|
209721
|
5.5 |
MEDIUM
Local
|
google
|
android
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The USB driver leaks address information via kernel logging. The Samsung IDs are SVE-2020-17602, SVE-2020-…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-25046
|
2024-11-21 14:16 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209722
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_adselfservice_plus
manageengine_exchange_reporter_plus
manageengine_ad360
manageengine_datasecurity_plus
manageengine_recovermanager_plus
manageengine_eventlog_analyzer
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before bui…
|
CWE-287
Improper Authentication
|
CVE-2020-24786
|
2024-11-21 14:16 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
209723
|
6.1 |
MEDIUM
Network
|
blubrry
|
subscribe_sidebar
|
The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for WordPress allows subscribe_sidebar.php&status= reflected XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2020-25033
|
2024-11-21 14:16 |
2020-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209724
|
7.5 |
HIGH
Network
|
flask-cors_project
debian
opensuse
|
flask-cors
debian_linux
leap
backports_sle
|
An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathna…
|
CWE-22
Path Traversal
|
CVE-2020-25032
|
2024-11-21 14:16 |
2020-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209725
|
7.8 |
HIGH
Local
|
canonical
|
checkinstall
|
checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file.
|
CWE-59
Link Following
|
CVE-2020-25031
|
2024-11-21 14:16 |
2020-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209726
|
6.1 |
MEDIUM
Network
|
osticket
|
osticket
|
osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24917
|
2024-11-21 14:16 |
2020-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209727
|
8.8 |
HIGH
Network
|
kleopatra_project
fedoraproject
opensuse
|
kleopatra
fedora
leap
backports_sle
|
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line o…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2020-24972
|
2024-11-21 14:16 |
2020-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209728
|
5.3 |
MEDIUM
Network
|
premid
|
premid
|
managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server (port 3020) open to all origins, which allows attackers to obtain sensitive Discord user information.
|
CWE-862
Missing Authorization
|
CVE-2020-24928
|
2024-11-21 14:16 |
2020-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209729
|
6.5 |
MEDIUM
Network
|
stiltsoft
|
table_filter_and_charts_for_confluence_server
|
The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter).
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-24898
|
2024-11-21 14:16 |
2020-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209730
|
8.9 |
HIGH
Network
|
stiltsoft
|
table_filter_and_charts_for_confluence_server
|
The Table Filter and Charts for Confluence Server app before 5.3.25 (for Atlassian Confluence) allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) through the…
|
CWE-79
Cross-site Scripting
|
CVE-2020-24897
|
2024-11-21 14:16 |
2020-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
