Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-12 | CVE-2017-0106 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Outlook Microsoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | 7.8 |
| 2017-04-12 | CVE-2017-0093 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge A remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. | 7.5 |
| 2017-04-12 | CVE-2016-7958 | Improper Input Validation vulnerability in Wireshark 2.2.0 In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. | 7.5 |
| 2017-04-12 | CVE-2016-7957 | Improper Input Validation vulnerability in Wireshark 2.2.0 In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. | 7.5 |
| 2017-04-11 | CVE-2017-7694 | Code Injection vulnerability in Getsymphony Symphony Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. | 8.8 |
| 2017-04-11 | CVE-2015-8666 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator. | 7.9 |
| 2017-04-11 | CVE-2015-7893 | Improper Input Validation vulnerability in Samsung Galaxy S6 SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. | 8.8 |
| 2017-04-11 | CVE-2017-6088 | SQL Injection vulnerability in Eyesofnetwork 4.23/4.30/5.0 Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php. | 7.2 |
| 2017-04-11 | CVE-2016-4989 | Command Injection vulnerability in multiple products setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445. | 7.0 |
| 2017-04-11 | CVE-2016-4446 | Command Injection vulnerability in multiple products The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function. | 7.0 |