Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-26 | CVE-2018-1000540 | XXE vulnerability in Loboevolution Project Loboevolution LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. | 7.8 |
| 2018-06-26 | CVE-2018-1000538 | Allocation of File Descriptors or Handles Without Limits or Throttling vulnerability in Minio Minio Inc. | 7.5 |
| 2018-06-26 | CVE-2018-1000535 | Information Exposure vulnerability in LMS lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. | 7.5 |
| 2018-06-26 | CVE-2018-1000531 | Improper Input Validation vulnerability in Inversoft Prime-Jwt inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. | 7.5 |
| 2018-06-26 | CVE-2018-1000527 | Deserialization of Untrusted Data vulnerability in Froxlor Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. | 7.2 |
| 2018-06-26 | CVE-2018-1000526 | XML Injection (aka Blind XPath Injection) vulnerability in Openpsa2 Openpsa Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. | 7.5 |
| 2018-06-26 | CVE-2018-1000523 | Improper Input Validation vulnerability in Topydo topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in Injection of arbitrary bytes to the terminal, including terminal escape code sequences. | 8.1 |
| 2018-06-26 | CVE-2018-1000520 | Improper Certificate Validation vulnerability in ARM Mbed TLS ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. | 7.5 |
| 2018-06-26 | CVE-2018-1000518 | Resource Exhaustion vulnerability in Websockets Project Websockets 4.0 aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. | 7.5 |
| 2018-06-26 | CVE-2018-1000515 | XXE vulnerability in News-Articles Project News-Articles 00.09.11 ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server.. | 7.5 |