Show filters
123 Total Results
Displaying 61-70 of 123
Sort by:
Attacker Value
Unknown

CVE-2020-25179

Disclosure Date: December 14, 2020 (last updated February 22, 2025)
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
Attacker Value
Unknown

CVE-2020-14292

Disclosure Date: September 09, 2020 (last updated November 28, 2024)
In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone without authorisation, bypassing the Bluetooth address randomisation protection in the user's phone.
Attacker Value
Unknown

CVE-2020-23829

Disclosure Date: September 01, 2020 (last updated February 22, 2025)
interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.
Attacker Value
Unknown

CVE-2020-11439

Disclosure Date: July 15, 2020 (last updated February 21, 2025)
LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.
Attacker Value
Unknown

CVE-2020-11436

Disclosure Date: July 15, 2020 (last updated February 21, 2025)
LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.
Attacker Value
Unknown

CVE-2020-11438

Disclosure Date: July 15, 2020 (last updated February 21, 2025)
LibreHealth EMR v2.0.0 is affected by systemic CSRF.
Attacker Value
Unknown

CVE-2020-11437

Disclosure Date: July 15, 2020 (last updated February 21, 2025)
LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.
Attacker Value
Unknown

CVE-2020-12860

Disclosure Date: May 18, 2020 (last updated February 21, 2025)
COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name.
Attacker Value
Unknown

CVE-2020-12859

Disclosure Date: May 18, 2020 (last updated February 21, 2025)
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations.
Attacker Value
Unknown

CVE-2020-12857

Disclosure Date: May 18, 2020 (last updated February 21, 2025)
Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe.