|
209571
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira
jira_software_data_center
jira_server
jira_data_center
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administrati…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-14174
|
2024-11-21 14:02 |
2020-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209572
|
6.5 |
MEDIUM
Network
|
atlassian
|
bitbucket
|
Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-14171
|
2024-11-21 14:02 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209573
|
4.3 |
MEDIUM
Network
|
atlassian
|
bitbucket
|
Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vuln…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-14170
|
2024-11-21 14:02 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209574
|
8.8 |
HIGH
Network
|
mods-for-hesk
|
mods_for_hesk
|
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-13994
|
2024-11-21 14:02 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209575
|
7.5 |
HIGH
Network
|
mods-for-hesk
|
mods_for_hesk
|
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket.
|
CWE-89
SQL Injection
|
CVE-2020-13993
|
2024-11-21 14:02 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209576
|
6.1 |
MEDIUM
Network
|
mods-for-hesk
|
mods_for_hesk
|
An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Stored XSS issue allows remote unauthenticated attackers to abuse a helpdesk user's logged in session. A user with sufficient privil…
|
CWE-79
Cross-site Scripting
|
CVE-2020-13992
|
2024-11-21 14:02 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209577
|
7.5 |
HIGH
Network
|
samba
fedoraproject
opensuse
debian
canonical
|
samba
fedora
leap
debian_linux
ubuntu_linux
|
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.
|
CWE-834
Excessive Iteration
|
CVE-2020-14303
|
2024-11-21 14:02 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209578
|
5.4 |
MEDIUM
Network
|
atlassian
|
jira
jira_software_data_center
jira_server
jira_data_center
|
The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14173
|
2024-11-21 14:02 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209579
|
9.8 |
CRITICAL
Network
|
atlassian
|
jira
jira_software_data_center
|
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atl…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-14172
|
2024-11-21 14:02 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209580
|
9.8 |
CRITICAL
Network
|
ithemes
|
paypal_pro
|
The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection.
|
CWE-89
SQL Injection
|
CVE-2020-14092
|
2024-11-21 14:02 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
