Security Vulnerabilities - CVEs Published In July 2020
The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-07-03
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-07-03
In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference.
CVSS Score
2.3
EPSS Score
0.0
Published
2020-07-02
A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory traversal vulnerability in the Rack::Directory app that is bundled with Rack which could result in information disclosure.
CVSS Score
8.6
EPSS Score
0.004
Published
2020-07-02
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
CVSS Score
8.8
EPSS Score
0.907
Published
2020-07-02
A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.
CVSS Score
4.3
EPSS Score
0.004
Published
2020-07-02
A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the `shop` parameter on the `/shopify/auth/enable_cookies` endpoint.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-07-02
Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks.
CVSS Score
4.1
EPSS Score
0.001
Published
2020-07-02
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
CVSS Score
6.5
EPSS Score
0.011
Published
2020-07-02
We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges.
CVSS Score
8.8
EPSS Score
0.009
Published
2020-07-02