|
209431
|
9.8 |
CRITICAL
Network
|
crk
|
business_platform
|
CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter.
|
CWE-89
SQL Injection
|
CVE-2020-13968
|
2024-11-21 14:02 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209432
|
5.3 |
MEDIUM
Network
|
hcltech
|
domino
|
HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability …
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2020-14270
|
2024-11-21 14:02 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209433
|
8.8 |
HIGH
Network
|
hcltechsw
|
hcl_client_application_access
|
A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow …
|
CWE-20
CWE-787
Improper Input Validation
Out-of-bounds Write
|
CVE-2020-14231
|
2024-11-21 14:02 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209434
|
6.5 |
MEDIUM
Network
|
hcltechsw
hcltech
|
hcl_inotes
|
HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into e…
|
NVD-CWE-Other
|
CVE-2020-14225
|
2024-11-21 14:02 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209435
|
6.1 |
MEDIUM
Network
|
hcltech
|
hcl_inotes
|
HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulne…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14271
|
2024-11-21 14:02 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209436
|
9.8 |
CRITICAL
Network
|
hcltech
|
notes
|
A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote a…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14224
|
2024-11-21 14:02 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209437
|
8.8 |
HIGH
Network
|
hcltech
|
notes
|
A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to cras…
|
NVD-CWE-Other
|
CVE-2020-14232
|
2024-11-21 14:02 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209438
|
9.8 |
CRITICAL
Network
|
apache
|
tomee
|
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP…
|
NVD-CWE-noinfo
|
CVE-2020-13931
|
2024-11-21 14:02 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209439
|
7.5 |
HIGH
Network
|
hcltech
|
bigfix_platform
|
TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-14254
|
2024-11-21 14:02 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209440
|
5.3 |
MEDIUM
Network
|
hcltech
|
bigfix_platform
|
BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-14248
|
2024-11-21 14:02 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
