Export limit exceeded: 76467 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76467 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14273 | 1 Hcltech | 1 Domino | 2024-11-21 | 7.5 High |
| HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server. | ||||
| CVE-2020-14258 | 1 Hcltech | 1 Notes | 2024-11-21 | 7.5 High |
| HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected. | ||||
| CVE-2020-14255 | 1 Hcltech | 1 Digital Experience | 2024-11-21 | 7.5 High |
| HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations. | ||||
| CVE-2020-14254 | 1 Hcltech | 1 Bigfix Platform | 2024-11-21 | 7.5 High |
| TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it. | ||||
| CVE-2020-14246 | 1 Hcltechsw | 1 Onetest Performance | 2024-11-21 | 7.5 High |
| HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication which is relatively weak. An attacker could potentially decode the encoded credentials. | ||||
| CVE-2020-14234 | 1 Hcltech | 1 Domino | 2024-11-21 | 7.5 High |
| HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected. | ||||
| CVE-2020-14232 | 1 Hcltech | 1 Notes | 2024-11-21 | 8.8 High |
| A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user. | ||||
| CVE-2020-14231 | 1 Hcltechsw | 1 Hcl Client Application Access | 2024-11-21 | 8.8 High |
| A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user. | ||||
| CVE-2020-14230 | 1 Hcltech | 1 Domino | 2024-11-21 | 7.5 High |
| HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected. | ||||
| CVE-2020-14215 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 7.5 High |
| Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations. | ||||
| CVE-2020-14212 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 8.8 High |
| FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted. | ||||
| CVE-2020-14209 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 8.8 High |
| Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism). | ||||
| CVE-2020-14204 | 1 Ibi | 1 Webfocus Business Intelligence | 2024-11-21 | 8.2 High |
| In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes to the application repository configuration. | ||||
| CVE-2020-14203 | 1 Ibi | 1 Webfocus Business Intelligence | 2024-11-21 | 8.8 High |
| WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with CVE-2016-9044. | ||||
| CVE-2020-14198 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-21 | 7.5 High |
| Bitcoin Core 0.20.0 allows remote denial of service. | ||||
| CVE-2020-14195 | 5 Debian, Fasterxml, Netapp and 2 more | 17 Debian Linux, Jackson-databind, Active Iq Unified Manager and 14 more | 2024-11-21 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). | ||||
| CVE-2020-14191 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 7.5 High |
| Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. | ||||
| CVE-2020-14190 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 7.5 High |
| Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4. | ||||
| CVE-2020-14178 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 7.5 High |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0. | ||||
| CVE-2020-14167 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 7.5 High |
| The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability. | ||||