Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-28 | CVE-2018-1083 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. | 7.8 |
| 2018-03-28 | CVE-2018-9108 | Cross-Site Request Forgery (CSRF) vulnerability in Quickappscms Quickapps CMS 2.0.0 CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to create an account with admin privileges. | 8.8 |
| 2018-03-28 | CVE-2018-9107 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Acyba Acymailing CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export. | 8.8 |
| 2018-03-28 | CVE-2018-9106 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Acyba Acysms CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export. | 8.8 |
| 2018-03-27 | CVE-2018-9105 | Improper Authentication vulnerability in Nordvpn 3.3.10 NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. | 8.8 |
| 2018-03-27 | CVE-2018-9092 | Cross-Site Request Forgery (CSRF) vulnerability in 1234N Minicms 1.10 There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password. | 8.8 |
| 2018-03-27 | CVE-2018-1327 | Unspecified vulnerability in Apache Struts The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. | 7.5 |
| 2018-03-27 | CVE-2018-1238 | OS Command Injection vulnerability in Dell EMC Scaleio Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). | 7.5 |
| 2018-03-27 | CVE-2018-1205 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dell EMC Scaleio Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. | 7.5 |
| 2018-03-27 | CVE-2018-7700 | Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7 DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code. | 8.8 |