|
213391
|
7.4 |
HIGH
Network
|
bilanc
|
bilanc
|
An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and below. Its software-update packages are downloaded via cleartext HTTP.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-11718
|
2024-11-21 13:58 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213392
|
9.8 |
CRITICAL
Network
|
bilanc
|
bilanc
|
An issue was discovered in Programi 014 31.01.2020. It has multiple SQL injection vulnerabilities.
|
CWE-89
SQL Injection
|
CVE-2020-11717
|
2024-11-21 13:58 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213393
|
3.3 |
LOW
Local
|
audacityteam
fedoraproject
|
audacity
fedora
|
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-11867
|
2024-11-21 13:58 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213394
|
9.8 |
CRITICAL
Network
|
oppo
|
ovoicemanager
|
OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-11831
|
2024-11-21 13:58 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213395
|
9.8 |
CRITICAL
Network
|
oppo
|
qualityprotect
|
QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0.
|
NVD-CWE-noinfo
|
CVE-2020-11830
|
2024-11-21 13:58 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213396
|
9.8 |
CRITICAL
Network
|
oppo
|
coloros
|
Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722.
|
NVD-CWE-noinfo
|
CVE-2020-11829
|
2024-11-21 13:58 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213397
|
9.8 |
CRITICAL
Network
|
microfocus
|
arcsight_logger
|
Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitr…
|
CWE-94
Code Injection
|
CVE-2020-11851
|
2024-11-21 13:58 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213398
|
6.1 |
MEDIUM
Network
|
microfocus
|
arcsight_logger
|
Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)
|
CWE-79
Cross-site Scripting
|
CVE-2020-11860
|
2024-11-21 13:58 |
2020-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213399
|
7.5 |
HIGH
Network
|
intel
|
bmc_firmware
|
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package t…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2020-11616
|
2024-11-21 13:58 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213400
|
7.5 |
HIGH
Network
|
intel
|
bmc_firmware
|
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-11615
|
2024-11-21 13:58 |
2020-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
