Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
health vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-38453
Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debug_info' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify addi...
Contechealth Cms8000 Firmware -
NA
CVE-2023-24610
NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow malicious users to steal Protected Health Information because the product is for health charting.
Nosh Chartingsystem Project Nosh Chartingsystem 2021-03-13
1 Github repository
3.6
CVSSv2
CVE-2022-30277
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health i...
Bd Synapsys 4.30
Bd Synapsys 4.20
NA
CVE-2023-0296
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary ...
Redhat Openshift 4.11
NA
CVE-2023-4242
The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive i...
Full Full - Customer
NA
CVE-2023-24065
NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow malicious users to steal Protected Health Information b...
Nosh Chartingsystem Project Nosh Chartingsystem -
5
CVSSv2
CVE-2021-1312
A vulnerability in the system resource management of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) to the health monitor API on an affected device. The vulnerability is due to inadequate provisioni...
Cisco Elastic Services Controller
NA
CVE-2022-43557
The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health informa...
Bd Bodyguard 999-603 Firmware -
Bd Bodyguard Duo 999-903 Firmware -
Bd Bodyguard Epidural 999-683 Firmware -
Bd Bodyguard Pain Manager 999-803 Firmware -
Bd Bodyguard T 999-103 Firmware -
Bd Bodyguard 323 Colorvision Firmware -
Bd Bodyguard 121 Twins Firmware -
7.5
CVSSv2
CVE-2020-10683
dom4j prior to 2.0.3 and 2.1.x prior to 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...
Dom4j Project Dom4j
Oracle Insurance Policy Administration J2ee 10.2.0
Oracle Insurance Rules Palette 10.2.0
Oracle Retail Integration Bus 15.0
Oracle Webcenter Portal 12.2.1.3.0
Oracle Webcenter Portal 11.1.1.9.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Utilities Framework 4.2.0.2.0
Oracle Utilities Framework 2.2.0.0.0
Oracle Flexcube Core Banking 11.7.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Endeca Information Discovery Integrator 3.2.0
Oracle Application Testing Suite 13.3.0.1
Oracle Retail Order Broker 15.0
Oracle Retail Order Broker 16.0
Oracle Retail Integration Bus 16.0
Oracle Retail Customer Management And Segmentation Foundation 16.0
Oracle Retail Customer Management And Segmentation Foundation 17.0
Oracle Retail Customer Management And Segmentation Foundation 18.0
Oracle Enterprise Data Quality 12.2.1.3.0
Oracle Data Integrator 12.2.1.3.0
Oracle Utilities Framework 4.4.0.0.0
7.5
CVSSv2
CVE-2019-15563
Observational Health Data Sciences and Informatics (OHDSI) WebAPI prior to 2.7.2 allows SQL injection in FeatureExtractionService.java.
Ohdsi Webapi
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »