Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-14 | CVE-2018-7097 | Cross-Site Request Forgery (CSRF) vulnerability in HP 3Par Service Provider Sp4.2.0/Sp4.3.0/Sp4.4.0 A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). | 8.8 |
| 2018-08-14 | CVE-2018-7093 | Unspecified vulnerability in HP products A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior to v2.55 could be remotely exploited to create a denial of service. | 8.6 |
| 2018-08-14 | CVE-2018-7077 | Unspecified vulnerability in HP products A security vulnerability in HPE XP P9000 Command View Advanced Edition (CVAE) Device Manager (DevMgr 8.5.0-00 and prior to 8.6.0-00), Configuration Manager (CM 8.5.0-00 and prior to 8.6.0-00) could be exploited to allow local and remote unauthorized access to sensitive information. | 7.5 |
| 2018-08-13 | CVE-2018-15125 | Information Exposure vulnerability in Zipato Zipabox Firmware 118 Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface. | 7.5 |
| 2018-08-13 | CVE-2018-10636 | Out-of-bounds Write vulnerability in Deltaww Cncsoft and Screeneditor CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. | 8.8 |
| 2018-08-13 | CVE-2018-10598 | Out-of-bounds Read vulnerability in Deltaww Cncsoft and Screeneditor CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. | 8.1 |
| 2018-08-13 | CVE-2018-15144 | SQL Injection vulnerability in Open-Emr Openemr SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the search_term parameter. | 8.8 |
| 2018-08-13 | CVE-2018-15142 | Path Traversal vulnerability in Open-Emr Openemr Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed directory. | 8.8 |
| 2018-08-13 | CVE-2018-15139 | Unrestricted Upload of File with Dangerous Type vulnerability in Open-Emr Openemr Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory. | 8.8 |
| 2018-08-13 | CVE-2018-14878 | Deserialization of Untrusted Data vulnerability in Jetbrains Dotpeek and Resharper Ultimate JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data. | 7.8 |