|
209661
|
6.1 |
MEDIUM
Network
|
ge
|
s2020_firmware
s2024_firmware
|
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, …
|
-
|
CVE-2020-16242
|
2024-11-21 14:07 |
2020-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209662
|
7.8 |
HIGH
Local
|
pango
|
hotspot_shield
|
Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. Th…
|
CWE-59
CWE-732
Link Following
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-17365
|
2024-11-21 14:07 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209663
|
7.2 |
HIGH
Network
|
ge
|
asset_performance_management_classic
|
GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts …
|
NVD-CWE-Other
|
CVE-2020-16244
|
2024-11-21 14:07 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209664
|
5.3 |
MEDIUM
Network
|
ge
|
asset_performance_management_classic
|
GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users…
|
-
|
CVE-2020-16240
|
2024-11-21 14:07 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209665
|
7.1 |
HIGH
Local
|
philips
|
clinical_collaboration_platform
|
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-16247
|
2024-11-21 14:07 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209666
|
4.2 |
MEDIUM
Network
|
microsoft
|
edge
|
<p>A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory. The vulnerability could corrupt memory …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-16884
|
2024-11-21 14:07 |
2020-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209667
|
7.8 |
HIGH
Local
|
microsoft
|
visual_studio_code
|
<p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability cou…
|
NVD-CWE-noinfo
|
CVE-2020-16881
|
2024-11-21 14:07 |
2020-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209668
|
5.5 |
MEDIUM
Local
|
microsoft
|
windows_server_2019
windows_10
windows_server_2016
|
<p>An information disclosure vulnerability exists when a Windows Projected Filesystem improperly handles file redirections. An attacker who successfully exploited this vulnerability could obtain info…
|
NVD-CWE-noinfo
|
CVE-2020-16879
|
2024-11-21 14:07 |
2020-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209669
|
5.4 |
MEDIUM
Network
|
microsoft
|
dynamics_365
|
<p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated at…
|
CWE-79
Cross-site Scripting
|
CVE-2020-16878
|
2024-11-21 14:07 |
2020-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209670
|
8.4 |
HIGH
Network
|
microsoft
|
exchange_server
|
<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p>
<p>An attacker who successfully exploited the vulnerability could run …
|
CWE-74
CWE-269
Injection
Improper Privilege Management
|
CVE-2020-16875
|
2024-11-21 14:07 |
2020-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
