Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-29 | CVE-2014-10068 | Path Traversal vulnerability in Hapi Inert 1.0.0/1.1.0 The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false. | 7.5 |
| 2018-05-29 | CVE-2018-1241 | Information Exposure Through Log Files vulnerability in EMC Recoverpoint and Recoverpoint for Virtual Machines Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. | 8.8 |
| 2018-05-29 | CVE-2018-1375 | Session Fixation vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. | 7.5 |
| 2018-05-29 | CVE-2016-7076 | Command Injection vulnerability in Sudo Project Sudo sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. | 7.8 |
| 2018-05-29 | CVE-2018-11527 | Cross-Site Request Forgery (CSRF) vulnerability in Cscms Project Cscms 4.1 An issue was discovered in CScms v4.1. | 8.8 |
| 2018-05-29 | CVE-2018-11488 | Allocation of Resources Without Limits or Throttling vulnerability in Dtsearch 7.66.7936/7.90.8538.1 A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request. | 7.5 |
| 2018-05-28 | CVE-2018-11516 | Use After Free vulnerability in Videolan VLC Media Player 3.0.0/3.0.1 The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file. | 8.8 |
| 2018-05-28 | CVE-2018-11514 | Unrestricted Upload of File with Dangerous Type vulnerability in Naukri Clone Script Project Naukri Clone Script 3.0.3 PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php. | 8.8 |
| 2018-05-28 | CVE-2018-11506 | Out-of-bounds Write vulnerability in multiple products The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call. | 7.8 |
| 2018-05-26 | CVE-2018-11505 | Information Exposure vulnerability in Werewolf Online Project Werewolf Online 0.8.8 The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output. | 7.5 |