Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-18 | CVE-2018-1000167 | Deserialization of Untrusted Data vulnerability in Oisf Suricata-Update 1.0.0A1 OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 and sources.py:131. | 7.8 |
| 2018-04-18 | CVE-2018-1000165 | Incorrect Permission Assignment for Critical Resource vulnerability in Lightsaml LightSAML version prior to 1.3.5 contains a Incorrect Access Control vulnerability in signature validation in readers in src/LightSaml/Model/XmlDSig/ that can result in impersonation of any user from Identity Provider. | 7.5 |
| 2018-04-18 | CVE-2018-1000164 | CRLF Injection vulnerability in multiple products gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. | 7.5 |
| 2018-04-18 | CVE-2018-1000158 | Incorrect Permission Assignment for Critical Resource vulnerability in Cmsmadesimple CMS Made Simple 2.2.7 cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . | 8.8 |
| 2018-04-18 | CVE-2018-1274 | Allocation of Resources Without Limits or Throttling vulnerability in Pivotal Software Spring Data Commons and Spring Data Rest Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. | 7.5 |
| 2018-04-18 | CVE-2018-1240 | Information Exposure vulnerability in EMC Vipr Controller 3.0.0.39 Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. | 8.0 |
| 2018-04-18 | CVE-2018-1088 | A privilege escalation flaw was found in gluster 3.x snapshot scheduler. | 8.1 |
| 2018-04-18 | CVE-2016-8220 | Information Exposure vulnerability in Pivotal Software Gemfire Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x prior to 1.7.1.0, contain an information disclosure vulnerability. | 7.5 |
| 2018-04-18 | CVE-2018-6413 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hikvision Ds-2Cd9111-S Firmware 4.1.2 There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack (service interruption) via a crafted network setting interface request. | 7.5 |
| 2018-04-18 | CVE-2016-10499 | Resource Management Errors vulnerability in Qualcomm products In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, memory leak may occur in the IPSecurity module when repeating IKE-Rekey. | 7.5 |