CVE-2018-1002150 CVSS:0.0
Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13.1, 1.14.1 and 1.15.1. (Last Update:2018-04-04) (Publish Update:2018-04-04)
CVE-2018-1000170 CVSS:0.0
A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user's browser when that other user performs some UI actions. (Last Update:2018-04-16) (Publish Update:2018-04-16)
CVE-2018-1000169 CVSS:0.0
An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to Jenkins. (Last Update:2018-04-16) (Publish Update:2018-04-16)
CVE-2018-1000167 CVSS:0.0
OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 and sources.py:131. The "list-sources"-command is affected by this bug. that can result in Remote Code Execution(even as root if suricata-update is called by root). This attack appears to be exploitable via a specially crafted yaml-file at https://www.openinfosecfoundation.org/rules/index.yaml. This vulnerability appears to have been fixed in 1.0.0b1. (Last Update:2018-04-18) (Publish Update:2018-04-18)
CVE-2018-1000165 CVSS:0.0
LightSAML version prior to 1.3.5 contains a Incorrect Access Control vulnerability in signature validation in readers in src/LightSaml/Model/XmlDSig/ that can result in impersonation of any user from Identity Provider. This vulnerability appears to have been fixed in 1.3.5 and later. (Last Update:2018-04-18) (Publish Update:2018-04-18)
CVE-2018-1000164 CVSS:0.0
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0. (Last Update:2018-04-18) (Publish Update:2018-04-18)
CVE-2018-1000163 CVSS:0.0
Floodlight version 1.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console. (Last Update:2018-04-18) (Publish Update:2018-04-18)
CVE-2018-1000162 CVSS:0.0
Parsedown version prior to 1.7.0 contains a Cross Site Scripting (XSS) vulnerability in `setMarkupEscaped` for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST boundaries. This vulnerability appears to have been fixed in 1.7.0 and later. (Last Update:2018-04-18) (Publish Update:2018-04-18)
CVE-2018-1000161 CVSS:0.0
nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7. (Last Update:2018-04-18) (Publish Update:2018-04-18)
CVE-2018-1000160 CVSS:0.0
RisingStack protect version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in isXss() function in lib/rules/xss.js that can result in dangerous XSS strings being validated as safe. This attack appears to be exploitable via A number of XSS strings(26) detailed in the GitHub issue #16. (Last Update:2018-04-18) (Publish Update:2018-04-18)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com