|
209921
|
4.7 |
MEDIUM
Network
|
solarwinds
|
n-central
|
SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-15910
|
2024-11-21 14:06 |
2020-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209922
|
8.8 |
HIGH
Network
|
solarwinds
|
n-central
|
SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such a…
|
CWE-384
Session Fixation
|
CVE-2020-15909
|
2024-11-21 14:06 |
2020-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209923
|
7.2 |
HIGH
Network
|
gogs
|
gogs
|
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not …
|
NVD-CWE-noinfo
|
CVE-2020-15867
|
2024-11-21 14:06 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209924
|
4.3 |
MEDIUM
Network
|
siemens
|
desigo_insight
|
A vulnerability has been identified in Desigo Insight (All versions). Some error messages in the web application show the absolute path to the requested resource. This could allow an authenticated at…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-15794
|
2024-11-21 14:06 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209925
|
5.4 |
MEDIUM
Network
|
siemens
|
desigo_insight
|
A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could al…
|
-
|
CVE-2020-15793
|
2024-11-21 14:06 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209926
|
4.3 |
MEDIUM
Network
|
siemens
|
desigo_insight
|
A vulnerability has been identified in Desigo Insight (All versions). The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authen…
|
-
|
CVE-2020-15792
|
2024-11-21 14:06 |
2020-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209927
|
6.8 |
MEDIUM
Physics
|
siemens
|
dca_vantage_analyzer_firmware
|
A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE-2020-7590. In addition, serial numbers < 40000 running software V4.4.0 are also affected by CVE-20…
|
-
|
CVE-2020-15797
|
2024-11-21 14:06 |
2020-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209928
|
9.8 |
CRITICAL
Network
|
ros
|
ros-comm
|
Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. This issue af…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-16124
|
2024-11-21 14:06 |
2020-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209929
|
8.8 |
HIGH
Network
|
connectwise
|
automate
|
The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-15838
|
2024-11-21 14:06 |
2020-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209930
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module.
|
CWE-89
SQL Injection
|
CVE-2020-15927
|
2024-11-21 14:06 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
