Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-13 | CVE-2016-6547 | Information Exposure vulnerability in Nutspace NUT Mobile The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. | 7.8 |
2018-07-13 | CVE-2016-6546 | Information Exposure vulnerability in Kkmcn Itrackeasy The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. | 7.8 |
2018-07-13 | CVE-2016-6544 | Improper Authentication vulnerability in Ieasytec Itrack Easy getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. | 7.5 |
2018-07-13 | CVE-2018-1000211 | Incorrect Permission Assignment for Critical Resource vulnerability in Doorkeeper Project Doorkeeper Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry. | 7.5 |
2018-07-13 | CVE-2018-1000210 | Authorization Bypass Through User-Controlled Key vulnerability in Yamldotnet Project Yamldotnet YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. | 7.8 |
2018-07-13 | CVE-2018-1000209 | Incorrect Permission Assignment for Critical Resource vulnerability in Sensu Core Sensu, Inc. | 8.8 |
2018-07-13 | CVE-2018-1000208 | Path Traversal vulnerability in Modx Revolution MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. | 7.5 |
2018-07-13 | CVE-2018-1000207 | Incorrect Permission Assignment for Critical Resource vulnerability in Modx Revolution MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. | 7.2 |
2018-07-13 | CVE-2018-1000206 | Cross-Site Request Forgery (CSRF) vulnerability in Jfrog Artifactory JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. | 8.8 |
2018-07-13 | CVE-2018-7535 | Incorrect Default Permissions vulnerability in Totalav 4.1.7/4.6.19 An issue was discovered in TotalAV v4.1.7. | 7.8 |