Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-27 | CVE-2018-12909 | Path Traversal vulnerability in Webgrind Project Webgrind 1.5.0 Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. | 7.5 |
| 2018-06-27 | CVE-2018-8025 | Race Condition vulnerability in Apache Hbase CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. | 8.1 |
| 2018-06-27 | CVE-2018-12907 | Information Exposure vulnerability in Rclone 1.42 In Rclone 1.42, use of "rclone sync" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL's content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server, aka a "RESTLESS" issue. | 7.5 |
| 2018-06-26 | CVE-2018-12900 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file. | 8.8 |
| 2018-06-26 | CVE-2018-3841 | NULL Pointer Dereference vulnerability in Pixar Renderman 21.6 A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). | 7.5 |
| 2018-06-26 | CVE-2018-3840 | NULL Pointer Dereference vulnerability in Pixar Renderman 21.6 A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). | 7.5 |
| 2018-06-26 | CVE-2018-1614 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. | 7.5 |
| 2018-06-26 | CVE-2018-12895 | Path Traversal vulnerability in multiple products WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. | 8.8 |
| 2018-06-26 | CVE-2018-3760 | Information Exposure vulnerability in multiple products There is an information leak vulnerability in Sprockets. | 7.5 |
| 2018-06-26 | CVE-2018-12712 | Improper Input Validation vulnerability in Joomla Joomla! An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. | 8.8 |