Security Vulnerabilities - CVEs Published In July 2020
In nDPI through 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-07-01
In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c omits certain reinitialization, leading to a use-after-free.
CVSS Score
9.8
EPSS Score
0.007
Published
2020-07-01
In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c.
CVSS Score
7.5
EPSS Score
0.011
Published
2020-07-01
ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-07-01
Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit.php active parameter.
CVSS Score
9.8
EPSS Score
0.01
Published
2020-07-01
The quick search component in Atlassian Jira Server and Data Center before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability
CVSS Score
6.1
EPSS Score
0.003
Published
2020-07-01
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-07-01
The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-07-01
The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type.
CVSS Score
4.8
EPSS Score
0.003
Published
2020-07-01
Affected versions of Atlassian Confluence Server and Data Center allowed remote attackers with system administration permissions to bypass velocity template injection mitigations via an injection vulnerability in custom user macros. The affected versions are before version 7.4.5, and from version 7.5.0 before 7.5.1.
CVSS Score
4.7
EPSS Score
0.002
Published
2020-07-01