CVE-2020-6579
Cross-site scripting (XSS) vulnerability in mailhive/cloudbeez/cloudloader.php and mailhive/cloudbeez/cloudloader_core.php in the MailBeez plugin for ZenCart before 3.9.22 allows remote attackers to inject arbitrary web script or HTML via the cloudloader_mode parameter.
Source: CVE-2020-6579
CVE-2019-19219
BMC Control-M/Agent 7.0.00.000 allows Arbitrary File Download.
Source: CVE-2019-19219
CVE-2019-19215
A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when the On-Do action destination is Mail and the Control-M/Agent is configured to send the email, allows remote attackers to have unspecified impact via vectors related to the configured IP address or SMTP server.
Source: CVE-2019-19215
CVE-2020-12101
The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user’s stored addresses by manipulating an id field in the POST request for altering an address.
Source: CVE-2020-12101
CVE-2019-19220
BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of 2).
Source: CVE-2019-19220
CVE-2020-9387
In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting ‘Isolated institutions’ is turned on.
Source: CVE-2020-9387
CVE-2020-12283
Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring.
Source: CVE-2020-12283