Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-06 | CVE-2017-14088 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Trendmicro Officescan and Officescan XG Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting tmwfp.sys. | 7.0 |
| 2017-10-06 | CVE-2017-14087 | Improper Input Validation vulnerability in Trendmicro Officescan 11.0/12.0 A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. | 7.5 |
| 2017-10-06 | CVE-2017-14086 | Resource Exhaustion vulnerability in Trendmicro Officescan 11.0/12.0 Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests. | 7.5 |
| 2017-10-06 | CVE-2017-14084 | Unspecified vulnerability in Trendmicro Officescan 11.0/12.0 A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations. | 8.1 |
| 2017-10-06 | CVE-2017-14083 | Unspecified vulnerability in Trendmicro Officescan 11.0/12.0 A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file. | 7.5 |
| 2017-10-05 | CVE-2017-13998 | Insufficiently Protected Credentials vulnerability in Loytec Lvis-3Me Firmware 6.1.1 An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. | 7.5 |
| 2017-10-05 | CVE-2017-13996 | Path Traversal vulnerability in Loytec Lvis-3Me Firmware 6.1.1 A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. | 8.8 |
| 2017-10-05 | CVE-2017-13992 | Insufficient Entropy vulnerability in Loytec Lvis-3Me Firmware 6.1.1 An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. | 8.1 |
| 2017-10-05 | CVE-2017-2920 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pl32 Photoline 20.02 An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. | 7.8 |
| 2017-10-05 | CVE-2017-2880 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pl32 Photoline 20.02 An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02. | 7.8 |