Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-22 | CVE-2018-0148 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco UCS Director 6.5(0.0.65832) A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. | 8.8 |
| 2018-02-22 | CVE-2018-0139 | Unspecified vulnerability in Cisco Unified Customer Voice Portal 11.5(1)/11.6 A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service (DoS) condition. | 8.6 |
| 2018-02-21 | CVE-2018-7311 | Incorrect Permission Assignment for Critical Resource vulnerability in Privatevpn 2.0.31 PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability. | 8.8 |
| 2018-02-21 | CVE-2018-7281 | Unspecified vulnerability in Cactusvpn 5.3.6 CactusVPN 5.3.6 for macOS contains a root privilege escalation vulnerability through a setuid root binary called runme. | 8.8 |
| 2018-02-21 | CVE-2018-7308 | Cross-Site Request Forgery (CSRF) vulnerability in Hosting Project Hosting 20180211 A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account. | 8.8 |
| 2018-02-21 | CVE-2017-1758 | XXE vulnerability in IBM products IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |
| 2018-02-21 | CVE-2018-7304 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Tiki 17.1 Tiki 17.1 does not validate user input for special characters; consequently, a CSV Injection attack can open a CMD.EXE or Calculator window on the victim machine to perform malicious activity, as demonstrated by an "=cmd|' /C calc'!A0" payload during User Creation. | 8.8 |
| 2018-02-21 | CVE-2017-12161 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Keycloak It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. | 8.8 |
| 2018-02-21 | CVE-2016-0348 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tririga Application Platform Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.0 |
| 2018-02-21 | CVE-2018-5716 | Path Traversal vulnerability in Reprisesoftware Reprise License Manager 11.0 An issue was discovered in Reprise License Manager 11.0. | 8.1 |