Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-15 CVE-2018-15149 SQL Injection vulnerability in Open-Emr Openemr
SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter.
network
low complexity
open-emr CWE-89
8.8
2018-08-15 CVE-2018-15148 SQL Injection vulnerability in Open-Emr Openemr
SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter.
network
low complexity
open-emr CWE-89
8.8
2018-08-15 CVE-2018-15147 SQL Injection vulnerability in Open-Emr Openemr
SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'id' parameter.
network
low complexity
open-emr CWE-89
8.8
2018-08-15 CVE-2018-15146 SQL Injection vulnerability in Open-Emr Openemr
SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter.
network
low complexity
open-emr CWE-89
8.8
2018-08-15 CVE-2018-15138 Path Traversal vulnerability in Ericssonlg Ipecs NMS 30M2.3Gn/30Mb.2Ia
Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs.
network
low complexity
ericssonlg CWE-22
7.5
2018-08-15 CVE-2018-12056 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in All-For-One ALL for ONE
The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call.
network
low complexity
all-for-one CWE-338
7.5
2018-08-15 CVE-2018-11687 Integer Overflow or Wraparound vulnerability in Bitcoin RED Project Bitcoin RED
An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploited in the wild in May 2018, aka the "ownerUnderflow" issue.
network
low complexity
bitcoin-red-project CWE-190
7.5
2018-08-15 CVE-2018-0952 Unspecified vulnerability in Microsoft products
An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers.
local
low complexity
microsoft
7.8
2018-08-15 CVE-2018-1455 Cross-Site Request Forgery (CSRF) vulnerability in IBM Tivoli Application Dependency Discovery Manager 7.2.2/7.3.0
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2018-08-15 CVE-2018-6973 Out-of-bounds Write vulnerability in VMWare Fusion and Workstation
VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device.
local
low complexity
vmware CWE-787
8.8