|
208231
|
7.5 |
HIGH
Network
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 9.0 and 10 software. The Wi-Fi subsystem has incorrect input validation, leading to a crash. The LG ID is LVE-SMP-200022 (October 2020).
|
CWE-20
Improper Input Validation
|
CVE-2020-26597
|
2024-11-21 14:20 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208232
|
8.8 |
HIGH
Network
|
dlink
|
dap-1360u_firmware
|
D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18).
|
CWE-78
OS Command
|
CVE-2020-26582
|
2024-11-21 14:20 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208233
|
7.5 |
HIGH
Network
|
wireshark
fedoraproject
debian
oracle
|
wireshark
fedora
debian_linux
zfs_storage_appliance_firmware
|
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of o…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2020-26575
|
2024-11-21 14:20 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208234
|
9.6 |
CRITICAL
Network
|
leostream
|
connection_broker
|
Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins …
|
CWE-79
Cross-site Scripting
|
CVE-2020-26574
|
2024-11-21 14:20 |
2020-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208235
|
5.5 |
MEDIUM
Local
|
opensc_project
fedoraproject
debian
|
opensc
fedora
debian_linux
|
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-26572
|
2024-11-21 14:20 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208236
|
5.5 |
MEDIUM
Local
|
opensc_project
debian
fedoraproject
|
opensc
debian_linux
fedora
|
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-26571
|
2024-11-21 14:20 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208237
|
5.5 |
MEDIUM
Local
|
opensc_project
fedoraproject
debian
|
opensc
fedora
debian_linux
|
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-26570
|
2024-11-21 14:20 |
2020-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208238
|
9.8 |
CRITICAL
Network
|
damstratechnology
|
smart_asset
|
An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary 'Origin: example.com' header and responding wi…
|
CWE-346
Origin Validation Error
|
CVE-2020-26527
|
2024-11-21 14:20 |
2020-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208239
|
5.3 |
MEDIUM
Network
|
damstratechnology
|
smart_asset
|
An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid th…
|
NVD-CWE-noinfo
|
CVE-2020-26526
|
2024-11-21 14:20 |
2020-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208240
|
9.1 |
CRITICAL
Network
|
damstratechnology
|
smart_asset
|
Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers.
|
CWE-89
SQL Injection
|
CVE-2020-26525
|
2024-11-21 14:20 |
2020-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
