Filtered by vendor Hyland
Subscribe
Search
Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49964 | 1 Hyland | 1 Alfresco Content Services | 2023-12-14 | N/A | 8.8 HIGH |
| An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873. | |||||
| CVE-2020-25248 | 1 Hyland | 1 Onbase | 2022-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter. | |||||
| CVE-2020-25252 | 1 Hyland | 1 Onbase | 2022-06-30 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account). | |||||
| CVE-2020-25250 | 1 Hyland | 1 Onbase | 2022-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to the server logs. | |||||
| CVE-2020-25255 | 1 Hyland | 1 Onbase | 2022-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a denial of service (outage of connection-request processing) via a long user ID, which triggers an exception and a large log entry. | |||||
| CVE-2020-25247 | 1 Hyland | 1 Onbase | 2020-10-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter. | |||||
| CVE-2018-3851 | 1 Hyland | 1 Perceptive Document Filters | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution. | |||||
| CVE-2018-19629 | 1 Hyland | 1 Perceptive Content Server | 2019-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability in the ImageNow Server service in Hyland Perceptive Content Server before 7.1.5 allows an attacker to crash the service via a TCP connection. | |||||
| CVE-2018-3855 | 1 Hyland | 1 Perceptive Document Filters | 2018-06-04 | 6.8 MEDIUM | 7.8 HIGH |
| In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution. | |||||
| CVE-2018-3845 | 1 Hyland | 1 Perceptive Document Filters | 2018-06-04 | 6.8 MEDIUM | 7.8 HIGH |
| In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution. | |||||
| CVE-2018-3844 | 1 Hyland | 1 Perceptive Document Filters | 2018-06-04 | 6.8 MEDIUM | 7.8 HIGH |
| In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted DOCX document can lead to a use-after-free resulting in direct code execution. | |||||
| CVE-2018-6293 | 1 Hyland | 1 Saperion Web Client | 2018-03-06 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary File Read in Saperion Web Client version 7.5.2 83166. | |||||