Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-20 CVE-2018-1000216 Double Free vulnerability in Cjson Project Cjson
Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE.
network
low complexity
cjson-project CWE-415
8.8
2018-08-20 CVE-2018-1000215 Missing Release of Resource after Effective Lifetime vulnerability in Cjson Project Cjson
Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS).
network
low complexity
cjson-project CWE-772
7.5
2018-08-20 CVE-2018-1000657 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rust-Lang Rust
Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary code execution, but no proof-of-concept exploit is currently published..
local
low complexity
rust-lang CWE-119
7.8
2018-08-20 CVE-2018-1000656 Improper Input Validation vulnerability in multiple products
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service.
network
low complexity
palletsprojects netapp CWE-20
7.5
2018-08-20 CVE-2018-1000650 SQL Injection vulnerability in Librehealth EHR 2.0.0
LibreHealthIO lh-ehr version REL-2.0.0 contains a SQL Injection vulnerability in Show Groups Popup SQL query functions that can result in Ability to perform malicious database queries.
network
low complexity
librehealth CWE-89
8.8
2018-08-20 CVE-2018-1000649 Incorrect Permission Assignment for Critical Resource vulnerability in Librehealth EHR 2.0.0
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution.
network
low complexity
librehealth CWE-732
8.8
2018-08-20 CVE-2018-1000648 Improper Privilege Management vulnerability in Librehealth EHR 2.0.0
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution.
network
low complexity
librehealth CWE-269
8.8
2018-08-20 CVE-2018-1000647 Improper Input Validation vulnerability in Librehealth EHR 2.0.0
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service.
network
low complexity
librehealth CWE-20
7.1
2018-08-20 CVE-2018-1000646 Unrestricted Upload of File with Dangerous Type vulnerability in Librehealth EHR 2.0.0
LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution.
network
low complexity
librehealth CWE-434
8.8
2018-08-20 CVE-2018-1000637 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution.
local
low complexity
nongnu debian CWE-119
7.8