Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-05 | CVE-2018-1000115 | Resource Exhaustion vulnerability in multiple products Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). | 7.5 |
| 2018-03-05 | CVE-2018-7668 | Information Exposure vulnerability in Testlink TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php. | 7.5 |
| 2018-03-04 | CVE-2017-18214 | Resource Exhaustion vulnerability in multiple products The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. | 7.5 |
| 2018-03-04 | CVE-2018-7567 | Unrestricted Upload of File with Dangerous Type vulnerability in Otrs In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. | 7.2 |
| 2018-03-04 | CVE-2018-7560 | Improper Input Validation vulnerability in Aws-Lambda-Multipart-Parser Project Aws-Lambda-Multipart-Parser index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service (ReDoS) issue via a crafted multipart/form-data boundary string. | 7.5 |
| 2018-03-04 | CVE-2017-18213 | Unspecified vulnerability in Exponentcms Exponent CMS In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges. | 7.2 |
| 2018-03-04 | CVE-2018-7583 | Improper Input Validation vulnerability in Advantig Dualdesk 20 Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500. | 7.5 |
| 2018-03-04 | CVE-2018-7449 | Improper Input Validation vulnerability in Segger Embos/Ip FTP Server 3.22 SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command. | 7.5 |
| 2018-03-02 | CVE-2015-7967 | Permissions, Privileges, and Access Controls vulnerability in Gemalto Safenet Authentication Service for Citrix web Interface Agent SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | 7.8 |
| 2018-03-02 | CVE-2015-7966 | Permissions, Privileges, and Access Controls vulnerability in Gemalto Safenet Authentication Service Windows Logon Agent SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965. | 7.8 |