Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-13 | CVE-2018-1000211 | Incorrect Permission Assignment for Critical Resource vulnerability in Doorkeeper Project Doorkeeper Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry. | 7.5 |
| 2018-07-13 | CVE-2018-1000210 | Authorization Bypass Through User-Controlled Key vulnerability in Yamldotnet Project Yamldotnet YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. | 7.8 |
| 2018-07-13 | CVE-2018-1000209 | Incorrect Permission Assignment for Critical Resource vulnerability in Sensu Core Sensu, Inc. | 8.8 |
| 2018-07-13 | CVE-2018-1000208 | Path Traversal vulnerability in Modx Revolution MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. | 7.5 |
| 2018-07-13 | CVE-2018-1000207 | Incorrect Permission Assignment for Critical Resource vulnerability in Modx Revolution MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. | 7.2 |
| 2018-07-13 | CVE-2018-1000206 | Cross-Site Request Forgery (CSRF) vulnerability in Jfrog Artifactory JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. | 8.8 |
| 2018-07-13 | CVE-2018-7535 | Incorrect Default Permissions vulnerability in Totalav 4.1.7/4.6.19 An issue was discovered in TotalAV v4.1.7. | 7.8 |
| 2018-07-13 | CVE-2018-1245 | Incorrect Authorization vulnerability in EMC RSA Identity Governance and Lifecycle 7.0.1/7.0.2/7.1.0 RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). | 8.8 |
| 2018-07-13 | CVE-2018-10018 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gdata-Software Total Security 25.4.0.3 The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Total Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument. | 8.8 |
| 2018-07-13 | CVE-2018-9067 | Unspecified vulnerability in Lenovo Help The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI. | 7.5 |