|
210721
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A stack-based buffer overflow in the logging tool could allow an attacker to gain privileges. The LG ID…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-11873
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210722
|
8.8 |
HIGH
Network
|
wpewebkit
webkitgtk
canonical
fedoraproject
opensuse
|
wpe_webkit
webkitgtk
ubuntu_linux
fedora
leap
|
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memo…
|
CWE-416
Use After Free
|
CVE-2020-11793
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210723
|
7.5 |
HIGH
Network
|
bluetrace
|
opentrace
|
The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-11872
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210724
|
7.5 |
HIGH
Network
|
ntp
redhat
netapp
debian
opensuse
|
ntp
enterprise_linux
clustered_data_ontap
virtual_storage_console
data_ontap
vasa_provider_for_clustered_data_ontap
solidfire
hci_management_node
hci_storage_node_firmware
…
|
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissi…
|
CWE-346
Origin Validation Error
|
CVE-2020-11868
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210725
|
7.5 |
HIGH
Network
|
appinghouse
|
memono
|
Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-11826
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210726
|
8.8 |
HIGH
Network
|
dolibarr
|
dolibarr_erp\/crm
|
In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be va…
|
CWE-352
Origin Validation Error
|
CVE-2020-11825
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210727
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account.
|
CWE-79
Cross-site Scripting
|
CVE-2020-11823
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210728
|
9.8 |
CRITICAL
Network
|
rukovoditel
|
rukovoditel
|
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter.
|
CWE-89
SQL Injection
|
CVE-2020-11820
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210729
|
9.8 |
CRITICAL
Network
|
rukovoditel
|
rukovoditel
|
In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.
|
CWE-22
Path Traversal
|
CVE-2020-11819
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210730
|
8.8 |
HIGH
Network
|
rukovoditel
|
rukovoditel
|
In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. This protection mechanism can be bypassed with another user's valid token. Thus, an attacker can change the Admin password…
|
CWE-352
Origin Validation Error
|
CVE-2020-11818
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
