Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-02 | CVE-2018-6519 | Injection vulnerability in multiple products The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. | 7.5 |
| 2018-02-01 | CVE-2017-2297 | Improper Authentication vulnerability in Puppet Enterprise Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens. | 7.5 |
| 2018-02-01 | CVE-2017-3160 | Unspecified vulnerability in Apache Cordova After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. | 7.4 |
| 2018-02-01 | CVE-2018-1192 | Information Exposure vulnerability in Pivotal Software products In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. | 8.8 |
| 2018-02-01 | CVE-2015-2204 | Information Exposure vulnerability in Evergreen-Ils Evergreen Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided. | 7.5 |
| 2018-02-01 | CVE-2014-9504 | Improper Access Control vulnerability in Open Atrium Project Open Atrium The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance. | 7.5 |
| 2018-02-01 | CVE-2014-9502 | Cross-Site Request Forgery (CSRF) vulnerability in Open Atrium Project Open Atrium Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks. | 8.8 |
| 2018-02-01 | CVE-2018-6186 | Server-Side Request Forgery (SSRF) vulnerability in Citrix Netscaler 12.0 Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. | 8.8 |
| 2018-02-01 | CVE-2018-0509 | Cross-Site Request Forgery (CSRF) vulnerability in Kkcald Project Kkcald 0.7.19/0.7.21 Cross-site request forgery (CSRF) vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2018-02-01 | CVE-2017-1000409 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Glibc 2.5 A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. | 7.0 |