Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-13 | CVE-2017-11769 | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles loading dll files, aka "TRIE Remote Code Execution Vulnerability". | 7.8 |
| 2017-10-13 | CVE-2017-11763 | Improper Input Validation vulnerability in Microsoft products The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability". | 8.8 |
| 2017-10-13 | CVE-2017-11762 | Improper Input Validation vulnerability in Microsoft products The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability". | 8.8 |
| 2017-10-13 | CVE-2016-5789 | Cross-Site Request Forgery (CSRF) vulnerability in Jantek Jtc-200 Firmware A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. | 8.0 |
| 2017-10-12 | CVE-2017-15290 | Cleartext Transmission of Sensitive Information vulnerability in Mirasys Video Management System Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data is required for the client functionality. | 7.5 |
| 2017-10-12 | CVE-2017-15268 | Missing Release of Resource after Effective Lifetime vulnerability in Qemu Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c. | 7.5 |
| 2017-10-12 | CVE-2017-10865 | Untrusted Search Path vulnerability in Hitachi-Solutions Confidential File Decryption Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-10-12 | CVE-2017-10864 | Untrusted Search Path vulnerability in Hitachi-Solutions Confidential File Viewer Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-10-12 | CVE-2017-10863 | Untrusted Search Path vulnerability in Hitachi-Solutions Confidential File Decryption Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-10-12 | CVE-2017-9514 | Incorrect Permission Assignment for Critical Resource vulnerability in Atlassian Bamboo Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. | 8.8 |