|
196771
|
5.4 |
MEDIUM
Network
|
ignitenet
|
helios_glinq
|
In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms.
|
CWE-352
Origin Validation Error
|
CVE-2020-5783
|
2024-11-21 14:34 |
2020-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196772
|
6.5 |
MEDIUM
Network
|
ignitenet
|
helios_glinq
|
In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wan_type’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition f…
|
NVD-CWE-noinfo
|
CVE-2020-5782
|
2024-11-21 14:34 |
2020-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196773
|
4.3 |
MEDIUM
Network
|
ignitenet
|
helios_glinq
|
In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. When modified with arbitrary ja…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5781
|
2024-11-21 14:34 |
2020-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196774
|
6.5 |
MEDIUM
Network
|
vmware
oracle
netapp
|
spring_framework
flexcube_private_banking
weblogic_server
insurance_rules_palette
endeca_information_discovery_integrator
retail_predictive_application_server
retail_order_broker
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depe…
|
NVD-CWE-noinfo
|
CVE-2020-5421
|
2024-11-21 14:34 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
196775
|
7.5 |
HIGH
Network
|
nvidia
|
geforce_now
games
|
NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and versions prior to 5.31 (Android, Shield TV), contains a vulnerability in the application software where the network test component tr…
|
NVD-CWE-noinfo
|
CVE-2020-5976
|
2024-11-21 14:34 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196776
|
7.5 |
HIGH
Network
|
nvidia
|
geforce_now
|
NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to…
|
CWE-200
Information Exposure
|
CVE-2020-5975
|
2024-11-21 14:34 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196777
|
6.5 |
MEDIUM
Network
|
uniqlo
|
uniqlo
|
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access dest…
|
NVD-CWE-noinfo
|
CVE-2020-5629
|
2024-11-21 14:34 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196778
|
6.5 |
MEDIUM
Network
|
uniqlo
|
uniqlo
|
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious w…
|
NVD-CWE-noinfo
|
CVE-2020-5628
|
2024-11-21 14:34 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196779
|
6.1 |
MEDIUM
Network
|
buffalo
|
airstation_whr-g54s_firmware
|
Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5606
|
2024-11-21 14:34 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196780
|
4.3 |
MEDIUM
Network
|
buffalo
|
airstation_whr-g54s_firmware
|
Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2020-5605
|
2024-11-21 14:34 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
