Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-13 | CVE-2018-10598 | Out-of-bounds Read vulnerability in Deltaww Cncsoft and Screeneditor CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. | 8.1 |
| 2018-08-13 | CVE-2018-15144 | SQL Injection vulnerability in Open-Emr Openemr SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the search_term parameter. | 8.8 |
| 2018-08-13 | CVE-2018-15142 | Path Traversal vulnerability in Open-Emr Openemr Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed directory. | 8.8 |
| 2018-08-13 | CVE-2018-15139 | Unrestricted Upload of File with Dangerous Type vulnerability in Open-Emr Openemr Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory. | 8.8 |
| 2018-08-13 | CVE-2018-14878 | Deserialization of Untrusted Data vulnerability in Jetbrains Dotpeek and Resharper Ultimate JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data. | 7.8 |
| 2018-08-13 | CVE-2017-7500 | Link Following vulnerability in RPM 4.13.0.1/4.14.0.0 It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. | 7.8 |
| 2018-08-13 | CVE-2018-5925 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HP products A security vulnerability has been identified with certain HP Inkjet printers. | 7.8 |
| 2018-08-12 | CVE-2018-3775 | Improper Authentication vulnerability in Nextcloud Server Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. | 8.8 |
| 2018-08-10 | CVE-2018-11063 | Unquoted Search Path or Element vulnerability in Dell Wyse Management Suite 1.0/1.1 Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. | 7.8 |
| 2018-08-10 | CVE-2018-11048 | XXE vulnerability in Dell products Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. | 8.1 |