Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-08 | CVE-2017-4909 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Horizon View and Workstation VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. | 7.8 |
| 2017-06-08 | CVE-2017-4908 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare Horizon View and Workstation VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. | 7.8 |
| 2017-06-08 | CVE-2017-7180 | Unquoted Search Path or Element vulnerability in Eduiq NET Monitor for Employees Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. | 7.3 |
| 2017-06-07 | CVE-2016-4973 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Libssp Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature. | 7.8 |
| 2017-06-07 | CVE-2015-8235 | Path Traversal vulnerability in Call-Cc Spiffy Directory traversal vulnerability in Spiffy before 5.4. | 7.5 |
| 2017-06-07 | CVE-2015-6240 | Link Following vulnerability in Redhat Ansible The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. | 7.8 |
| 2017-06-07 | CVE-2015-5232 | Race Condition vulnerability in Cornelisnetworks Opa-Ff and Opa-Fm Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197. | 8.1 |
| 2017-06-07 | CVE-2015-5175 | Improper Input Validation vulnerability in Apache CXF Fediz Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service. | 7.5 |
| 2017-06-07 | CVE-2017-9355 | Server-Side Request Forgery (SSRF) vulnerability in Subsonic 6.1.1 XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file. | 7.4 |
| 2017-06-07 | CVE-2017-7966 | Uncontrolled Search Path Element vulnerability in Schneider-Electric Somachine 2.1.0 A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. | 8.8 |