Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-12 | CVE-2018-3862 | Out-of-bounds Write vulnerability in Computer-Insel Photoline 20.53 A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting | 7.8 |
| 2018-04-12 | CVE-2018-3861 | Out-of-bounds Write vulnerability in Computer-Insel Photoline 20.53 A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. | 7.8 |
| 2018-04-12 | CVE-2018-10063 | Unspecified vulnerability in Convert Forms Project Convert Forms 2.0.3 The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file. | 7.8 |
| 2018-04-12 | CVE-2018-1084 | corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. | 7.5 |
| 2018-04-12 | CVE-2018-1086 | Information Exposure vulnerability in multiple products pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. | 7.5 |
| 2018-04-12 | CVE-2018-9118 | Path Traversal vulnerability in 99Robots WP Background Takeover Advertisements exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. | 7.5 |
| 2018-04-12 | CVE-2017-6910 | Information Exposure vulnerability in multiple products The HTTP and WebSocket engine components in the server in Kaazing Gateway before 4.5.3 hotfix-1, Gateway - JMS Edition before 4.0.5 hotfix-15, 4.0.6 before hotfix-4, 4.0.7, 4.0.9 before hotfix-19, 4.4.x before 4.4.2 hotfix-1, 4.5.x before 4.5.3 hotfix-1, and Gateway Community and Enterprise Editions before 5.6.0 allow remote attackers to bypass intended access restrictions and obtain sensitive information via vectors related to HTTP request handling. | 7.5 |
| 2018-04-12 | CVE-2014-6633 | Command Injection vulnerability in Tryton The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav module or (2) the formula field in the price_list module. | 8.8 |
| 2018-04-12 | CVE-2014-6309 | Information Exposure vulnerability in Tenefit Kaazing Websocket Gateway 4.0.2/4.0.3/4.0.4 The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive information via vectors related to HTTP request handling. | 7.5 |
| 2018-04-12 | CVE-2018-9860 | Off-by-one Error vulnerability in Botan Project Botan An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. | 7.5 |