|
210561
|
3.1 |
LOW
Network
|
oracle
|
retail_customer_management_and_segmentation_foundation
|
Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 19.0. Diffi…
|
NVD-CWE-noinfo
|
CVE-2020-14732
|
2024-11-21 14:04 |
2020-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210562
|
6.1 |
MEDIUM
Network
|
linuxfoundation
canonical
debian
|
containerd
ubuntu_linux
debian_linux
|
In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Sche…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-15157
|
2024-11-21 14:04 |
2020-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210563
|
8.6 |
HIGH
Network
|
sonatype
|
nexus_repository_manager
|
A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on dis…
|
CWE-22
Path Traversal
|
CVE-2020-15012
|
2024-11-21 14:04 |
2020-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210564
|
5.4 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS paylo…
|
-
|
CVE-2020-15162
|
2024-11-21 14:04 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210565
|
9.8 |
CRITICAL
Network
|
prestashop
|
prestashop
|
PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8
|
CWE-89
SQL Injection
|
CVE-2020-15160
|
2024-11-21 14:04 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210566
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8
|
-
|
CVE-2020-15161
|
2024-11-21 14:04 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210567
|
10.0 |
CRITICAL
Network
|
yiiframework
|
yii
|
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaro…
|
-
|
CVE-2020-15148
|
2024-11-21 14:04 |
2020-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210568
|
6.6 |
MEDIUM
Network
|
xwiki
|
xwiki
|
In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instant…
|
CWE-74
Injection
|
CVE-2020-15171
|
2024-11-21 14:04 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210569
|
5.5 |
MEDIUM
Local
|
avast
|
antivirus
|
An issue was discovered in the Login Password feature of the Password Manager component in Avast Antivirus 20.1.5069.562. An entered password continues to be stored in Windows main memory after a log…
|
CWE-212
CWE-459
Improper Removal of Sensitive Information Before Storage or Transfer
Incomplete Cleanup
|
CVE-2020-15024
|
2024-11-21 14:04 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210570
|
6.1 |
MEDIUM
Network
|
action_view_project
debian
fedoraproject
|
action_view
debian_linux
fedora
|
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default…
|
-
|
CVE-2020-15169
|
2024-11-21 14:04 |
2020-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
