Show filters
123 Total Results
Displaying 61-70 of 123
Sort by:
Attacker Value
Unknown
CVE-2020-25179
Disclosure Date: December 14, 2020 (last updated February 22, 2025)
GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.
0
Attacker Value
Unknown
CVE-2020-14292
Disclosure Date: September 09, 2020 (last updated November 28, 2024)
In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone without authorisation, bypassing the Bluetooth address randomisation protection in the user's phone.
0
Attacker Value
Unknown
CVE-2020-23829
Disclosure Date: September 01, 2020 (last updated February 22, 2025)
interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.
0
Attacker Value
Unknown
CVE-2020-11439
Disclosure Date: July 15, 2020 (last updated February 21, 2025)
LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.
0
Attacker Value
Unknown
CVE-2020-11436
Disclosure Date: July 15, 2020 (last updated February 21, 2025)
LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.
0
Attacker Value
Unknown
CVE-2020-11438
Disclosure Date: July 15, 2020 (last updated February 21, 2025)
LibreHealth EMR v2.0.0 is affected by systemic CSRF.
0
Attacker Value
Unknown
CVE-2020-11437
Disclosure Date: July 15, 2020 (last updated February 21, 2025)
LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.
0
Attacker Value
Unknown
CVE-2020-12860
Disclosure Date: May 18, 2020 (last updated February 21, 2025)
COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name.
0
Attacker Value
Unknown
CVE-2020-12859
Disclosure Date: May 18, 2020 (last updated February 21, 2025)
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations.
0
Attacker Value
Unknown
CVE-2020-12857
Disclosure Date: May 18, 2020 (last updated February 21, 2025)
Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe.
0