Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-01 | CVE-2017-6926 | Information Exposure vulnerability in Drupal In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. | 8.1 |
| 2018-03-01 | CVE-2018-7590 | Cross-Site Request Forgery (CSRF) vulnerability in Hoosk 1.7.0 CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation. | 8.8 |
| 2018-03-01 | CVE-2018-7589 | Double Free vulnerability in Cimg .220 An issue was discovered in CImg v.220. | 7.8 |
| 2018-03-01 | CVE-2018-7588 | Out-of-bounds Read vulnerability in Cimg .220 An issue was discovered in CImg v.220. | 7.8 |
| 2018-03-01 | CVE-2018-7587 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cimg .220 An issue was discovered in CImg v.220. | 7.8 |
| 2018-03-01 | CVE-2018-7586 | Path Traversal vulnerability in Imagely Nextgen Gallery In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. | 7.5 |
| 2018-03-01 | CVE-2017-15134 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. | 7.5 |
| 2018-03-01 | CVE-2018-7048 | Resource Exhaustion vulnerability in Wowza Streaming Engine An issue was discovered in Wowza Streaming Engine before 4.7.1. | 7.5 |
| 2018-03-01 | CVE-2017-18209 | NULL Pointer Dereference vulnerability in multiple products In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory. | 8.8 |
| 2018-03-01 | CVE-2017-9286 | Unspecified vulnerability in Opensuse Leap 42.3 The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade. | 8.8 |