Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-30 | CVE-2018-11555 | Out-of-bounds Write vulnerability in Littlecms Little CMS 2.9 tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. | 7.8 |
| 2018-05-30 | CVE-2018-11235 | Path Traversal vulnerability in multiple products In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. | 7.8 |
| 2018-05-30 | CVE-2018-11233 | Out-of-bounds Read vulnerability in multiple products In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. | 7.5 |
| 2018-05-29 | CVE-2018-11548 | Improper Input Validation vulnerability in Block EOS Dawn4.2.0 An issue was discovered in EOS.IO DAWN 4.2. | 7.5 |
| 2018-05-29 | CVE-2018-6964 | Unspecified vulnerability in VMWare Horizon Client VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to insecure usage of SUID binary. | 7.8 |
| 2018-05-29 | CVE-2018-3734 | Path Traversal vulnerability in Stattic Project Stattic 0.2.3 stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path. | 7.5 |
| 2018-05-29 | CVE-2018-3733 | Path Traversal vulnerability in Crud-File-Server Project Crud-File-Server crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path. | 7.5 |
| 2018-05-29 | CVE-2018-11392 | Unrestricted Upload of File with Dangerous Type vulnerability in Jigowatt PHP Login & User Management 3.2.1/4.0/4.1.0 An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. | 8.8 |
| 2018-05-29 | CVE-2017-16153 | Path Traversal vulnerability in Gaoxuyan Project Gaoxuyan gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. | 7.5 |
| 2018-05-29 | CVE-2017-16062 | Information Exposure vulnerability in Node-Tkinter Project Node-Tkinter node-tkinter was a malicious module published with the intent to hijack environment variables. | 7.5 |