|
214771
|
5.5 |
MEDIUM
Local
|
canonical
|
whoopsie
|
In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ub…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-11937
|
2024-11-21 13:58 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214772
|
6.1 |
MEDIUM
Network
|
plesk
|
onyx
|
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-11584
|
2024-11-21 13:58 |
2020-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214773
|
6.1 |
MEDIUM
Network
|
plesk
|
obsidian
|
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-11583
|
2024-11-21 13:58 |
2020-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214774
|
5.9 |
MEDIUM
Local
|
canonical
|
ubuntu_linux
|
It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DI…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-11934
|
2024-11-21 13:58 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214775
|
6.8 |
MEDIUM
Physics
|
canonical
|
ubuntu_linux
snapd
|
cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-d…
|
NVD-CWE-Other
|
CVE-2020-11933
|
2024-11-21 13:58 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214776
|
5.3 |
MEDIUM
Network
|
avertx
|
hd838_firmware
hd438_firmware
|
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Failed web UI login attempts elicit di…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-11625
|
2024-11-21 13:58 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214777
|
9.8 |
CRITICAL
Network
|
avertx
|
hd838_firmware
hd438_firmware
|
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. They do not require users to change th…
|
CWE-521
Weak Password Requirements
|
CVE-2020-11624
|
2024-11-21 13:58 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214778
|
6.8 |
MEDIUM
Physics
|
avertx
|
hd838_firmware
hd438_firmware
|
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. An attacker with physical access to th…
|
NVD-CWE-noinfo
|
CVE-2020-11623
|
2024-11-21 13:58 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214779
|
9.8 |
CRITICAL
Network
|
superwebmailer
|
superwebmailer
|
SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to ex…
|
CWE-94
Code Injection
|
CVE-2020-11546
|
2024-11-21 13:58 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214780
|
7.8 |
HIGH
Local
|
gog
|
galaxy
|
In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. Af…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-11827
|
2024-11-21 13:58 |
2020-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
