Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-27 CVE-2018-1327 Unspecified vulnerability in Apache Struts
The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload.
network
low complexity
apache
7.5
2018-03-27 CVE-2018-1238 OS Command Injection vulnerability in Dell EMC Scaleio
Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA).
network
high complexity
dell CWE-78
7.5
2018-03-27 CVE-2018-1205 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dell EMC Scaleio
Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service.
network
low complexity
dell CWE-119
7.5
2018-03-27 CVE-2018-7700 Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7
DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.
network
low complexity
dedecms CWE-352
8.8
2018-03-27 CVE-2018-7195 Unspecified vulnerability in Osticket
Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.
network
high complexity
osticket
8.1
2018-03-27 CVE-2018-6766 Uncontrolled Search Path Element vulnerability in Swisscom Tvmediahelper 1.1.0.50
Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system.
local
low complexity
swisscom CWE-427
7.8
2018-03-27 CVE-2018-6765 Uncontrolled Search Path Element vulnerability in Swisscom Myswisscomassistant 2.17.1.1065
Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system.
local
low complexity
swisscom CWE-427
7.8
2018-03-27 CVE-2018-8764 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.
network
low complexity
debian ldap-account-manager CWE-352
8.8
2018-03-27 CVE-2018-8718 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Mailer
Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request.
network
low complexity
jenkins CWE-352
8.0
2018-03-27 CVE-2018-1267 Incorrect Permission Assignment for Critical Resource vulnerability in Cloudfoundry Silk-Release 0.1.0
Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an improper access control vulnerability.
network
high complexity
cloudfoundry CWE-732
8.1