|
215441
|
8.8 |
HIGH
Local
|
redhat
|
satellite
|
A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance.
|
-
|
CVE-2020-14334
|
2024-11-21 14:03 |
2020-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215442
|
8.8 |
HIGH
Network
|
freemedsoftware
|
openclinic_ga
|
OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-14488
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215443
|
9.8 |
CRITICAL
Network
|
freemedsoftware
|
openclinic_ga
|
OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute arbit…
|
NVD-CWE-Other
|
CVE-2020-14487
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215444
|
8.8 |
HIGH
Network
|
openclinic_ga_project
|
openclinic_ga
|
An attacker may bypass permission/authorization checks in OpenClinic GA 5.09.02 and 5.89.05b by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands.
|
CWE-863
Incorrect Authorization
|
CVE-2020-14486
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215445
|
8.8 |
HIGH
Network
|
openclinic_ga_project
|
openclinic_ga
|
A low-privilege user may use SQL syntax to write arbitrary files to the OpenClinic GA 5.09.02 and 5.89.05b server, which may allow the execution of arbitrary commands.
|
CWE-269
Improper Privilege Management
|
CVE-2020-14493
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215446
|
6.1 |
MEDIUM
Network
|
openclinic_ga_project
|
openclinic_ga
|
OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14492
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215447
|
8.8 |
HIGH
Network
|
openclinic_ga_project
|
openclinic_ga
|
OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious u…
|
CWE-22
Path Traversal
|
CVE-2020-14490
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215448
|
7.5 |
HIGH
Network
|
openclinic_ga_project
|
openclinic_ga
|
OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-14489
|
2024-11-21 14:03 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215449
|
4.9 |
MEDIUM
Network
|
oracle
netapp
|
mysql
active_iq_unified_manager
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privi…
|
NVD-CWE-noinfo
|
CVE-2020-14725
|
2024-11-21 14:03 |
2020-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215450
|
9.8 |
CRITICAL
Network
|
openclinic_ga_project
|
openclinic_ga
|
OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow u…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-14494
|
2024-11-21 14:03 |
2020-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
