| 2020-07-08 | CVE-2020-5839 | Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | Medium |
| 2020-07-08 | CVE-2020-11994 | Server-Side Template Injection and arbitrary file disclosure on Camel templating components | Medium |
| 2020-07-08 | CVE-2020-7140 | A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). HPE has provided the following information to resolve this vulnerability in HPE IceWall SSO DFW and Dgfw: https://www.hpe.com/jp/icewall_patchaccess | Medium |
| 2020-07-08 | CVE-2020-5764 | MX Player Android App versions prior to v1.24.5, are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in "Receive" mode. An attacker can exploit this by connecting to the MX Transfer session as a "sender" and sending a MessageType of "FILE_LIST" with a "name" field containing directory traversal characters (../). This will result in the file being transferred to the victim's phone, but being saved outside of the intended "/sdcard/MXshare" directory. In some instances, an attacker can achieve remote code execution by writing ".odex" and ".vdex" files in the "oat" directory of the MX Player application. | Medium |
| 2020-07-08 | CVE-2020-3973 | The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged. | Medium |
| 2020-07-08 | CVE-2020-11849 | Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access. | Medium |
| 2020-07-08 | CVE-2020-3931 | Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command. | Medium |
| 2020-07-07 | CVE-2020-15600 | An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password. | Medium |
| 2020-07-07 | CVE-2020-8916 | A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to restrict access in your debug environments. | Medium |
| 2020-07-07 | CVE-2020-15599 | Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field. | Medium |