Vulnerabilities > High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-07-13	CVE-2016-6547	Information Exposure vulnerability in Nutspace NUT Mobile The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. local low complexity nutspace CWE-200	7.8
2018-07-13	CVE-2016-6546	Information Exposure vulnerability in Kkmcn Itrackeasy The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. local low complexity kkmcn CWE-200	7.8
2018-07-13	CVE-2016-6544	Improper Authentication vulnerability in Ieasytec Itrack Easy getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. network low complexity ieasytec CWE-287	7.5
2018-07-13	CVE-2018-1000211	Incorrect Permission Assignment for Critical Resource vulnerability in Doorkeeper Project Doorkeeper Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry. network low complexity doorkeeper-project CWE-732	7.5
2018-07-13	CVE-2018-1000210	Authorization Bypass Through User-Controlled Key vulnerability in Yamldotnet Project Yamldotnet YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. local low complexity yamldotnet-project CWE-639	7.8
2018-07-13	CVE-2018-1000209	Incorrect Permission Assignment for Critical Resource vulnerability in Sensu Core Sensu, Inc. network low complexity sensu CWE-732	8.8
2018-07-13	CVE-2018-1000208	Path Traversal vulnerability in Modx Revolution MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. network low complexity modx CWE-22	7.5
2018-07-13	CVE-2018-1000207	Incorrect Permission Assignment for Critical Resource vulnerability in Modx Revolution MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. network low complexity modx CWE-732	7.2
2018-07-13	CVE-2018-1000206	Cross-Site Request Forgery (CSRF) vulnerability in Jfrog Artifactory JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. network low complexity jfrog CWE-352	8.8
2018-07-13	CVE-2018-7535	Incorrect Default Permissions vulnerability in Totalav 4.1.7/4.6.19 An issue was discovered in TotalAV v4.1.7. local low complexity totalav CWE-276	7.8

Vulnerabilities > High {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"High"}]}

Vulnerabilities > High