|
208611
|
9.8 |
CRITICAL
Network
|
openclinic_ga_project
|
openclinic_ga
|
An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID parameter. An attacker can make an authenticated HTTP request to trigger this vul…
|
CWE-89
SQL Injection
|
CVE-2020-27233
|
2024-11-21 14:20 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208612
|
7.8 |
HIGH
Local
|
openclinic_ga_project
|
openclinic_ga
|
An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a …
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-27228
|
2024-11-21 14:20 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208613
|
9.8 |
CRITICAL
Network
|
openclinic_ga_project
|
openclinic_ga
|
An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web reques…
|
CWE-78
OS Command
|
CVE-2020-27227
|
2024-11-21 14:20 |
2021-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208614
|
6.0 |
MEDIUM
Local
|
linux
fedoraproject
debian
canonical
|
linux_kernel
fedora
debian_linux
ubuntu_linux
|
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic…
|
CWE-193
Off-by-one Error
|
CVE-2020-27171
|
2024-11-21 14:20 |
2021-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208615
|
4.7 |
MEDIUM
Local
|
linux
fedoraproject
canonical
debian
|
linux_kernel
fedora
ubuntu_linux
debian_linux
|
An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spec…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-27170
|
2024-11-21 14:20 |
2021-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208616
|
7.8 |
HIGH
Local
|
softaculous
|
softaculous
|
Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host.
|
CWE-665
Improper Initialization
|
CVE-2020-26886
|
2024-11-21 14:20 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208617
|
7.5 |
HIGH
Network
|
mediaarea
fedoraproject
|
mediainfo
fedora
|
Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-26797
|
2024-11-21 14:20 |
2021-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208618
|
4.3 |
MEDIUM
Physics
|
hamilton-medical
|
hamilton-t1_firmware
|
In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently un…
|
-
|
CVE-2020-27282
|
2024-11-21 14:20 |
2021-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208619
|
5.2 |
MEDIUM
Physics
|
hamilton-medical
|
hamilton-t1_firmware
|
In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration…
|
-
|
CVE-2020-27278
|
2024-11-21 14:20 |
2021-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208620
|
7.8 |
HIGH
Local
|
eclipse
|
platform
|
In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue a…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-27225
|
2024-11-21 14:20 |
2021-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
