Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-03 | CVE-2018-3752 | Improper Input Validation vulnerability in Merge-Options Project Merge-Options 0.0.42/0.0.64/1.0.0 The utilities function in all versions <= 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. | 7.5 |
| 2018-07-03 | CVE-2018-3751 | Improper Input Validation vulnerability in Umbraengineering Merge-Recursive The utilities function in all versions <= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. | 7.5 |
| 2018-07-03 | CVE-2018-3750 | Improper Input Validation vulnerability in Deep Extend Project Deep Extend The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. | 7.5 |
| 2018-07-03 | CVE-2018-3749 | Improper Input Validation vulnerability in Deap Project Deap The utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. | 7.5 |
| 2018-07-03 | CVE-2018-13116 | SQL Injection vulnerability in Zzcms 8.3. /user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table. | 7.5 |
| 2018-07-03 | CVE-2018-13113 | Integer Overflow or Wraparound vulnerability in Easy Trading Token Project Easy Trading Token The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. | 7.5 |
| 2018-07-03 | CVE-2018-11642 | Incorrect Permission Assignment for Critical Resource vulnerability in Dialogic Powermedia XMS Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user. | 7.2 |
| 2018-07-03 | CVE-2018-11641 | Use of Hard-coded Credentials vulnerability in Dialogic Powermedia XMS Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a web service. | 7.5 |
| 2018-07-03 | CVE-2018-11635 | Use of Hard-coded Credentials vulnerability in Dialogic Powermedia XMS 3.5 Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication. | 7.5 |
| 2018-07-03 | CVE-2018-11052 | Improper Authentication vulnerability in Dellemc Elastic Cloud Storage 3.2.0.0/3.2.0.1 Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. | 7.5 |