Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-08-20 | CVE-2018-1000649 | Incorrect Permission Assignment for Critical Resource vulnerability in Librehealth EHR 2.0.0 LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php (2) vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. | 8.8 |
2018-08-20 | CVE-2018-1000648 | Improper Privilege Management vulnerability in Librehealth EHR 2.0.0 LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. | 8.8 |
2018-08-20 | CVE-2018-1000647 | Improper Input Validation vulnerability in Librehealth EHR 2.0.0 LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. | 7.1 |
2018-08-20 | CVE-2018-1000646 | Unrestricted Upload of File with Dangerous Type vulnerability in Librehealth EHR 2.0.0 LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution. | 8.8 |
2018-08-20 | CVE-2018-1000637 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products zutils version prior to version 1.8-pre2 contains a Buffer Overflow vulnerability in zcat that can result in Potential denial of service or arbitrary code execution. | 7.8 |
2018-08-20 | CVE-2018-1000634 | Improper Privilege Management vulnerability in Openmicroscopy Omero The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains an Improper Access Control vulnerability in User management that can result in administrative user with privilege restrictions logging in as a more powerful administrator. | 7.2 |
2018-08-20 | CVE-2018-1000633 | Information Exposure vulnerability in Openmicroscopy Omero The Open Microscopy Environment OMERO.web version prior to 5.4.7 contains an Information Exposure Through Log Files vulnerability in the login form and change password form that can result in User's password being revealed. | 7.2 |
2018-08-20 | CVE-2018-1000632 | XML Injection (aka Blind XPath Injection) vulnerability in multiple products dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. | 7.5 |
2018-08-20 | CVE-2018-5243 | Resource Exhaustion vulnerability in Symantec Encryption Management Server The Symantec Encryption Management Server (SEMS) product, prior to version 3.4.2 MP1, may be susceptible to a denial of service (DoS) exploit. | 7.5 |
2018-08-20 | CVE-2011-2765 | Link Following vulnerability in Pyro Project Pyro pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. | 7.5 |