|
209021
|
9.8 |
CRITICAL
Network
|
tp-link
|
ac1750_firmware
|
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE…
|
CWE-78
OS Command
|
CVE-2020-28347
|
2024-11-21 14:22 |
2020-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209022
|
7.5 |
HIGH
Network
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 10 software. The Wi-Fi subsystem may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200025 (November 2020).
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-28345
|
2024-11-21 14:22 |
2020-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209023
|
7.5 |
HIGH
Network
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. System services may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200024 (Nove…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-28344
|
2024-11-21 14:22 |
2020-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209024
|
7.8 |
HIGH
Local
|
google
|
android
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintend…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-28343
|
2024-11-21 14:22 |
2020-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209025
|
7.8 |
HIGH
Local
|
google
|
android
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (China / India) software. The S Secure application allows attackers to bypass authentication for a locked Gallery application…
|
NVD-CWE-Other
|
CVE-2020-28342
|
2024-11-21 14:22 |
2020-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209026
|
7.8 |
HIGH
Local
|
google
|
android
|
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain sensitiv…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-28341
|
2024-11-21 14:22 |
2020-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209027
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via Secure Folder. The Samsung ID is SVE-2020…
|
NVD-CWE-noinfo
|
CVE-2020-28340
|
2024-11-21 14:22 |
2020-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209028
|
8.8 |
HIGH
Network
|
collne
|
welcart_e-commerce
|
The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-28339
|
2024-11-21 14:22 |
2020-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209029
|
5.9 |
MEDIUM
Network
|
axios
siemens
|
axios
sinec_ins
|
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-28168
|
2024-11-21 14:22 |
2020-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209030
|
8.8 |
HIGH
Network
|
salesagility
|
suitecrm
|
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28328
|
2024-11-21 14:22 |
2020-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
