Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-05 | CVE-2018-7644 | Improper Verification of Cryptographic Signature vulnerability in Simplesamlphp The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue. | 7.5 |
| 2018-03-05 | CVE-2018-1316 | Path Traversal vulnerability in Apache ODE The ODE process deployment web service was sensible to deployment messages with forged names. | 7.5 |
| 2018-03-05 | CVE-2018-1000115 | Resource Exhaustion vulnerability in multiple products Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). | 7.5 |
| 2018-03-05 | CVE-2018-7668 | Information Exposure vulnerability in Testlink TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php. | 7.5 |
| 2018-03-04 | CVE-2017-18214 | Resource Exhaustion vulnerability in multiple products The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. | 7.5 |
| 2018-03-04 | CVE-2018-7567 | Unrestricted Upload of File with Dangerous Type vulnerability in Otrs In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. | 7.2 |
| 2018-03-04 | CVE-2018-7560 | Improper Input Validation vulnerability in Aws-Lambda-Multipart-Parser Project Aws-Lambda-Multipart-Parser index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package before 0.1.2 has a Regular Expression Denial of Service (ReDoS) issue via a crafted multipart/form-data boundary string. | 7.5 |
| 2018-03-04 | CVE-2017-18213 | Unspecified vulnerability in Exponentcms Exponent CMS In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges. | 7.2 |
| 2018-03-04 | CVE-2018-7583 | Improper Input Validation vulnerability in Advantig Dualdesk 20 Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) via a long string to TCP port 5500. | 7.5 |
| 2018-03-04 | CVE-2018-7449 | Improper Input Validation vulnerability in Segger Embos/Ip FTP Server 3.22 SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command. | 7.5 |