|
211121
|
6.5 |
MEDIUM
Network
|
apache
|
dolphinscheduler
|
Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary user under any tenant to override another users password through the API interface.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-13922
|
2024-11-21 14:02 |
2021-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211122
|
7.5 |
HIGH
Network
|
hcltech
|
domino
|
HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to c…
|
CWE-20
Improper Input Validation
|
CVE-2020-14273
|
2024-11-21 14:02 |
2020-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211123
|
6.1 |
MEDIUM
Network
|
crk
|
business_platform
|
CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter. This is path-independent.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13969
|
2024-11-21 14:02 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211124
|
9.8 |
CRITICAL
Network
|
crk
|
business_platform
|
CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter.
|
CWE-89
SQL Injection
|
CVE-2020-13968
|
2024-11-21 14:02 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211125
|
5.3 |
MEDIUM
Network
|
hcltech
|
domino
|
HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability …
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2020-14270
|
2024-11-21 14:02 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211126
|
8.8 |
HIGH
Network
|
hcltechsw
|
hcl_client_application_access
|
A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow …
|
CWE-20
CWE-787
Improper Input Validation
Out-of-bounds Write
|
CVE-2020-14231
|
2024-11-21 14:02 |
2020-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211127
|
6.5 |
MEDIUM
Network
|
hcltechsw
hcltech
|
hcl_inotes
|
HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into e…
|
NVD-CWE-Other
|
CVE-2020-14225
|
2024-11-21 14:02 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211128
|
6.1 |
MEDIUM
Network
|
hcltech
|
hcl_inotes
|
HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulne…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14271
|
2024-11-21 14:02 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211129
|
9.8 |
CRITICAL
Network
|
hcltech
|
notes
|
A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote a…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14224
|
2024-11-21 14:02 |
2020-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211130
|
8.8 |
HIGH
Network
|
hcltech
|
notes
|
A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to cras…
|
NVD-CWE-Other
|
CVE-2020-14232
|
2024-11-21 14:02 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
