|
210741
|
7.5 |
HIGH
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be …
|
CWE-611
XXE
|
CVE-2020-14029
|
2024-11-21 14:02 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210742
|
4.9 |
MEDIUM
Network
|
ozeki
|
ozeki_ng_sms_gateway
|
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any …
|
NVD-CWE-noinfo
|
CVE-2020-14021
|
2024-11-21 14:02 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210743
|
6.1 |
MEDIUM
Network
|
apache
|
airflow
|
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13944
|
2024-11-21 14:02 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210744
|
5.3 |
MEDIUM
Network
|
atlassian
|
jira
data_center
jira_server
|
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affect…
|
CWE-200
Information Exposure
|
CVE-2020-14181
|
2024-11-21 14:02 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210745
|
8.8 |
HIGH
Network
|
apache
|
superset
|
While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary …
|
NVD-CWE-noinfo
|
CVE-2020-13948
|
2024-11-21 14:02 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210746
|
8.8 |
HIGH
Network
|
istio-operator_project
|
istio-operator
|
An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3. This flaw allows an attacker with a basic level of access to the cl…
|
CWE-862
Missing Authorization
|
CVE-2020-14306
|
2024-11-21 14:02 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210747
|
6.1 |
MEDIUM
Network
|
apache
|
atlas
|
Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-13928
|
2024-11-21 14:02 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210748
|
9.8 |
CRITICAL
Network
|
daemonology
|
bsdiff
|
A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the san…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-14315
|
2024-11-21 14:02 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210749
|
5.5 |
MEDIUM
Local
|
linux
debian
canonical
starwindsoftware
|
linux_kernel
debian_linux
ubuntu_linux
starwind_virtual_san
|
A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to…
|
-
|
CVE-2020-14314
|
2024-11-21 14:02 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210750
|
4.4 |
MEDIUM
Local
|
linux
|
linux_kernel
|
A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the k…
|
-
|
CVE-2020-14304
|
2024-11-21 14:02 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
