Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-27 | CVE-2018-8764 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging. | 8.8 |
| 2018-03-27 | CVE-2018-8718 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Mailer Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin 1.20 for Jenkins 2.111 allows remote authenticated users to send unauthorized mail as an arbitrary user via a /descriptorByName/hudson.tasks.Mailer/sendTestMail request. | 8.0 |
| 2018-03-27 | CVE-2018-1267 | Incorrect Permission Assignment for Critical Resource vulnerability in Cloudfoundry Silk-Release 0.1.0 Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an improper access control vulnerability. | 8.1 |
| 2018-03-27 | CVE-2018-1266 | Use of Insufficiently Random Values vulnerability in Cloudfoundry Capi-Release Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. | 8.1 |
| 2018-03-27 | CVE-2018-1231 | Incorrect Permission Assignment for Critical Resource vulnerability in Pivotal Software Bosh CLI Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper access control vulnerability. | 8.8 |
| 2018-03-27 | CVE-2014-0486 | Improper Input Validation vulnerability in NIC Knot CMS Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message. | 7.5 |
| 2018-03-27 | CVE-2017-12310 | Cleartext Transmission of Sensitive Information vulnerability in Cisco Spark Hybrid Calendar Service A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. | 7.5 |
| 2018-03-27 | CVE-2018-9054 | Improper Input Validation vulnerability in Windows Optimization Master Project Windows Optimization Master 7.99.13.604 In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100284c. | 7.8 |
| 2018-03-27 | CVE-2018-9053 | Improper Input Validation vulnerability in Windows Optimization Master Project Windows Optimization Master 7.99.13.604 In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf10026cc. | 7.8 |
| 2018-03-27 | CVE-2018-9052 | Improper Input Validation vulnerability in Windows Optimization Master Project Windows Optimization Master 7.99.13.604 In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100283c. | 7.8 |