Total
34125 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14179 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 5.3 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1. | ||||
| CVE-2020-14178 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 7.5 High |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0. | ||||
| CVE-2020-14177 | 1 Atlassian | 1 Jira Server | 2024-11-21 | 6.5 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from version 8.6.0 before 8.10.2; and from version 8.11.0 before 8.11.1. | ||||
| CVE-2020-14168 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 5.9 Medium |
| The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability. | ||||
| CVE-2020-14167 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-11-21 | 7.5 High |
| The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability. | ||||
| CVE-2020-14165 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-11-21 | 5.3 Medium |
| The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability. | ||||
| CVE-2020-14150 | 1 Gnu | 1 Bison | 2024-11-21 | 5.5 Medium |
| GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. | ||||
| CVE-2020-14131 | 1 Mi | 1 Xiaomi | 2024-11-21 | 9.8 Critical |
| The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life. | ||||
| CVE-2020-14129 | 1 Mi | 1 Xiaomi | 2024-11-21 | 9.8 Critical |
| A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege. | ||||
| CVE-2020-14126 | 1 Mi | 1 Sound | 2024-11-21 | 7.5 High |
| Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information. | ||||
| CVE-2020-14114 | 1 Mi | 1 Smarthome | 2024-11-21 | 7.5 High |
| information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information. | ||||
| CVE-2020-14105 | 1 Mi | 2 Mi 10, Miui | 2024-11-21 | 5.5 Medium |
| The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. | ||||
| CVE-2020-14103 | 1 Mi | 2 Mi 10, Miui | 2024-11-21 | 5.5 Medium |
| The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. | ||||
| CVE-2020-14101 | 1 Mi | 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more | 2024-11-21 | 7.5 High |
| The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. | ||||
| CVE-2020-14097 | 1 Mi | 2 Redmi Ax6, Redmi Ax6 Firmware | 2024-11-21 | 7.5 High |
| Wrong nginx configuration, causing specific paths to be downloaded without authorization. This affects Xiaomi router AX6 ROM version < 1.0.18. | ||||
| CVE-2020-14058 | 4 Fedoraproject, Netapp, Redhat and 1 more | 4 Fedora, Cloud Manager, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string. | ||||
| CVE-2020-14031 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2024-11-21 | 7.2 High |
| An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the system and/or files that have special security attributes (e.g., Windows Defender files). | ||||
| CVE-2020-14021 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2024-11-21 | 4.9 Medium |
| An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITY\SYSTEM privileges. | ||||
| CVE-2020-14005 | 1 Solarwinds | 2 Orion Network Performance Monitor, Orion Web Performance Monitor | 2024-11-21 | 8.8 High |
| Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. | ||||
| CVE-2020-13991 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register. | ||||