Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-19 | CVE-2018-12561 | Improper Input Validation vulnerability in Cantata Project Cantata An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. | 8.8 |
| 2018-06-19 | CVE-2018-12559 | Path Traversal vulnerability in Cantata Project Cantata An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. | 8.8 |
| 2018-06-18 | CVE-2018-9028 | Inadequate Encryption Strength vulnerability in Broadcom Privileged Access Manager Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. | 7.5 |
| 2018-06-18 | CVE-2018-9026 | Session Fixation vulnerability in Broadcom Privileged Access Manager A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. | 7.5 |
| 2018-06-18 | CVE-2018-9025 | Improper Input Validation vulnerability in Broadcom Privileged Access Manager An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. | 7.5 |
| 2018-06-18 | CVE-2018-9023 | Improper Input Validation vulnerability in Broadcom Privileged Access Manager An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. | 8.8 |
| 2018-06-18 | CVE-2018-1333 | Resource Exhaustion vulnerability in multiple products By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. | 7.5 |
| 2018-06-18 | CVE-2018-1153 | Improper Certificate Validation vulnerability in Portswigger Burp Suite 1.7.32/1.7.33 Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic. | 7.4 |
| 2018-06-18 | CVE-2018-1090 | Information Exposure vulnerability in multiple products In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. | 7.5 |
| 2018-06-18 | CVE-2018-1060 | python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. | 7.5 |