Total
317826 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14302 | 1 Redhat | 1 Keycloak | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks. | |||||
| CVE-2020-14301 | 2 Netapp, Redhat | 13 Ontap Select Deploy Administration Utility, Codeready Linux Builder, Enterprise Linux and 10 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the `dumpxml` command. | |||||
| CVE-2020-14300 | 2 Docker, Redhat | 2 Docker, Enterprise Linux Server | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
| The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116 (https://access.redhat.com/errata/RHSA-2017:0116). The CVE-2020-14300 was assigned to this security regression and it is specific to the docker packages produced by Red Hat. The original issue - CVE-2016-9962 - could possibly allow a process inside container to compromise a process entering container namespace and execute arbitrary code outside of the container. This could lead to compromise of the container host or other containers running on the same container host. This issue only affects a single version of Docker, 1.13.1-108.git4ef4b30, shipped in Red Hat Enterprise Linux 7. Both earlier and later versions are not affected. | |||||
| CVE-2020-14299 | 1 Redhat | 3 Jboss Enterprise Application Platform, Openshift Application Runtimes, Single Sign-on | 2024-11-21 | 6.3 MEDIUM | 6.5 MEDIUM |
| A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability. | |||||
| CVE-2020-14298 | 2 Docker, Redhat | 3 Docker, Enterprise Linux Server, Openshift Container Platform | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
| The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected. | |||||
| CVE-2020-14297 | 1 Redhat | 6 Amq, Jboss-ejb-client, Jboss Enterprise Application Platform Continuous Delivery and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable. | |||||
| CVE-2020-14296 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible. | |||||
| CVE-2020-14295 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries. | |||||
| CVE-2020-14294 | 1 Secudos | 1 Qiata Fta | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board. | |||||
| CVE-2020-14293 | 1 Secudos | 1 Domos | 2024-11-21 | 8.5 HIGH | 7.5 HIGH |
| conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface). | |||||
| CVE-2020-14292 | 1 Health | 1 Covidsafe | 2024-11-21 | 2.9 LOW | 5.7 MEDIUM |
| In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone without authorisation, bypassing the Bluetooth address randomisation protection in the user's phone. | |||||
| CVE-2020-14275 | 1 Hcltechsw | 1 Hcl Commerce | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. | |||||
| CVE-2020-14274 | 1 Hcltechsw | 1 Hcl Commerce | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors. | |||||
| CVE-2020-14273 | 1 Hcltech | 1 Domino | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server. | |||||
| CVE-2020-14271 | 1 Hcltech | 1 Hcl Inotes | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim's web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials. | |||||
| CVE-2020-14270 | 1 Hcltech | 1 Domino | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability to obtain information about the XPages software running on the Domino server. | |||||
| CVE-2020-14268 | 1 Hcltech | 1 Notes | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client. | |||||
| CVE-2020-14264 | 1 Hcltech | 1 Traveler Companion | 2024-11-21 | 2.1 LOW | 3.9 LOW |
| "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK" | |||||
| CVE-2020-14263 | 1 Hcltech | 1 Traveler Companion | 2024-11-21 | 2.1 LOW | 3.9 LOW |
| "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK" | |||||
| CVE-2020-14260 | 1 Hcltech | 1 Domino | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system. | |||||