Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-17 | CVE-2017-0006 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053. | 7.8 |
| 2017-03-17 | CVE-2017-0005 | Unspecified vulnerability in Microsoft products The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0025, and CVE-2017-0047. | 7.8 |
| 2017-03-17 | CVE-2017-0001 | Unspecified vulnerability in Microsoft products The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0005, CVE-2017-0025, and CVE-2017-0047. | 7.8 |
| 2017-03-16 | CVE-2017-6952 | Integer Overflow or Wraparound vulnerability in Capstone-Engine Capstone 3.0.4 Integer overflow in the cs_winkernel_malloc function in winkernel_mm.c in Capstone 3.0.4 and earlier allows attackers to cause a denial of service (heap-based buffer overflow in a kernel driver) or possibly have unspecified other impact via a large value. | 8.8 |
| 2017-03-16 | CVE-2017-6949 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Call-Cc Chicken 4.12.0 An issue was discovered in CHICKEN Scheme through 4.12.0. | 8.1 |
| 2017-03-16 | CVE-2017-5643 | Server-Side Request Forgery (SSRF) vulnerability in Apache Camel Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. | 7.4 |
| 2017-03-16 | CVE-2017-5617 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file. | 7.4 |
| 2017-03-16 | CVE-2017-6510 | Path Traversal vulnerability in Efssoft Easy File Sharing FTP Server 3.6 Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory. | 7.5 |
| 2017-03-16 | CVE-2017-6381 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Drupal A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. | 8.1 |
| 2017-03-16 | CVE-2017-6379 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. | 7.5 |