Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-28 | CVE-2018-9106 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Acyba Acysms CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla! via a value that is mishandled in a CSV export. | 8.8 |
| 2018-03-27 | CVE-2018-9105 | Improper Authentication vulnerability in Nordvpn 3.3.10 NordVPN 3.3.10 for macOS suffers from a root privilege escalation vulnerability. | 8.8 |
| 2018-03-27 | CVE-2018-9092 | Cross-Site Request Forgery (CSRF) vulnerability in 1234N Minicms 1.10 There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password. | 8.8 |
| 2018-03-27 | CVE-2018-1327 | Unspecified vulnerability in Apache Struts The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. | 7.5 |
| 2018-03-27 | CVE-2018-1238 | OS Command Injection vulnerability in Dell EMC Scaleio Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). | 7.5 |
| 2018-03-27 | CVE-2018-1205 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Dell EMC Scaleio Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. | 7.5 |
| 2018-03-27 | CVE-2018-7700 | Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7 DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code. | 8.8 |
| 2018-03-27 | CVE-2018-7195 | Unspecified vulnerability in Osticket Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number. | 8.1 |
| 2018-03-27 | CVE-2018-6766 | Uncontrolled Search Path Element vulnerability in Swisscom Tvmediahelper 1.1.0.50 Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. | 7.8 |
| 2018-03-27 | CVE-2018-6765 | Uncontrolled Search Path Element vulnerability in Swisscom Myswisscomassistant 2.17.1.1065 Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. | 7.8 |