Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-18 | CVE-2018-7216 | Cross-Site Request Forgery (CSRF) vulnerability in Tejari Bravo Solution Cross-site request forgery (CSRF) vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens. | 8.0 |
| 2018-02-18 | CVE-2018-7211 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Idashboards An issue was discovered in iDashboards 9.6b. | 8.1 |
| 2018-02-18 | CVE-2018-7210 | Information Exposure vulnerability in Idashboards An issue was discovered in iDashboards 9.6b. | 7.5 |
| 2018-02-18 | CVE-2018-7209 | Information Exposure vulnerability in Idashboards An issue was discovered in iDashboards 9.6b. | 7.5 |
| 2018-02-18 | CVE-2018-7208 | Improper Input Validation vulnerability in multiple products In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object. | 7.8 |
| 2018-02-18 | CVE-2018-7206 | Unspecified vulnerability in Jupyter Oauthenticator An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. | 8.8 |
| 2018-02-16 | CVE-2018-6218 | Untrusted Search Path vulnerability in Trendmicro products A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. | 7.0 |
| 2018-02-16 | CVE-2018-3609 | Information Exposure Through Log Files vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 9.0/9.1 A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations. | 8.1 |
| 2018-02-16 | CVE-2018-7187 | OS Command Injection vulnerability in multiple products The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. | 8.8 |
| 2018-02-16 | CVE-2018-0516 | Untrusted Search Path vulnerability in Flets Address Selection Tool 4.0/6.0 Untrusted search path vulnerability in FLET'S v4 / v6 address selection tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |