Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-12-14 | CVE-2017-7344 | Unspecified vulnerability in Fortinet Forticlient A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when the "VPN before logon" feature is enabled and an untrusted certificate chain. | 8.1 |
2017-12-14 | CVE-2017-17535 | Injection vulnerability in Gjots2 Project Gjots2 2.4.1 lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
2017-12-14 | CVE-2017-17534 | Injection vulnerability in Mensis Project Mensis 0.0.080507 uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17521. | 8.8 |
2017-12-14 | CVE-2017-17533 | Injection vulnerability in Tkabber Project Tkabber 1.1 default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
2017-12-14 | CVE-2017-17532 | Injection vulnerability in Kiwi Project Kiwi 1.9.22 examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
2017-12-14 | CVE-2017-17531 | Injection vulnerability in GNU Global 4.8.6 gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
2017-12-14 | CVE-2017-17530 | Injection vulnerability in Geomview 1.9.5 common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
2017-12-14 | CVE-2017-17529 | Injection vulnerability in Abisource Abiword 3.0.22 af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
2017-12-14 | CVE-2017-17528 | Injection vulnerability in Scummvm 1.9.0 backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |
2017-12-14 | CVE-2017-17527 | Injection vulnerability in multiple products delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. | 8.8 |