Latest Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-07-08 CVE-2020-5839 Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
Medium
2020-07-08 CVE-2020-11994 Server-Side Template Injection and arbitrary file disclosure on Camel templating components
Medium
2020-07-08 CVE-2020-7140 A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). HPE has provided the following information to resolve this vulnerability in HPE IceWall SSO DFW and Dgfw: https://www.hpe.com/jp/icewall_patchaccess
Medium
2020-07-08 CVE-2020-5764 MX Player Android App versions prior to v1.24.5, are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in "Receive" mode. An attacker can exploit this by connecting to the MX Transfer session as a "sender" and sending a MessageType of "FILE_LIST" with a "name" field containing directory traversal characters (../). This will result in the file being transferred to the victim's phone, but being saved outside of the intended "/sdcard/MXshare" directory. In some instances, an attacker can achieve remote code execution by writing ".odex" and ".vdex" files in the "oat" directory of the MX Player application.
Medium
2020-07-08 CVE-2020-3973 The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.
Medium
2020-07-08 CVE-2020-11849 Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access.
Medium
2020-07-08 CVE-2020-3931 Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command.
Medium
2020-07-07 CVE-2020-15600 An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
Medium
2020-07-07 CVE-2020-8916 A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to restrict access in your debug environments.
Medium
2020-07-07 CVE-2020-15599 Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
Medium