|
219111
|
7.5 |
HIGH
Network
|
woocommerce
|
nab_transact
|
An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrar…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2020-11497
|
2024-11-21 13:58 |
2020-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219112
|
7.5 |
HIGH
Network
|
microfocus
|
arcsight_management_center
|
Denial of service vulnerability on Micro Focus ArcSight Management Center. Affecting all versions prior to version 2.9.5. The vulnerability could cause the server to become unavailable, causing a den…
|
NVD-CWE-noinfo
|
CVE-2020-11848
|
2024-11-21 13:58 |
2020-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219113
|
6.7 |
MEDIUM
Local
|
spirent
|
avalanche
testcenter
|
An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metac…
|
CWE-78
OS Command
|
CVE-2020-11733
|
2024-11-21 13:58 |
2020-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219114
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_adselfservice_plus
|
An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vul…
|
CWE-269
Improper Privilege Management
|
CVE-2020-11552
|
2024-11-21 13:58 |
2020-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219115
|
8.8 |
HIGH
Network
|
microfocus
|
secure_messaging_gateway
|
DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user w…
|
CWE-78
OS Command
|
CVE-2020-11852
|
2024-11-21 13:58 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219116
|
5.5 |
MEDIUM
Local
|
canonical
|
whoopsie
|
In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ub…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-11937
|
2024-11-21 13:58 |
2020-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219117
|
6.1 |
MEDIUM
Network
|
plesk
|
onyx
|
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-11584
|
2024-11-21 13:58 |
2020-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219118
|
6.1 |
MEDIUM
Network
|
plesk
|
obsidian
|
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2020-11583
|
2024-11-21 13:58 |
2020-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219119
|
5.9 |
MEDIUM
Local
|
canonical
|
ubuntu_linux
|
It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DI…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-11934
|
2024-11-21 13:58 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219120
|
6.8 |
MEDIUM
Physics
|
canonical
|
ubuntu_linux
snapd
|
cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-d…
|
NVD-CWE-Other
|
CVE-2020-11933
|
2024-11-21 13:58 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
