|
214881
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module.
|
CWE-89
SQL Injection
|
CVE-2020-16267
|
2024-11-21 14:07 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214882
|
7.8 |
HIGH
Local
|
msi
|
ambientlink_mslo64_firmware
|
The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054).
|
CWE-787
Out-of-bounds Write
|
CVE-2020-17382
|
2024-11-21 14:07 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214883
|
6.8 |
MEDIUM
Network
|
istio
|
istio
|
In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or n…
|
NVD-CWE-noinfo
|
CVE-2020-16844
|
2024-11-21 14:07 |
2020-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214884
|
6.1 |
MEDIUM
Network
|
ge
|
s2020_firmware
s2024_firmware
|
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, …
|
-
|
CVE-2020-16242
|
2024-11-21 14:07 |
2020-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214885
|
7.8 |
HIGH
Local
|
pango
|
hotspot_shield
|
Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. Th…
|
CWE-59
CWE-732
Link Following
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-17365
|
2024-11-21 14:07 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214886
|
7.2 |
HIGH
Network
|
ge
|
asset_performance_management_classic
|
GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts …
|
NVD-CWE-Other
|
CVE-2020-16244
|
2024-11-21 14:07 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214887
|
5.3 |
MEDIUM
Network
|
ge
|
asset_performance_management_classic
|
GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users…
|
-
|
CVE-2020-16240
|
2024-11-21 14:07 |
2020-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214888
|
7.1 |
HIGH
Local
|
philips
|
clinical_collaboration_platform
|
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2020-16247
|
2024-11-21 14:07 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214889
|
4.2 |
MEDIUM
Network
|
microsoft
|
edge
|
<p>A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory. The vulnerability could corrupt memory …
|
CWE-787
Out-of-bounds Write
|
CVE-2020-16884
|
2024-11-21 14:07 |
2020-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214890
|
7.8 |
HIGH
Local
|
microsoft
|
visual_studio_code
|
<p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. An attacker who successfully exploited the vulnerability cou…
|
NVD-CWE-noinfo
|
CVE-2020-16881
|
2024-11-21 14:07 |
2020-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
