Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-29 | CVE-2016-10556 | SQL Injection vulnerability in Sequelizejs Sequelize sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. | 7.5 |
| 2018-05-29 | CVE-2015-9242 | Improper Input Validation vulnerability in Ecstatic Project Ecstatic Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. | 7.5 |
| 2018-05-29 | CVE-2015-9241 | Improper Input Validation vulnerability in Hapijs Hapi Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. | 7.5 |
| 2018-05-29 | CVE-2015-9240 | Credentials Management vulnerability in Keystonejs Keystone Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. | 7.5 |
| 2018-05-29 | CVE-2014-10068 | Path Traversal vulnerability in Hapi Inert 1.0.0/1.1.0 The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false. | 7.5 |
| 2018-05-29 | CVE-2018-1241 | Information Exposure Through Log Files vulnerability in EMC Recoverpoint and Recoverpoint for Virtual Machines Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. | 8.8 |
| 2018-05-29 | CVE-2018-1375 | Session Fixation vulnerability in IBM Security Guardium BIG Data Intelligence 3.1 IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. | 7.5 |
| 2018-05-29 | CVE-2016-7076 | Command Injection vulnerability in Sudo Project Sudo sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. | 7.8 |
| 2018-05-29 | CVE-2018-11527 | Cross-Site Request Forgery (CSRF) vulnerability in Cscms Project Cscms 4.1 An issue was discovered in CScms v4.1. | 8.8 |
| 2018-05-29 | CVE-2018-11488 | Allocation of Resources Without Limits or Throttling vulnerability in Dtsearch 7.66.7936/7.90.8538.1 A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request. | 7.5 |