|
215561
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_adselfservice_plus
|
An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vul…
|
CWE-269
Improper Privilege Management
|
CVE-2020-11552
|
2024-11-21 13:58 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215562
|
8.8 |
HIGH
Network
|
microfocus
|
secure_messaging_gateway
|
DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user w…
|
CWE-78
OS Command
|
CVE-2020-11852
|
2024-11-21 13:58 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215563
|
5.5 |
MEDIUM
Local
|
canonical
|
whoopsie
|
In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ub…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-11937
|
2024-11-21 13:58 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215564
|
6.1 |
MEDIUM
Network
|
plesk
|
onyx
|
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-11584
|
2024-11-21 13:58 |
2020-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215565
|
6.1 |
MEDIUM
Network
|
plesk
|
obsidian
|
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-11583
|
2024-11-21 13:58 |
2020-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215566
|
5.9 |
MEDIUM
Local
|
canonical
|
ubuntu_linux
|
It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DI…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-11934
|
2024-11-21 13:58 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215567
|
6.8 |
MEDIUM
Physics
|
canonical
|
ubuntu_linux
snapd
|
cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-d…
|
NVD-CWE-Other
|
CVE-2020-11933
|
2024-11-21 13:58 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215568
|
5.3 |
MEDIUM
Network
|
avertx
|
hd838_firmware
hd438_firmware
|
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. Failed web UI login attempts elicit di…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-11625
|
2024-11-21 13:58 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215569
|
9.8 |
CRITICAL
Network
|
avertx
|
hd838_firmware
hd438_firmware
|
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. They do not require users to change th…
|
CWE-521
Weak Password Requirements
|
CVE-2020-11624
|
2024-11-21 13:58 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215570
|
6.8 |
MEDIUM
Physics
|
avertx
|
hd838_firmware
hd438_firmware
|
An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. An attacker with physical access to th…
|
NVD-CWE-noinfo
|
CVE-2020-11623
|
2024-11-21 13:58 |
2020-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
