Vulnerability in the Oracle Health Sciences Data Management Workbench product of Oracle Health Sciences Applications (component: User Interface). Supported versions that are affected are 2.4.8.7 and 2.5.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences Data Management Workbench. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Health Sciences Data Management Workbench accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service.

LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.

LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS.

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS.

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.

LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS.

Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.

A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.