|
215061
|
5.5 |
MEDIUM
Local
|
wizconnected
|
wiz
|
An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-11923
|
2024-11-21 13:58 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215062
|
8.8 |
HIGH
Adjacent
|
luvion
|
grand_elite_3_connect_firmware
|
An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of t…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-11925
|
2024-11-21 13:58 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215063
|
4.3 |
MEDIUM
Adjacent
|
wizconnected
|
a60_colors_firmware
|
An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, i…
|
CWE-200
Information Exposure
|
CVE-2020-11922
|
2024-11-21 13:58 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215064
|
7.8 |
HIGH
Local
|
zscaler
|
client_connector
|
The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they …
|
NVD-CWE-noinfo
|
CVE-2020-11635
|
2024-11-21 13:58 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215065
|
9.8 |
CRITICAL
Network
|
svakom
|
siime_eye_firmware
|
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the dev…
|
CWE-78
OS Command
|
CVE-2020-11920
|
2024-11-21 13:58 |
2021-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215066
|
6.8 |
MEDIUM
Physics
|
svakom
|
siime_eye_firmware
|
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1&save=1&reboot=1 request to the webserver, it is possible to enable the telnet interface…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2020-11915
|
2024-11-21 13:58 |
2021-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215067
|
5.5 |
MEDIUM
Local
|
google
|
android
|
OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforc…
|
NVD-CWE-noinfo
|
CVE-2020-11836
|
2024-11-21 13:58 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215068
|
5.5 |
MEDIUM
Local
|
oppo
|
reno3_pro_firmware
find_x2_pro_firmware
|
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-11835
|
2024-11-21 13:58 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215069
|
5.5 |
MEDIUM
Local
|
oppo
|
reno3_pro_firmware
find_x2_pro_firmware
|
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a vulnerabil…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-11834
|
2024-11-21 13:58 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215070
|
5.5 |
MEDIUM
Local
|
oppo
|
reno3_pro_firmware
find_x2_pro_firmware
|
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a vulnerabilit…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-11833
|
2024-11-21 13:58 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
