Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-25 | CVE-2018-8990 | Improper Input Validation vulnerability in Windows Optimization Master Project Windows Optimization Master 7.99.13.604 In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002010. | 7.8 |
| 2018-03-25 | CVE-2018-8989 | Improper Input Validation vulnerability in Windows Optimization Master Project Windows Optimization Master 7.99.13.604 In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002006. | 7.8 |
| 2018-03-25 | CVE-2018-8988 | Improper Input Validation vulnerability in Windows Optimization Master Project Windows Optimization Master 7.99.13.604 In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002008. | 7.8 |
| 2018-03-24 | CVE-2018-8972 | Cross-Site Request Forgery (CSRF) vulnerability in Creditwestbank Cwcms Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters. | 8.8 |
| 2018-03-24 | CVE-2018-8970 | Improper Certificate Validation vulnerability in Openbsd Libressl 2.7.0 The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 7.4 |
| 2018-03-24 | CVE-2018-8969 | Path Traversal vulnerability in Zzcms 8.2 An issue was discovered in zzcms 8.2. | 7.5 |
| 2018-03-24 | CVE-2018-8968 | Path Traversal vulnerability in Zzcms 8.2 An issue was discovered in zzcms 8.2. | 7.5 |
| 2018-03-24 | CVE-2018-8966 | Code Injection vulnerability in Zzcms 8.2 An issue was discovered in zzcms 8.2. | 7.5 |
| 2018-03-24 | CVE-2018-8965 | Path Traversal vulnerability in Zzcms 8.2 An issue was discovered in zzcms 8.2. | 7.5 |
| 2018-03-24 | CVE-2017-17751 | Unspecified vulnerability in Bose Soundtouch Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol. | 8.8 |