|
210951
|
5.3 |
MEDIUM
Network
|
libreoffice
opensuse
|
libreoffice
leap
|
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-12801
|
2024-11-21 14:00 |
2020-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210952
|
7.2 |
HIGH
Network
|
heinekingmedia
|
stashcat
|
An issue was discovered in the stashcat app through 3.9.1 for macOS, Windows, Android, iOS, and possibly other platforms. The GET method is used with client_key and device_id data in the query string…
|
CWE-200
Information Exposure
|
CVE-2020-13129
|
2024-11-21 14:00 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210953
|
5.3 |
MEDIUM
Network
|
health
|
covidsafe
|
COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identificatio…
|
CWE-269
Improper Privilege Management
|
CVE-2020-12860
|
2024-11-21 14:00 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210954
|
5.3 |
MEDIUM
Network
|
health
|
covidsafe
|
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identificati…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-12859
|
2024-11-21 14:00 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210955
|
7.5 |
HIGH
Network
|
health
|
covidsafe
|
Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their adverti…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-12858
|
2024-11-21 14:00 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210956
|
7.5 |
HIGH
Network
|
health
|
covidsafe
|
Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe.
|
CWE-459
Incomplete Cleanup
|
CVE-2020-12857
|
2024-11-21 14:00 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210957
|
9.8 |
CRITICAL
Network
|
alberta
tracetogether
health
|
abtracetogether
tracetogether
covidsafe
|
OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and …
|
NVD-CWE-noinfo
|
CVE-2020-12856
|
2024-11-21 14:00 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210958
|
7.5 |
HIGH
Network
|
gwtupload_project
|
gwtupload
|
An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServlet.java (the servlet for handling file upload) accepts a delay parameter that causes a thread to sleep. It can be abused to cause …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-13128
|
2024-11-21 14:00 |
2020-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210959
|
9.9 |
CRITICAL
Network
|
elementor
|
elementor_page_builder
|
An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can uploa…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-13126
|
2024-11-21 14:00 |
2020-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210960
|
6.5 |
MEDIUM
Network
|
brainstormforce
|
ultimate_addons_for_elementor
|
An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers c…
|
NVD-CWE-noinfo
|
CVE-2020-13125
|
2024-11-21 14:00 |
2020-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
