE-125
8.8
2017-12-09 CVE-2017-16362 Out-of-bounds Read vulnerability in Adobe products
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.
network
low complexity
adobe CWE-125
8.8
2017-12-09 CVE-2017-16360 Use After Free vulnerability in Adobe products
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions.
network
low complexity
adobe CWE-416
8.8
2017-12-08 CVE-2017-11480 Unspecified vulnerability in Elasticsearch Packetbeat
Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler.
network
low complexity
elasticsearch
7.5
2017-12-08 CVE-2017-12823 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Kaspersky Embedded Systems Security 1.2.0.300/2.0.0.385
Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation.
local
low complexity
kaspersky CWE-119
7.8
2017-12-08 CVE-2017-16921 OS Command Injection vulnerability in multiple products
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.
network
low complexity
otrs debian CWE-78
8.8
2017-12-08 CVE-2017-10893 Untrusted Search Path vulnerability in J-Lis the Public Certification Service for Individuals 3.1
Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
j-lis CWE-426
7.8
2017-12-08 CVE-2017-11940 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Malware Protection Engine
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution.
local
low complexity
microsoft CWE-119
7.8
2017-12-08 CVE-2017-17475 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tgsoft Vir.It Explorer 8.5.42
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82736068.
local
low complexity
tgsoft CWE-119
7.8
2017-12-08 CVE-2017-17474 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tgsoft Vir.It Explorer 8.5.42
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730070.
local
low complexity
tgsoft CWE-119
7.8