Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-19 | CVE-2018-1171 | Out-of-bounds Write vulnerability in multiple products This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. | 7.0 |
| 2018-03-19 | CVE-2018-8761 | Unspecified vulnerability in Yxcms 1.4.7 protected\apps\member\controller\shopcarController.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. | 7.5 |
| 2018-03-19 | CVE-2018-7422 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Siteeditor Site Editor 1.0.0/1.1.0/1.1.1 A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal. | 7.5 |
| 2018-03-19 | CVE-2018-6843 | SQL Injection vulnerability in Kentico CMS Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface. | 7.2 |
| 2018-03-19 | CVE-2015-5350 | Improper Access Control vulnerability in Cloudfoundry Garden 0.22.0/0.329.0 In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. | 7.5 |
| 2018-03-19 | CVE-2014-3626 | Path Traversal vulnerability in Grails Resources 1.2.0/1.2.12 The Grails Resource Plugin often has to exchange URIs for resources with other internal components. | 7.5 |
| 2018-03-18 | CVE-2018-8769 | Out-of-bounds Read vulnerability in Elfutils Project Elfutils 0.170 elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name function of libebl/ebldynamictagname.c because SYMTAB_SHNDX is unsupported. | 7.8 |
| 2018-03-18 | CVE-2018-8768 | Unspecified vulnerability in Jupyter Notebook In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. | 7.8 |
| 2018-03-18 | CVE-2018-8765 | Improper Input Validation vulnerability in 2345 Security Guard Project 2345 Security Guard 3.6 In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222018. | 7.8 |
| 2018-03-18 | CVE-2018-8756 | Code Injection vulnerability in Yzmcms 3.7.1 Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request. | 7.2 |