Search Results (83617 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-14175 1 Atlassian 2 Confluence Data Center, Confluence Server 2024-11-21 5.4 Medium
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2.
CVE-2020-14173 1 Atlassian 4 Jira, Jira Data Center, Jira Server and 1 more 2024-11-21 5.4 Medium
The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.
CVE-2020-14169 1 Atlassian 2 Jira, Jira Software Data Center 2024-11-21 6.1 Medium
The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability
CVE-2020-14166 1 Atlassian 1 Jira Service Desk 2024-11-21 4.8 Medium
The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.
CVE-2020-14164 1 Atlassian 2 Jira, Jira Software Data Center 2024-11-21 6.1 Medium
The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field.
CVE-2020-14162 1 Pi-hole 1 Pi-hole 2024-11-21 7.8 High
An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command.
CVE-2020-14161 1 Thecodingmachine 1 Gotenberg 2024-11-21 6.1 Medium
It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint.
CVE-2020-14147 4 Debian, Oracle, Redislabs and 1 more 4 Debian Linux, Communications Operations Monitor, Redis and 1 more 2024-11-21 7.7 High
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.
CVE-2020-14146 1 Kumbiaphp 1 Kumbiaphp 2024-11-21 5.4 Medium
KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATH_INFO.
CVE-2020-14144 1 Gitea 1 Gitea 2024-11-21 7.2 High
The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states "This is a functionality of the software that is limited to a very limited subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides.
CVE-2020-14127 1 Mi 3 Miui, Redmi K40, Redmi Note 10 Pro 2024-11-21 7.5 High
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service.
CVE-2020-14125 1 Mi 3 Miui, Redmi Note 11, Redmi Note 9t 2024-11-21 7.5 High
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service.
CVE-2020-14119 1 Mi 1 Ax3600 2024-11-21 9.8 Critical
There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12
CVE-2020-14109 1 Mi 2 Ax3600, Ax3600 Firmware 2024-11-21 7.2 High
There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12
CVE-2020-14107 1 Mi 1 Xiaomi Mirror Screen 2024-11-21 7.5 High
A stack overflow in the HTTP server of Cast can be exploited to make the app crash in LAN.
CVE-2020-14102 1 Mi 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more 2024-11-21 7.2 High
There is command injection when ddns processes the hostname, which causes the administrator user to obtain the root privilege of the router. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26.
CVE-2020-14100 1 Mi 2 R3600, R3600 Firmware 2024-11-21 9.8 Critical
In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 interface can be bypassed, causing remote code execution. The router administrator can gain root access from this vulnerability.
CVE-2020-14099 1 Mi 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more 2024-11-21 7.5 High
On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version < 1.0.26, the encryption scheme for a user's backup files uses hard-coded keys, which can expose sensitive information such as a user's password.
CVE-2020-14095 1 Mi 2 Xiaomi R3600, Xiaomi R3600 Firmware 2024-11-21 9.8 Critical
In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution.
CVE-2020-14094 1 Mi 2 Xiaomi R3600, Xiaomi R3600 Firmware 2024-11-21 9.8 Critical
In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution.