Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-15 | CVE-2018-8266 | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. | 7.5 |
| 2018-08-15 | CVE-2018-15172 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tp-Link Tl-Wr840N Firmware 0.9.1 TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header. | 7.5 |
| 2018-08-15 | CVE-2018-15156 | OS Command Injection vulnerability in Open-Emr Openemr OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/faxq.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php. | 8.8 |
| 2018-08-15 | CVE-2018-15155 | OS Command Injection vulnerability in Open-Emr Openemr OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/fax_dispatch.php after modifying the "hylafax_enscript" global variable in interface/super/edit_globals.php. | 8.8 |
| 2018-08-15 | CVE-2018-15154 | OS Command Injection vulnerability in Open-Emr Openemr OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the "print_command" global variable in interface/super/edit_globals.php. | 8.8 |
| 2018-08-15 | CVE-2018-15153 | OS Command Injection vulnerability in Open-Emr Openemr OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php. | 8.8 |
| 2018-08-15 | CVE-2018-15151 | SQL Injection vulnerability in Open-Emr Openemr SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter. | 8.8 |
| 2018-08-15 | CVE-2018-15150 | SQL Injection vulnerability in Open-Emr Openemr SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'temporary_files_dir' variable in interface/super/edit_globals.php. | 8.8 |
| 2018-08-15 | CVE-2018-15149 | SQL Injection vulnerability in Open-Emr Openemr SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter. | 8.8 |
| 2018-08-15 | CVE-2018-15148 | SQL Injection vulnerability in Open-Emr Openemr SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter. | 8.8 |