|
210621
|
5.3 |
MEDIUM
Network
|
mitel
|
micollab_audio\
_web_\&_video_conferencing
|
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directo…
|
CWE-22
Path Traversal
|
CVE-2020-11798
|
2024-11-21 13:58 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210622
|
7.5 |
HIGH
Adjacent
|
cypress
|
psoc_4.2_ble
|
The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 12…
|
CWE-331
Insufficient Entropy
|
CVE-2020-11957
|
2024-11-21 13:58 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210623
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop p…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11696
|
2024-11-21 13:58 |
2020-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210624
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11697
|
2024-11-21 13:58 |
2020-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210625
|
7.8 |
HIGH
Local
|
docker
|
docker_desktop
|
An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a conne…
|
CWE-362
Race Condition
|
CVE-2020-11492
|
2024-11-21 13:58 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210626
|
6.5 |
MEDIUM
Network
|
castel
|
nextgen_dvr_firmware
|
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this …
|
CWE-352
Origin Validation Error
|
CVE-2020-11682
|
2024-11-21 13:58 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210627
|
8.1 |
HIGH
Network
|
castel
|
nextgen_dvr_firmware
|
Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP creden…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-11681
|
2024-11-21 13:58 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210628
|
6.5 |
MEDIUM
Network
|
castel
|
nextgen_dvr_firmware
|
Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a no…
|
CWE-862
Missing Authorization
|
CVE-2020-11680
|
2024-11-21 13:58 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210629
|
8.8 |
HIGH
Network
|
castel
|
nextgen_dvr_firmware
|
Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitte…
|
CWE-862
Missing Authorization
|
CVE-2020-11679
|
2024-11-21 13:58 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210630
|
9.8 |
CRITICAL
Network
|
microfocus
|
service_management_automation
|
Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versio…
|
CWE-863
Incorrect Authorization
|
CVE-2020-11844
|
2024-11-21 13:58 |
2020-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
