|
210181
|
6.1 |
MEDIUM
Network
|
microfocus
|
arcsight_logger
|
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cro…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11839
|
2024-11-21 13:58 |
2020-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210182
|
8.1 |
HIGH
Network
|
mids\'_reborn_hero_designer_project
|
mids\'_reborn_hero_designer
|
Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files afte…
|
CWE-345
CWE-319
Insufficient Verification of Data Authenticity
Cleartext Transmission of Sensitive Information
|
CVE-2020-11614
|
2024-11-21 13:58 |
2020-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210183
|
7.8 |
HIGH
Local
|
mids\'_reborn_hero_designer_project
|
mids\'_reborn_hero_designer
|
Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group…
|
CWE-427
CWE-732
Uncontrolled Search Path Element
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-11613
|
2024-11-21 13:58 |
2020-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210184
|
7.5 |
HIGH
Network
|
arista
|
veos
cloudeos
|
A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train,…
|
NVD-CWE-noinfo
|
CVE-2020-11622
|
2024-11-21 13:58 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210185
|
5.3 |
MEDIUM
Network
|
mitel
|
micollab_audio\
_web_\&_video_conferencing
|
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directo…
|
CWE-22
Path Traversal
|
CVE-2020-11798
|
2024-11-21 13:58 |
2020-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210186
|
7.5 |
HIGH
Adjacent
|
cypress
|
psoc_4.2_ble
|
The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 12…
|
CWE-331
Insufficient Entropy
|
CVE-2020-11957
|
2024-11-21 13:58 |
2020-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210187
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop p…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11696
|
2024-11-21 13:58 |
2020-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210188
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11697
|
2024-11-21 13:58 |
2020-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210189
|
7.8 |
HIGH
Local
|
docker
|
docker_desktop
|
An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a conne…
|
CWE-362
Race Condition
|
CVE-2020-11492
|
2024-11-21 13:58 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210190
|
6.5 |
MEDIUM
Network
|
castel
|
nextgen_dvr_firmware
|
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this …
|
CWE-352
Origin Validation Error
|
CVE-2020-11682
|
2024-11-21 13:58 |
2020-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
