Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-20 CVE-2018-1000646 Unrestricted Upload of File with Dangerous Type vulnerability in Librehealth EHR 2.0.0
LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution.
network
low complexity
librehealth CWE-434
8.8
2018-08-20 CVE-2018-1000637 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution.
local
low complexity
nongnu debian CWE-119
7.8
2018-08-20 CVE-2018-1000634 Improper Privilege Management vulnerability in Openmicroscopy Omero
The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restrictions logging in as a more powerful administrator.
network
low complexity
openmicroscopy CWE-269
7.2
2018-08-20 CVE-2018-1000633 Information Exposure vulnerability in Openmicroscopy Omero
The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed.
network
low complexity
openmicroscopy CWE-200
7.2
2018-08-20 CVE-2018-1000632 XML Injection (aka Blind XPath Injection) vulnerability in multiple products
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element.
network
low complexity
dom4j-project debian oracle redhat netapp CWE-91
7.5
2018-08-20 CVE-2018-5243 Resource Exhaustion vulnerability in Symantec Encryption Management Server
The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit.
network
low complexity
symantec CWE-400
7.5
2018-08-20 CVE-2011-2765 Link Following vulnerability in Pyro Project Pyro
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root.
network
low complexity
pyro-project CWE-59
7.5
2018-08-20 CVE-2018-15573 Unrestricted Upload of File with Dangerous Type vulnerability in Reprisesoftware Reprise License Manager
An issue was discovered in Reprise License Manager (RLM) through 12.2BL2.
network
low complexity
reprisesoftware CWE-434
8.8
2018-08-20 CVE-2018-15568 Cross-Site Request Forgery (CSRF) vulnerability in Tp5Cms Project Tp5Cms 20170315/20170525
tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html.
network
low complexity
tp5cms-project CWE-352
8.8
2018-08-20 CVE-2018-15565 Cross-Site Request Forgery (CSRF) vulnerability in Simple-Cms Project Simple CMS 20140311
An issue was discovered in daveismyname simple-cms through 2014-03-11.
network
low complexity
simple-cms-project CWE-352
8.8