Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-15 | CVE-2018-15151 | SQL Injection vulnerability in Open-Emr Openemr SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter. | 8.8 |
| 2018-08-15 | CVE-2018-15150 | SQL Injection vulnerability in Open-Emr Openemr SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'temporary_files_dir' variable in interface/super/edit_globals.php. | 8.8 |
| 2018-08-15 | CVE-2018-15149 | SQL Injection vulnerability in Open-Emr Openemr SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter. | 8.8 |
| 2018-08-15 | CVE-2018-15148 | SQL Injection vulnerability in Open-Emr Openemr SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter. | 8.8 |
| 2018-08-15 | CVE-2018-15147 | SQL Injection vulnerability in Open-Emr Openemr SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'id' parameter. | 8.8 |
| 2018-08-15 | CVE-2018-15146 | SQL Injection vulnerability in Open-Emr Openemr SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter. | 8.8 |
| 2018-08-15 | CVE-2018-15138 | Path Traversal vulnerability in Ericssonlg Ipecs NMS 30M2.3Gn/30Mb.2Ia Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. | 7.5 |
| 2018-08-15 | CVE-2018-12056 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in All-For-One ALL for ONE The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. | 7.5 |
| 2018-08-15 | CVE-2018-11687 | Integer Overflow or Wraparound vulnerability in Bitcoin RED Project Bitcoin RED An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploited in the wild in May 2018, aka the "ownerUnderflow" issue. | 7.5 |
| 2018-08-15 | CVE-2018-0952 | Unspecified vulnerability in Microsoft products An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers. | 7.8 |