Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
High

CVE-2023-43208

Disclosure Date: October 26, 2023 (last updated November 04, 2023)
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
3
2
Attacker Value
Moderate

CVE-2023-37679

Disclosure Date: August 03, 2023 (last updated October 08, 2023)
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
2
1
Attacker Value
Unknown

CVE-2023-34185

Disclosure Date: July 11, 2023 (last updated October 08, 2023)
Cross-Site Request Forgery (CSRF) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-35098

Disclosure Date: June 20, 2023 (last updated October 08, 2023)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2014-6650

Disclosure Date: September 23, 2014 (last updated October 05, 2023)
The NextGenUpdate (aka com.tapatalk.nextgenupdatecomforums) application 3.1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
0
0