Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-21 | CVE-2016-0348 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Tririga Application Platform Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.0 |
| 2018-02-21 | CVE-2018-5716 | Path Traversal vulnerability in Reprisesoftware Reprise License Manager 11.0 An issue was discovered in Reprise License Manager 11.0. | 8.1 |
| 2018-02-21 | CVE-2013-0267 | Improper Input Validation vulnerability in Apache VCL The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation. | 8.8 |
| 2018-02-21 | CVE-2018-1168 | Incorrect Permission Assignment for Critical Resource vulnerability in Hitachienergy Sys600 Firmware This vulnerability allows local attackers to escalate privileges on vulnerable installations of ABB MicroSCADA 9.3 with FP 1-2-3. | 7.8 |
| 2018-02-21 | CVE-2018-1166 | Improper Input Validation vulnerability in Joyent Smartos 20170803 This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. | 7.8 |
| 2018-02-21 | CVE-2018-1165 | Out-of-bounds Write vulnerability in multiple products This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. | 7.0 |
| 2018-02-21 | CVE-2018-7276 | Information Exposure vulnerability in Lutron Quantum Bacnet Integration Firmware 3.2.243 An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. | 7.5 |
| 2018-02-21 | CVE-2018-7271 | Code Injection vulnerability in Metinfo 6.0.0 An issue was discovered in MetInfo 6.0.0. | 8.1 |
| 2018-02-20 | CVE-2017-14993 | Forced Browsing vulnerability in Oxid-Esales Eshop OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.11 (legacy), and 5.3.x before 5.3.6 (maintenance), and Professional Edition before 6.0.0 RC3 (development), 4.9.x before 4.9.11 (legacy) and 4.10.x before 4.10.6 (maintenance) allow remote attackers to crawl specially crafted URLs (aka "forced browsing") in order to overflow the database of the shop and consequently make it stop working. | 7.5 |
| 2018-02-20 | CVE-2017-12415 | Cross-Site Request Forgery (CSRF) vulnerability in Oxid-Esales Eshop OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x before 4.10.5 (maintenance), and 4.9.x before 4.9.10 (legacy), Enterprise Edition before 6.0.0 RC2 (development), 5.2.x before 5.2.10 (legacy), and 5.3.x before 5.3.5 (maintenance), and Professional Edition before 6.0.0 RC2 (development), 4.9.x before 4.9.10 (legacy) and 4.10.x before 4.10.5 (maintenance) allow remote attackers to hijack the cart session of a client via Cross-Site Request Forgery (CSRF) if the following pre-conditions are met: (1) the attacker knows which shop is presently used by the client, (2) the attacker knows the exact time when the customer will add product items to the cart, (3) the attacker knows which product items are already in the cart (has to know their article IDs), and (4) the attacker would be able to trick user into clicking a button (submit form) of an e-mail or remote site within the period of visiting the shop and placing an order. | 7.5 |