Total
15939 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-25251 | 1 Hyland | 1 Onbase | 2022-06-30 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information. | |||||
CVE-2020-25254 | 1 Hyland | 1 Onbase | 2022-06-30 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by TestConnection_LocalOrLinkedServer, CreateFilterFriendlyView, or AddWorkViewLinkedServer. | |||||
CVE-2020-25253 | 1 Hyland | 1 Onbase | 2022-06-30 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter. | |||||
CVE-2020-25258 | 1 Hyland | 1 Onbase | 2022-06-30 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages. | |||||
CVE-2020-25257 | 1 Hyland | 1 Onbase | 2022-06-30 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access to arbitrary files. | |||||
CVE-2020-25256 | 1 Hyland | 1 Onbase | 2022-06-30 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. PKI certificates have a private key that is the same across different customers' installations. | |||||
CVE-2020-25260 | 1 Hyland | 1 Onbase | 2022-06-30 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization. | |||||
CVE-2020-25259 | 1 Hyland | 1 Onbase | 2022-06-30 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses XML deserialization libraries in an unsafe manner. | |||||
CVE-2020-2546 | 1 Oracle | 1 Weblogic Server | 2022-06-30 | 7.5 HIGH | 9.8 CRITICAL |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
CVE-2016-4303 | 4 Debian, Iperf3 Project, Novell and 1 more | 5 Debian Linux, Iperf3, Suse Package Hub For Suse Linux Enterprise and 2 more | 2022-06-30 | 7.5 HIGH | 9.8 CRITICAL |
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow. | |||||
CVE-2021-38945 | 1 Ibm | 1 Cognos Analytics | 2022-06-30 | 7.5 HIGH | 9.8 CRITICAL |
IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238. | |||||
CVE-2021-26638 | 1 Xisnd | 1 S\&d Smarthome | 2022-06-30 | 10.0 HIGH | 9.8 CRITICAL |
Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of the home environment including indoor control. | |||||
CVE-2022-28605 | 3 Apple, Google, Linkplay | 3 Iphone Os, Android, Sound Bar | 2022-06-30 | 7.5 HIGH | 9.8 CRITICAL |
Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay antifactory | |||||
CVE-2022-26134 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2022-06-30 | 7.5 HIGH | 9.8 CRITICAL |
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1. | |||||
CVE-2022-31784 | 1 Mitel | 2 Mivoice Business, Mivoice Business Express | 2022-06-30 | 6.8 MEDIUM | 9.8 CRITICAL |
A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interface) to conduct a buffer overflow attack due to insufficient validation of URL parameters. A successful exploit could allow arbitrary code execution. | |||||
CVE-2017-20095 | 1 Simple Ads Manager Project | 1 Simple Ads Manager | 2022-06-30 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely. | |||||
CVE-2020-4854 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2022-06-29 | 7.5 HIGH | 9.8 CRITICAL |
IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 190454. | |||||
CVE-2022-26338 | 1 Deltaww | 1 Diaenergie | 2022-06-29 | 10.0 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
CVE-2022-26887 | 1 Deltaww | 1 Diaenergie | 2022-06-29 | 10.0 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | |||||
CVE-2022-26666 | 1 Deltaww | 1 Diaenergie | 2022-06-29 | 10.0 HIGH | 9.8 CRITICAL |
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. |