Vulnerabilities (CVE)

Total 15939 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-25251 1 Hyland 1 Onbase 2022-06-30 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information.
CVE-2020-25254 1 Hyland 1 Onbase 2022-06-30 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by TestConnection_LocalOrLinkedServer, CreateFilterFriendlyView, or AddWorkViewLinkedServer.
CVE-2020-25253 1 Hyland 1 Onbase 2022-06-30 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter.
CVE-2020-25258 1 Hyland 1 Onbase 2022-06-30 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages.
CVE-2020-25257 1 Hyland 1 Onbase 2022-06-30 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access to arbitrary files.
CVE-2020-25256 1 Hyland 1 Onbase 2022-06-30 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. PKI certificates have a private key that is the same across different customers' installations.
CVE-2020-25260 1 Hyland 1 Onbase 2022-06-30 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization.
CVE-2020-25259 1 Hyland 1 Onbase 2022-06-30 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses XML deserialization libraries in an unsafe manner.
CVE-2020-2546 1 Oracle 1 Weblogic Server 2022-06-30 7.5 HIGH 9.8 CRITICAL
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2016-4303 4 Debian, Iperf3 Project, Novell and 1 more 5 Debian Linux, Iperf3, Suse Package Hub For Suse Linux Enterprise and 2 more 2022-06-30 7.5 HIGH 9.8 CRITICAL
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
CVE-2021-38945 1 Ibm 1 Cognos Analytics 2022-06-30 7.5 HIGH 9.8 CRITICAL
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238.
CVE-2021-26638 1 Xisnd 1 S\&d Smarthome 2022-06-30 10.0 HIGH 9.8 CRITICAL
Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of the home environment including indoor control.
CVE-2022-28605 3 Apple, Google, Linkplay 3 Iphone Os, Android, Sound Bar 2022-06-30 7.5 HIGH 9.8 CRITICAL
Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory
CVE-2022-26134 1 Atlassian 2 Confluence Data Center, Confluence Server 2022-06-30 7.5 HIGH 9.8 CRITICAL
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
CVE-2022-31784 1 Mitel 2 Mivoice Business, Mivoice Business Express 2022-06-30 6.8 MEDIUM 9.8 CRITICAL
A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interface) to conduct a buffer overflow attack due to insufficient validation of URL parameters. A successful exploit could allow arbitrary code execution.
CVE-2017-20095 1 Simple Ads Manager Project 1 Simple Ads Manager 2022-06-30 7.5 HIGH 9.8 CRITICAL
A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely.
CVE-2020-4854 2 Ibm, Linux 2 Spectrum Protect Plus, Linux Kernel 2022-06-29 7.5 HIGH 9.8 CRITICAL
IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454.
CVE-2022-26338 1 Deltaww 1 Diaenergie 2022-06-29 10.0 HIGH 9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-26887 1 Deltaww 1 Diaenergie 2022-06-29 10.0 HIGH 9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.
CVE-2022-26666 1 Deltaww 1 Diaenergie 2022-06-29 10.0 HIGH 9.8 CRITICAL
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.