Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-07 | CVE-2018-7739 | Improper Input Validation vulnerability in Antsle Antman antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=>&password=%0a string to the /login URI. | 9.8 |
| 2018-03-07 | CVE-2016-7443 | Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location." | 9.8 |
| 2018-03-07 | CVE-2016-5179 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome OS Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot. | 9.8 |
| 2018-03-06 | CVE-2018-5469 | Improper Restriction of Excessive Authentication Attempts vulnerability in Belden products An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. | 9.8 |
| 2018-03-06 | CVE-2018-6809 | Unspecified vulnerability in Citrix products NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system. | 9.8 |
| 2018-03-06 | CVE-2018-6530 | OS Command Injection vulnerability in Dlink products OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter. | 9.8 |
| 2018-03-06 | CVE-2018-1343 | Improper Authentication vulnerability in Netiq Privileged Account Manager PAM exposure enabling unauthenticated access to remote host | 9.8 |
| 2018-03-06 | CVE-2015-5377 | Injection vulnerability in Elastic Elasticsearch Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. | 9.8 |
| 2018-03-06 | CVE-2018-7732 | SQL Injection vulnerability in Yxtcmf 3.1 An issue was discovered in YxtCMF 3.1. | 9.8 |
| 2018-03-06 | CVE-2018-1000101 | Unspecified vulnerability in Mingw-W64 5.0.3 Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used to corrupt subsequent string functions. | 9.8 |