Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-30 | CVE-2018-11555 | Out-of-bounds Write vulnerability in Littlecms Little CMS 2.9 tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. | 7.8 |
| 2018-05-29 | CVE-2018-11547 | Out-of-bounds Read vulnerability in Md4C Project Md4C 0.2.5 md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination. | 7.5 |
| 2018-05-29 | CVE-2018-11546 | Out-of-bounds Read vulnerability in Md4C Project Md4C 0.2.5 md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error. | 7.5 |
| 2018-05-29 | CVE-2018-11545 | Out-of-bounds Write vulnerability in Md4C Project Md4C 0.2.5 md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes. | 7.5 |
| 2018-05-29 | CVE-2018-6964 | Unspecified vulnerability in VMWare Horizon Client VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. | 7.2 |
| 2018-05-29 | CVE-2018-3734 | Path Traversal vulnerability in Stattic Project Stattic 0.2.3 stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path. | 7.5 |
| 2018-05-29 | CVE-2018-3733 | Path Traversal vulnerability in Crud-File-Server Project Crud-File-Server crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path. | 7.5 |
| 2018-05-29 | CVE-2018-10466 | SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus Zoho ManageEngine ADAudit Plus before 5.0.0 build 5100 allows blind SQL Injection. | 7.5 |
| 2018-05-29 | CVE-2016-10551 | SQL Injection vulnerability in Balderdash Waterline-Sequel 0.5.0 waterline-sequel is a module that helps generate SQL statements for Waterline apps Any user input that goes into Waterline's `like`, `contains`, `startsWith`, or `endsWith` will end up in waterline-sequel with the potential for malicious code. | 7.5 |
| 2018-05-29 | CVE-2016-10525 | Improper Authentication vulnerability in Dwyl Hapi-Auth-Jwt2 When attempting to allow authentication mode `try` in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication. | 7.5 |