|
199721
|
6.4 |
MEDIUM
Adjacent
|
checkpoint
|
ica_management_portal
|
Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high priv…
|
CWE-20
Improper Input Validation
|
CVE-2020-6020
|
2024-11-21 14:34 |
2020-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199722
|
5.4 |
MEDIUM
Network
|
ignitenet
|
helios_glinq
|
In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms.
|
CWE-352
Origin Validation Error
|
CVE-2020-5783
|
2024-11-21 14:34 |
2020-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199723
|
6.5 |
MEDIUM
Network
|
ignitenet
|
helios_glinq
|
In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wan_type’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition f…
|
NVD-CWE-noinfo
|
CVE-2020-5782
|
2024-11-21 14:34 |
2020-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199724
|
4.3 |
MEDIUM
Network
|
ignitenet
|
helios_glinq
|
In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. When modified with arbitrary ja…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5781
|
2024-11-21 14:34 |
2020-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199725
|
6.5 |
MEDIUM
Network
|
vmware
oracle
netapp
|
spring_framework
flexcube_private_banking
weblogic_server
insurance_rules_palette
endeca_information_discovery_integrator
retail_predictive_application_server
retail_order_broker
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depe…
|
NVD-CWE-noinfo
|
CVE-2020-5421
|
2024-11-21 14:34 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
199726
|
7.5 |
HIGH
Network
|
nvidia
|
geforce_now
games
|
NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and versions prior to 5.31 (Android, Shield TV), contains a vulnerability in the application software where the network test component tr…
|
NVD-CWE-noinfo
|
CVE-2020-5976
|
2024-11-21 14:34 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199727
|
7.5 |
HIGH
Network
|
nvidia
|
geforce_now
|
NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to…
|
CWE-200
Information Exposure
|
CVE-2020-5975
|
2024-11-21 14:34 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199728
|
6.5 |
MEDIUM
Network
|
uniqlo
|
uniqlo
|
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access dest…
|
NVD-CWE-noinfo
|
CVE-2020-5629
|
2024-11-21 14:34 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199729
|
6.5 |
MEDIUM
Network
|
uniqlo
|
uniqlo
|
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious w…
|
NVD-CWE-noinfo
|
CVE-2020-5628
|
2024-11-21 14:34 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199730
|
6.1 |
MEDIUM
Network
|
buffalo
|
airstation_whr-g54s_firmware
|
Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-5606
|
2024-11-21 14:34 |
2020-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
