Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-06 | CVE-2017-2675 | Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. | 7.8 |
| 2017-04-06 | CVE-2017-7192 | Improper Certificate Validation vulnerability in Starscream Project Starscream WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). | 7.5 |
| 2017-04-06 | CVE-2017-6968 | Unspecified vulnerability in GMV Checker ATM Security GMV Checker ATM Security prior to 5.0.18 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka PT-2017-03. | 8.8 |
| 2017-04-06 | CVE-2017-6130 | Server-Side Request Forgery (SSRF) vulnerability in F5 SSL Intercept Iapp and SSL Orchestrator F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic. | 7.4 |
| 2017-04-06 | CVE-2017-5887 | Improper Certificate Validation vulnerability in Starscream Project Starscream WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function). | 7.5 |
| 2017-04-05 | CVE-2017-7447 | Cross-Site Request Forgery (CSRF) vulnerability in Helpdezk 1.1.1 HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code. | 8.8 |
| 2017-04-05 | CVE-2017-7446 | Cross-Site Request Forgery (CSRF) vulnerability in Helpdezk 1.1.1 HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges. | 8.8 |
| 2017-04-05 | CVE-2017-7444 | Unspecified vulnerability in Veritas System Recovery 16 In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed. | 7.8 |
| 2017-04-05 | CVE-2016-6100 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-04-05 | CVE-2015-4680 | Improper Certificate Validation vulnerability in multiple products FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. | 7.5 |