Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-05-28 CVE-2017-7295 Use After Free vulnerability in Contiki-Os Contiki 3.0
An issue was discovered in Contiki Operating System 3.0.
network
low complexity
contiki-os CWE-416
7.5
2017-05-27 CVE-2017-7731 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Fortinet Fortiportal
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.
network
low complexity
fortinet CWE-640
7.5
2017-05-27 CVE-2017-7338 Information Exposure vulnerability in Fortinet Fortiportal
A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View.
network
low complexity
fortinet CWE-200
7.5
2017-05-27 CVE-2017-3134 Improper Input Validation vulnerability in Fortinet Fortiwlc-Sd
An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'.
network
low complexity
fortinet CWE-20
7.2
2017-05-26 CVE-2017-8541 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption.
local
low complexity
microsoft CWE-119
7.8
2017-05-26 CVE-2017-8540 Out-of-bounds Write vulnerability in Microsoft products
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption.
local
low complexity
microsoft CWE-787
7.8
2017-05-26 CVE-2017-8538 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption.
local
low complexity
microsoft CWE-119
7.8
2017-05-26 CVE-2017-7505 Improper Privilege Management vulnerability in Theforeman Foreman
Foreman since version 1.5 is vulnerable to an incorrect authorization check due to which users with user management permission who are assigned to some organization(s) can do all operations granted by these permissions on all administrator user object outside of their scope, such as editing global admin accounts including changing their passwords.
network
low complexity
theforeman CWE-269
8.8
2017-05-26 CVE-2017-9036 Missing Authorization vulnerability in Trendmicro Serverprotect 3.0
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by leveraging an unrestricted quarantine directory.
local
low complexity
trendmicro CWE-862
7.8
2017-05-26 CVE-2017-9035 Cleartext Transmission of Sensitive Information vulnerability in Trendmicro Serverprotect 3.0
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers.
network
high complexity
trendmicro CWE-319
7.4