|
210001
|
6.5 |
MEDIUM
Network
|
hcltechsw
hcltech
|
hcl_inotes
|
HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into e…
|
NVD-CWE-Other
|
CVE-2020-14225
|
2024-11-21 14:02 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210002
|
6.1 |
MEDIUM
Network
|
hcltech
|
hcl_inotes
|
HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulne…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14271
|
2024-11-21 14:02 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210003
|
9.8 |
CRITICAL
Network
|
hcltech
|
notes
|
A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote a…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14224
|
2024-11-21 14:02 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210004
|
8.8 |
HIGH
Network
|
hcltech
|
notes
|
A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to cras…
|
NVD-CWE-Other
|
CVE-2020-14232
|
2024-11-21 14:02 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210005
|
9.8 |
CRITICAL
Network
|
apache
|
tomee
|
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP…
|
NVD-CWE-noinfo
|
CVE-2020-13931
|
2024-11-21 14:02 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210006
|
7.5 |
HIGH
Network
|
hcltech
|
bigfix_platform
|
TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-14254
|
2024-11-21 14:02 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210007
|
5.3 |
MEDIUM
Network
|
hcltech
|
bigfix_platform
|
BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-14248
|
2024-11-21 14:02 |
2020-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210008
|
4.9 |
MEDIUM
Network
|
redhat
|
keycloak
|
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2020-14302
|
2024-11-21 14:02 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210009
|
9.8 |
CRITICAL
Network
|
hcltech
|
notes
|
A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could all…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14268
|
2024-11-21 14:02 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210010
|
9.8 |
CRITICAL
Network
|
hcltech
|
domino
|
A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could al…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14244
|
2024-11-21 14:02 |
2020-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
