From DHS/US-CERT’s National Vulnerability Database CVE-2020-15152
PUBLISHED: 2020-08-17
ftp-srv versions 1.0.0 through 4.3.3 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a connection elsewhere. A possible workaround is blocking the PORT through the configuration. This issue is fixed in version 4.3.4. …
CVE-2020-12480
PUBLISHED: 2020-08-17
In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can’t be parsed.
CVE-2020-13183
PUBLISHED: 2020-08-17
Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to take over the user’s active session if the user is exposed to a malicious payload.
CVE-2020-13933
PUBLISHED: 2020-08-17
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
CVE-2020-1573
PUBLISHED: 2020-08-17
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS Vulnerability’. This CVE ID is unique from CVE-2020-1580.