|
201561
|
9.8 |
CRITICAL
Network
|
limitloginattempts
|
limit_login_attempts_reloaded
|
LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. When t…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2020-35590
|
2024-11-21 14:27 |
2020-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201562
|
5.4 |
MEDIUM
Network
|
limitloginattempts
|
limit_login_attempts_reloaded
|
The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply…
|
CWE-79
Cross-site Scripting
|
CVE-2020-35589
|
2024-11-21 14:27 |
2020-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201563
|
7.5 |
HIGH
Network
|
subconverter_project
|
subconverter
|
tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the …
|
NVD-CWE-Other
|
CVE-2020-35579
|
2024-11-21 14:27 |
2020-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201564
|
7.5 |
HIGH
Network
|
postsrsd_project
debian
|
postsrsd
debian_linux
|
srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address.
|
CWE-834
Excessive Iteration
|
CVE-2020-35573
|
2024-11-21 14:27 |
2020-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201565
|
7.8 |
HIGH
Local
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configuration is supported, the device does not lock upon disconnection of a call with the cover closed. T…
|
NVD-CWE-noinfo
|
CVE-2020-35555
|
2024-11-21 14:27 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201566
|
7.8 |
HIGH
Local
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 (December 2020).
|
NVD-CWE-Other
|
CVE-2020-35554
|
2024-11-21 14:27 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201567
|
7.5 |
HIGH
Network
|
google
|
android
|
An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Qualcomm SM8250 chipsets) software. They allows attackers to cause a denial of service (unlock failure) by triggering a pow…
|
CWE-920
Improper Restriction of Power Consumption
|
CVE-2020-35553
|
2024-11-21 14:27 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201568
|
5.3 |
MEDIUM
Network
|
google
|
android
|
An issue was discovered in the GPS daemon on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (non-Qualcomm chipsets) software. Attackers can obtain sensitive location information because the …
|
NVD-CWE-noinfo
|
CVE-2020-35552
|
2024-11-21 14:27 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201569
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB w…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2020-35551
|
2024-11-21 14:27 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201570
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-178…
|
NVD-CWE-noinfo
|
CVE-2020-35550
|
2024-11-21 14:27 |
2020-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
