Filtered by vendor Hyland
Subscriptions
Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-3855 | 1 Hyland | 1 Perceptive Document Filters | 2024-09-17 | 7.8 High |
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution. | ||||
CVE-2018-3851 | 1 Hyland | 1 Perceptive Document Filters | 2024-09-17 | 8.8 High |
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution. | ||||
CVE-2018-3845 | 1 Hyland | 1 Perceptive Document Filters | 2024-09-17 | 8.8 High |
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution. | ||||
CVE-2018-3844 | 1 Hyland | 1 Perceptive Document Filters | 2024-09-17 | 8.8 High |
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted DOCX document can lead to a use-after-free resulting in direct code execution. | ||||
CVE-2018-6293 | 1 Hyland | 1 Saperion Web Client | 2024-09-16 | N/A |
Arbitrary File Read in Saperion Web Client version 7.5.2 83166. | ||||
CVE-2018-6292 | 1 Hyland | 1 Saperion Web Client | 2024-09-16 | N/A |
Remote Code Execution in Saperion Web Client version 7.5.2 83166. | ||||
CVE-2024-40347 | 1 Hyland | 1 Alfresco Content Services | 2024-08-22 | 6.1 Medium |
A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid. | ||||
CVE-2018-19629 | 1 Hyland | 1 Perceptive Content Server | 2024-08-05 | N/A |
A Denial of Service vulnerability in the ImageNow Server service in Hyland Perceptive Content Server before 7.1.5 allows an attacker to crash the service via a TCP connection. | ||||
CVE-2020-25248 | 1 Hyland | 1 Onbase | 2024-08-04 | 7.5 High |
An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter. | ||||
CVE-2020-25260 | 1 Hyland | 1 Onbase | 2024-08-04 | 9.8 Critical |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization. | ||||
CVE-2020-25250 | 1 Hyland | 1 Onbase | 2024-08-04 | 7.5 High |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to the server logs. | ||||
CVE-2020-25253 | 1 Hyland | 1 Onbase | 2024-08-04 | 9.8 Critical |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter. | ||||
CVE-2020-25257 | 1 Hyland | 1 Onbase | 2024-08-04 | 9.8 Critical |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access to arbitrary files. | ||||
CVE-2020-25256 | 1 Hyland | 1 Onbase | 2024-08-04 | 9.1 Critical |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. PKI certificates have a private key that is the same across different customers' installations. | ||||
CVE-2020-25249 | 1 Hyland | 1 Onbase | 2024-08-04 | 5.3 Medium |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. The server typically logs activity only when a client application specifies that logging is desired. This can be problematic for use cases in a regulated industry, where server-side logging is required in additional situations. | ||||
CVE-2020-25247 | 1 Hyland | 1 Onbase | 2024-08-04 | 7.5 High |
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter. | ||||
CVE-2020-25252 | 1 Hyland | 1 Onbase | 2024-08-04 | 8.8 High |
An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account). | ||||
CVE-2020-25258 | 1 Hyland | 1 Onbase | 2024-08-04 | 9.8 Critical |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages. | ||||
CVE-2020-25255 | 1 Hyland | 1 Onbase | 2024-08-04 | 7.5 High |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a denial of service (outage of connection-request processing) via a long user ID, which triggers an exception and a large log entry. | ||||
CVE-2020-25251 | 1 Hyland | 1 Onbase | 2024-08-04 | 9.1 Critical |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information. |