Search Results (83623 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-14324 1 Redhat 2 Cloudforms Management Engine, Cloudforms Managementengine 2024-11-21 9.1 Critical
A high severity vulnerability was found in all active versions of Red Hat CloudForms before 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This flaw allows attacker to execute arbitrary commands on CloudForms server.
CVE-2020-14322 1 Moodle 1 Moodle 2024-11-21 7.5 High
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service.
CVE-2020-14320 1 Moodle 1 Moodle 2024-11-21 6.1 Medium
In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.
CVE-2020-14315 1 Daemonology 1 Bsdiff 2024-11-21 9.8 Critical
A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries.
CVE-2020-14309 3 Gnu, Opensuse, Redhat 7 Grub2, Leap, Enterprise Linux and 4 more 2024-11-21 6.7 Medium
There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.
CVE-2020-14305 3 Linux, Netapp, Redhat 12 Linux Kernel, A250, A250 Firmware and 9 more 2024-11-21 8.1 High
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2020-14304 1 Linux 1 Linux Kernel 2024-11-21 4.4 Medium
A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.
CVE-2020-14294 1 Secudos 1 Qiata Fta 2024-11-21 6.1 Medium
An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board.
CVE-2020-14293 1 Secudos 1 Domos 2024-11-21 7.5 High
conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface).
CVE-2020-14271 1 Hcltech 1 Hcl Inotes 2024-11-21 6.1 Medium
HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
CVE-2020-14270 1 Hcltech 1 Domino 2024-11-21 5.3 Medium
HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability to obtain information about the XPages software running on the Domino server.
CVE-2020-14268 1 Hcltech 1 Notes 2024-11-21 9.8 Critical
A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client.
CVE-2020-14263 1 Hcltech 1 Traveler Companion 2024-11-21 3.9 Low
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"
CVE-2020-14244 1 Hcltech 1 Domino 2024-11-21 9.8 Critical
A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server.
CVE-2020-14240 1 Hcltech 1 Notes 2024-11-21 6.1 Medium
HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
CVE-2020-14231 1 Hcltechsw 1 Hcl Client Application Access 2024-11-21 8.8 High
A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user.
CVE-2020-14224 1 Hcltech 1 Notes 2024-11-21 9.8 Critical
A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user.
CVE-2020-14223 1 Hcltech 1 Digital Experience 2024-11-21 6.1 Medium
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack.
CVE-2020-14222 1 Hcltech 1 Hcl Digital Experience 2024-11-21 6.1 Medium
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).
CVE-2020-14212 1 Ffmpeg 1 Ffmpeg 2024-11-21 8.8 High
FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.