|
211171
|
9.8 |
CRITICAL
Network
|
apache
|
solr
|
Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that…
|
CWE-863
Incorrect Authorization
|
CVE-2020-13957
|
2024-11-21 14:02 |
2020-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211172
|
4.3 |
MEDIUM
Network
|
apache
debian
oracle
|
tomcat
debian_linux
instantis_enterprisetrack
sd-wan_edge
|
If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation o…
|
NVD-CWE-noinfo
|
CVE-2020-13943
|
2024-11-21 14:02 |
2020-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211173
|
5.4 |
MEDIUM
Network
|
atlassian
|
jira
jira_server
|
Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in Jira issue filter export files. The affected…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14184
|
2024-11-21 14:02 |
2020-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211174
|
5.9 |
MEDIUM
Network
|
apache
|
calcite
|
HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connec…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-13955
|
2024-11-21 14:02 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211175
|
4.3 |
MEDIUM
Network
|
atlassian
|
jira
|
Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vul…
|
CWE-200
Information Exposure
|
CVE-2020-14183
|
2024-11-21 14:02 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211176
|
6.1 |
MEDIUM
Network
|
secudos
|
qiata_fta
|
An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14294
|
2024-11-21 14:02 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211177
|
7.5 |
HIGH
Network
|
secudos
|
domos
|
conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface).
|
CWE-78
OS Command
|
CVE-2020-14293
|
2024-11-21 14:02 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211178
|
6.1 |
MEDIUM
Network
|
hcltech
|
digital_experience
|
HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14223
|
2024-11-21 14:02 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211179
|
5.5 |
MEDIUM
Local
|
apache
|
nifi
|
In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially …
|
CWE-611
XXE
|
CVE-2020-13940
|
2024-11-21 14:02 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211180
|
8.1 |
HIGH
Network
|
apache
|
superset
|
In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated…
|
NVD-CWE-noinfo
|
CVE-2020-13952
|
2024-11-21 14:02 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
