|
210721
|
5.8 |
MEDIUM
Network
|
redhat
|
ansible_tower
|
A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default or…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-14337
|
2024-11-21 14:03 |
2020-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210722
|
8.8 |
HIGH
Local
|
redhat
|
satellite
|
A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance.
|
-
|
CVE-2020-14334
|
2024-11-21 14:03 |
2020-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210723
|
8.8 |
HIGH
Network
|
freemedsoftware
|
openclinic_ga
|
OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-14488
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210724
|
9.8 |
CRITICAL
Network
|
freemedsoftware
|
openclinic_ga
|
OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute arbit…
|
NVD-CWE-Other
|
CVE-2020-14487
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210725
|
8.8 |
HIGH
Network
|
openclinic_ga_project
|
openclinic_ga
|
An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands.
|
CWE-863
Incorrect Authorization
|
CVE-2020-14486
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210726
|
8.8 |
HIGH
Network
|
openclinic_ga_project
|
openclinic_ga
|
A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands.
|
CWE-269
Improper Privilege Management
|
CVE-2020-14493
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210727
|
6.1 |
MEDIUM
Network
|
openclinic_ga_project
|
openclinic_ga
|
OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14492
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210728
|
8.8 |
HIGH
Network
|
openclinic_ga_project
|
openclinic_ga
|
OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious u…
|
CWE-22
Path Traversal
|
CVE-2020-14490
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210729
|
7.5 |
HIGH
Network
|
openclinic_ga_project
|
openclinic_ga
|
OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-14489
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210730
|
4.9 |
MEDIUM
Network
|
oracle
netapp
|
mysql
active_iq_unified_manager
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privi…
|
NVD-CWE-noinfo
|
CVE-2020-14725
|
2024-11-21 14:03 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
