|
197031
|
5.4 |
MEDIUM
Network
|
atlassian
|
jira
jira_software_data_center
jira_server
jira_data_center
|
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or Ja…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4024
|
2024-11-21 14:32 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197032
|
6.1 |
MEDIUM
Network
|
atlassian
|
jira
jira_software_data_center
jira_server
jira_data_center
|
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or Ja…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4022
|
2024-11-21 14:32 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197033
|
7.8 |
HIGH
Local
|
neutrinolabs
|
xrdp
|
The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the se…
|
-
|
CVE-2020-4044
|
2024-11-21 14:32 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197034
|
7.5 |
HIGH
Network
|
coturn_project
debian
fedoraproject
canonical
opensuse
|
coturn
debian_linux
fedora
ubuntu_linux
leap
|
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an …
|
-
|
CVE-2020-4067
|
2024-11-21 14:32 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197035
|
5.4 |
MEDIUM
Network
|
oauth2_proxy_project
|
oauth2_proxy
|
In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is exp…
|
-
|
CVE-2020-4037
|
2024-11-21 14:32 |
2020-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197036
|
5.4 |
MEDIUM
Network
|
ibm
|
business_process_manager
business_automation_workflow
|
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScrip…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4557
|
2024-11-21 14:32 |
2020-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197037
|
7.5 |
HIGH
Network
|
ibm
|
api_connect
|
IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 181324.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-4452
|
2024-11-21 14:32 |
2020-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197038
|
6.5 |
MEDIUM
Network
|
hcltech
|
notes
|
HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. This vulnerability could result in files from the user's filesystem or connected network…
|
NVD-CWE-noinfo
|
CVE-2020-4089
|
2024-11-21 14:32 |
2020-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197039
|
5.9 |
MEDIUM
Network
|
ibm
|
spectrum_protect_plus
|
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 1…
|
CWE-200
Information Exposure
|
CVE-2020-4565
|
2024-11-21 14:32 |
2020-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197040
|
5.4 |
MEDIUM
Network
|
ibm
|
maximo_asset_management
|
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4223
|
2024-11-21 14:32 |
2020-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
