CVE-2020-8370
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Devamını Oku
Devamını oku
CVE-2019-10881
Xerox AltaLink B8045/B8055/B8065/B8075/B8090, AltaLink C8030/C8035/C8045/C8055/C8070 with software releases before 103.xxx.030.32000 includes two accounts with weak hard-coded passwords which can be exploited and allow unauthorized access which cannot be disabled. Devamını Oku
CVE-2020-8358
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none. Devamını Oku
CVE-2020-28590
An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted obj file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. Devamını Oku
CVE-2020-27235 (openclinic_ga)
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. Devamını Oku
CVE-2020-27236 (openclinic_ga)
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability. Devamını Oku
CVE-2020-13566
SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Deleteâ€�, the POST parameter delete_group leads to a SQL injection. Devamını Oku
CVE-2020-13568
SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submitâ€�, the POST parameter parent_id leads to a SQL injection. Devamını Oku
CVE-2020-13566 (openemr, phpgacl)
SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Deleteâ€�, the POST parameter delete_group leads to a SQL injection. Devamını Oku
CVE-2020-13568 (openemr, phpgacl)
SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submitâ€�, the POST parameter parent_id leads to a SQL injection. Devamını Oku
CVE-2020-27227
An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise underlying operating system. Devamını Oku
CVE-2020-27228
An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability. Devamını Oku