Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-13 CVE-2018-1000211 Incorrect Permission Assignment for Critical Resource vulnerability in Doorkeeper Project Doorkeeper
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.
network
low complexity
doorkeeper-project CWE-732
7.5
2018-07-13 CVE-2018-1000210 Authorization Bypass Through User-Controlled Key vulnerability in Yamldotnet Project Yamldotnet
YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them.
local
low complexity
yamldotnet-project CWE-639
7.8
2018-07-13 CVE-2018-1000209 Incorrect Permission Assignment for Critical Resource vulnerability in Sensu Core
Sensu, Inc.
network
low complexity
sensu CWE-732
8.8
2018-07-13 CVE-2018-1000208 Path Traversal vulnerability in Modx Revolution
MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files.
network
low complexity
modx CWE-22
7.5
2018-07-13 CVE-2018-1000207 Incorrect Permission Assignment for Critical Resource vulnerability in Modx Revolution
MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content.
network
low complexity
modx CWE-732
7.2
2018-07-13 CVE-2018-1000206 Cross-Site Request Forgery (CSRF) vulnerability in Jfrog Artifactory
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user.
network
low complexity
jfrog CWE-352
8.8
2018-07-13 CVE-2018-7535 Incorrect Default Permissions vulnerability in Totalav 4.1.7/4.6.19
An issue was discovered in TotalAV v4.1.7.
local
low complexity
totalav CWE-276
7.8
2018-07-13 CVE-2018-1245 Incorrect Authorization vulnerability in EMC RSA Identity Governance and Lifecycle 7.0.1/7.0.2/7.1.0
RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM).
network
low complexity
emc CWE-863
8.8
2018-07-13 CVE-2018-10018 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gdata-Software Total Security 25.4.0.3
The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Total Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument.
network
low complexity
gdata-software CWE-119
8.8
2018-07-13 CVE-2018-9067 Unspecified vulnerability in Lenovo Help
The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI.
network
low complexity
lenovo
7.5