|
211731
|
7.5 |
HIGH
Network
|
samba
fedoraproject
opensuse
debian
canonical
|
samba
fedora
leap
debian_linux
ubuntu_linux
|
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.
|
CWE-834
Excessive Iteration
|
CVE-2020-14303
|
2024-11-21 14:02 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211732
|
5.4 |
MEDIUM
Network
|
atlassian
|
jira
jira_software_data_center
jira_server
jira_data_center
|
The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2020-14173
|
2024-11-21 14:02 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211733
|
9.8 |
CRITICAL
Network
|
atlassian
|
jira
jira_software_data_center
|
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atl…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-14172
|
2024-11-21 14:02 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211734
|
9.8 |
CRITICAL
Network
|
ithemes
|
paypal_pro
|
The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for WordPress allows SQL Injection.
|
CWE-89
SQL Injection
|
CVE-2020-14092
|
2024-11-21 14:02 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211735
|
5.3 |
MEDIUM
Network
|
powerdns
|
recursor
|
In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.
|
CWE-863
Incorrect Authorization
|
CVE-2020-14196
|
2024-11-21 14:02 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211736
|
9.8 |
CRITICAL
Network
|
monstaftp
|
monsta_ftp
|
Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code exec…
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2020-14057
|
2024-11-21 14:02 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211737
|
9.8 |
CRITICAL
Network
|
monstaftp
|
monsta_ftp
|
Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. This allows attackers to read arbitrary local files …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-14056
|
2024-11-21 14:02 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211738
|
6.1 |
MEDIUM
Network
|
monstaftp
|
monsta_ftp
|
Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding.
|
CWE-79
Cross-site Scripting
|
CVE-2020-14055
|
2024-11-21 14:02 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211739
|
6.1 |
MEDIUM
Network
|
atlassian
|
jira
jira_software_data_center
|
The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability
|
CWE-79
Cross-site Scripting
|
CVE-2020-14169
|
2024-11-21 14:02 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
211740
|
5.9 |
MEDIUM
Network
|
atlassian
|
jira
jira_software_data_center
jira_server
jira_data_center
|
The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails…
|
NVD-CWE-noinfo
|
CVE-2020-14168
|
2024-11-21 14:02 |
2020-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
