|
209961
|
6.5 |
MEDIUM
Network
|
kde
|
kmail
|
An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local file…
|
NVD-CWE-Other
|
CVE-2020-11880
|
2024-11-21 13:58 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209962
|
6.5 |
MEDIUM
Network
|
gnome
|
evolution
|
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach …
|
NVD-CWE-Other
|
CVE-2020-11879
|
2024-11-21 13:58 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209963
|
9.8 |
CRITICAL
Network
|
jitsi
|
meet
|
The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-11878
|
2024-11-21 13:58 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209964
|
7.5 |
HIGH
Network
|
zoom
|
meetings
|
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. NOTE: the vendor states that this IV is used only within unreachable…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-11877
|
2024-11-21 13:58 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209965
|
7.5 |
HIGH
Network
|
zoom
|
meetings
|
airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. NOTE: the vendor states that this initializa…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-11876
|
2024-11-21 13:58 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209966
|
7.8 |
HIGH
Local
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) software. The MTK kernel does not properly implement exception handling, allowing an attacker to ga…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2020-11875
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209967
|
7.5 |
HIGH
Network
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. Attackers can bypass Factory Reset Protection (FRP). The LG ID is LVE-SMP-200004 (March 2020).
|
NVD-CWE-noinfo
|
CVE-2020-11874
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209968
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A stack-based buffer overflow in the logging tool could allow an attacker to gain privileges. The LG ID…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-11873
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209969
|
8.8 |
HIGH
Network
|
wpewebkit
webkitgtk
canonical
fedoraproject
opensuse
|
wpe_webkit
webkitgtk
ubuntu_linux
fedora
leap
|
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memo…
|
CWE-416
Use After Free
|
CVE-2020-11793
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209970
|
7.5 |
HIGH
Network
|
bluetrace
|
opentrace
|
The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-11872
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
