Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-26 | CVE-2017-8540 | Out-of-bounds Write vulnerability in Microsoft products The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. | 7.8 |
| 2017-05-26 | CVE-2017-8538 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. | 7.8 |
| 2017-05-26 | CVE-2017-7505 | Improper Privilege Management vulnerability in Theforeman Foreman Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords. | 8.8 |
| 2017-05-26 | CVE-2017-9036 | Missing Authorization vulnerability in Trendmicro Serverprotect 3.0 Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory. | 7.8 |
| 2017-05-26 | CVE-2017-9035 | Cleartext Transmission of Sensitive Information vulnerability in Trendmicro Serverprotect 3.0 Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers. | 7.4 |
| 2017-05-26 | CVE-2017-9033 | Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Serverprotect 3.0 Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens. | 8.8 |
| 2017-05-26 | CVE-2017-7439 | Information Exposure vulnerability in Netapp Oncommand Unified Manager Core Package NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might allow remote attackers to obtain sensitive information via vectors involving error messages. | 7.5 |
| 2017-05-26 | CVE-2017-7236 | SQL Injection vulnerability in Netapp Oncommand Unified Manager Core Package SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2017-05-25 | CVE-2016-5007 | Permissions, Privileges, and Access Controls vulnerability in multiple products Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. | 7.5 |
| 2017-05-25 | CVE-2016-4977 | Data Processing Errors vulnerability in Pivotal Spring Security Oauth When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code execution via the crafting of the value for response_type. | 8.8 |