National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 1 day 51 min ago

CVE-2020-15475

Wed, 07/01/2020 - 07:15
In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c omits certain reinitialization, leading to a use-after-free.
Categories: Security News

CVE-2020-15476

Wed, 07/01/2020 - 07:15
In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c.
Categories: Security News

CVE-2020-15470

Wed, 07/01/2020 - 07:15
ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c.
Categories: Security News

CVE-2020-15468

Tue, 06/30/2020 - 23:15
Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit.php active parameter.
Categories: Security News

CVE-2020-14169

Tue, 06/30/2020 - 22:15
The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability
Categories: Security News

CVE-2020-4022

Tue, 06/30/2020 - 22:15
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type.
Categories: Security News

CVE-2020-4024

Tue, 06/30/2020 - 22:15
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type.
Categories: Security News

CVE-2020-4025

Tue, 06/30/2020 - 22:15
The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type.
Categories: Security News

CVE-2020-4027

Tue, 06/30/2020 - 22:15
Atlassian Confluence Server and Data Center before version 7.5.1 allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros.
Categories: Security News

CVE-2020-4029

Tue, 06/30/2020 - 22:15
The /rest/project-templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version 8.5.5, from 8.6.0 before 8.7.2, and from 8.8.0 before 8.8.1 allows remote attackers to enumerate project names via an improper authorization vulnerability.
Categories: Security News

CVE-2019-20408

Tue, 06/30/2020 - 22:15
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.
Categories: Security News

CVE-2020-14164

Tue, 06/30/2020 - 22:15
The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows remote attackers to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by pasting javascript code into the editor field.
Categories: Security News

CVE-2020-14165

Tue, 06/30/2020 - 22:15
The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability.
Categories: Security News

CVE-2020-14166

Tue, 06/30/2020 - 22:15
The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.
Categories: Security News

CVE-2020-14167

Tue, 06/30/2020 - 22:15
The MessageBundleResource resource in Jira Server and Data Center before version 7.13.4, from 8.5.0 before 8.5.5, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability.
Categories: Security News

CVE-2020-14168

Tue, 06/30/2020 - 22:15
The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability.
Categories: Security News

CVE-2020-5968

Tue, 06/30/2020 - 19:15
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed by using an index or pointer, such as memory or files, which may lead to code execution, denial of service, escalation of privileges, or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).
Categories: Security News

CVE-2020-5969

Tue, 06/30/2020 - 19:15
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it validates a shared resource before using it, creating a race condition which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).
Categories: Security News

CVE-2020-5970

Tue, 06/30/2020 - 19:15
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).
Categories: Security News

CVE-2020-5971

Tue, 06/30/2020 - 19:15
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software reads from a buffer by using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to code execution, denial of service, escalation of privileges, or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).
Categories: Security News

Pages