Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-13 | CVE-2018-1000092 | Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple version versions 2.2.5 contains a Cross ite Request Forgery (CSRF) vulnerability in Admin profile page that can result in Details can be found here http://dev.cmsmadesimple.org/bug/view/11715. | 8.8 |
| 2018-03-13 | CVE-2018-1000091 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Kadnode Project Kadnode 2.2.0 KadNode version version 2.2.0 contains a Buffer Overflow vulnerability in Arguments when starting up the binary that can result in Control of program execution flow, leading to remote code execution. | 8.8 |
| 2018-03-13 | CVE-2018-1000090 | XXE vulnerability in Textpattern 4.6.2 textpattern version version 4.6.2 contains a XML Injection vulnerability in Import XML feature that can result in Denial of service in context to the web server by exhausting server memory resources. | 7.5 |
| 2018-03-13 | CVE-2018-1000089 | Information Exposure Through Log Files vulnerability in Django-Anymail Project Django-Anymail Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. | 7.4 |
| 2018-03-13 | CVE-2018-1000086 | Cross-Site Request Forgery (CSRF) vulnerability in NPR Pym.Js NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery (CSRF) vulnerability in Pym.js _onNavigateToMessage function. | 8.8 |
| 2018-03-13 | CVE-2018-1000082 | Cross-Site Request Forgery (CSRF) vulnerability in Ajenti 2 Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) vulnerability in the command execution panel of the tool used to manage the server. | 8.8 |
| 2018-03-13 | CVE-2018-1000081 | Improper Input Validation vulnerability in Ajenti 2 Ajenti version version 2 contains a Input Validation vulnerability in ID string on Get-values POST request that can result in Server Crashing. | 7.5 |
| 2018-03-13 | CVE-2018-1000075 | Infinite Loop vulnerability in multiple products RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. | 7.5 |
| 2018-03-13 | CVE-2018-1000074 | Deserialization of Untrusted Data vulnerability in Rubygems RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. | 7.8 |
| 2018-03-13 | CVE-2018-1000073 | Link Following vulnerability in Rubygems RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. | 7.5 |