Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-27 | CVE-2018-7195 | Unspecified vulnerability in Osticket Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number. | 8.1 |
| 2018-03-27 | CVE-2018-6766 | Uncontrolled Search Path Element vulnerability in Swisscom Tvmediahelper 1.1.0.50 Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. | 7.8 |
| 2018-03-27 | CVE-2018-6765 | Uncontrolled Search Path Element vulnerability in Swisscom Myswisscomassistant 2.17.1.1065 Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. | 7.8 |
| 2018-03-27 | CVE-2018-8764 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging. | 8.8 |
| 2018-03-27 | CVE-2018-8718 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Mailer Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request. | 8.0 |
| 2018-03-27 | CVE-2018-1267 | Incorrect Permission Assignment for Critical Resource vulnerability in Cloudfoundry Silk-Release 0.1.0 Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an improper access control vulnerability. | 8.1 |
| 2018-03-27 | CVE-2018-1266 | Use of Insufficiently Random Values vulnerability in Cloudfoundry Capi-Release Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. | 8.1 |
| 2018-03-27 | CVE-2018-1231 | Incorrect Permission Assignment for Critical Resource vulnerability in Pivotal Software Bosh CLI Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. | 8.8 |
| 2018-03-27 | CVE-2014-0486 | Improper Input Validation vulnerability in NIC Knot CMS Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message. | 7.5 |
| 2018-03-27 | CVE-2017-12310 | Cleartext Transmission of Sensitive Information vulnerability in Cisco Spark Hybrid Calendar Service A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. | 7.5 |