|
208661
|
5.5 |
MEDIUM
Local
|
huawei
|
honor_v30_firmware
|
Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another applicati…
|
CWE-287
Improper Authentication
|
CVE-2020-1788
|
2024-11-21 14:11 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208662
|
6.0 |
MEDIUM
Local
|
huawei
|
mate_20_firmware
|
HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to…
|
CWE-287
Improper Authentication
|
CVE-2020-1840
|
2024-11-21 14:11 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208663
|
7.5 |
HIGH
Network
|
apache
|
beam
|
The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an option to disable SSL trust verification. However this configuration is not respected and the certificate verification disables t…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-1929
|
2024-11-21 14:11 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208664
|
4.3 |
MEDIUM
Network
|
otrs
debian
|
otrs
debian_linux
|
Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that…
|
NVD-CWE-Other
|
CVE-2020-1767
|
2024-11-21 14:11 |
2020-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208665
|
6.1 |
MEDIUM
Network
|
otrs
debian
|
otrs
debian_linux
|
Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as…
|
CWE-79
Cross-site Scripting
|
CVE-2020-1766
|
2024-11-21 14:11 |
2020-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208666
|
5.3 |
MEDIUM
Network
|
otrs
debian
opensuse
|
otrs
debian_linux
leap
backports_sle
|
An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue a…
|
NVD-CWE-Other
|
CVE-2020-1765
|
2024-11-21 14:11 |
2020-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208667
|
7.5 |
HIGH
Network
|
apache
|
olingo
|
Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to impleme…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-1925
|
2024-11-21 14:11 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208668
|
5.3 |
MEDIUM
Network
|
huawei
|
cloudengine_12800_firmware
s5700_firmware
s6700_firmware
|
There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attacker…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-1810
|
2024-11-21 14:11 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208669
|
4.6 |
MEDIUM
Physics
|
huawei
|
mate_20_pro_firmware
|
HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. The software does not sufficiently validate the name of apk file in a specia…
|
CWE-287
Improper Authentication
|
CVE-2020-1786
|
2024-11-21 14:11 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208670
|
4.4 |
MEDIUM
Local
|
huawei
|
honor_magic2_firmware
|
Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.175(C00E59R2P11) have an information leak vulnerability. Due to a module using weak encryption tool, an attacker with the root perm…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-1826
|
2024-11-21 14:11 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
