Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-30 | CVE-2015-7610 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token. | 8.8 |
| 2018-05-30 | CVE-2018-11518 | Improper Input Validation vulnerability in Hcltech Legacy IVR Firmware A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. | 8.1 |
| 2018-05-30 | CVE-2018-11438 | Out-of-bounds Write vulnerability in Libmobi Project Libmobi 0.3 The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution (heap-based buffer overflow) via a crafted mobi file. | 8.8 |
| 2018-05-30 | CVE-2018-11556 | Out-of-bounds Write vulnerability in Littlecms Little CMS 2.9 tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. | 7.8 |
| 2018-05-30 | CVE-2018-11555 | Out-of-bounds Write vulnerability in Littlecms Little CMS 2.9 tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. | 7.8 |
| 2018-05-30 | CVE-2018-11235 | Path Traversal vulnerability in multiple products In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. | 7.8 |
| 2018-05-30 | CVE-2018-11233 | Out-of-bounds Read vulnerability in multiple products In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. | 7.5 |
| 2018-05-29 | CVE-2018-11548 | Improper Input Validation vulnerability in Block EOS Dawn4.2.0 An issue was discovered in EOS.IO DAWN 4.2. | 7.5 |
| 2018-05-29 | CVE-2018-6964 | Unspecified vulnerability in VMWare Horizon Client VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. | 7.8 |
| 2018-05-29 | CVE-2018-3734 | Path Traversal vulnerability in Stattic Project Stattic 0.2.3 stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path. | 7.5 |