A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka 'Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16862.
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka 'Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16860.
The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the redirectUrl parameter link in the redirect warning message.