|
212161
|
7.8 |
HIGH
Local
|
zscaler
|
client_connector
|
The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges.
|
CWE-428
Unquoted Search Path or Element
|
CVE-2020-11632
|
2024-11-21 13:58 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212162
|
9.8 |
CRITICAL
Network
|
zscaler
|
client_connector
|
The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arb…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-11633
|
2024-11-21 13:58 |
2021-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212163
|
5.5 |
MEDIUM
Local
|
wizconnected
|
colors_a60_firmware
|
An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials are stored in cleartext in flash memory, which presents an information-disclosure risk for a discarded or resold device.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-11924
|
2024-11-21 13:58 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212164
|
5.5 |
MEDIUM
Local
|
wizconnected
|
wiz
|
An issue was discovered in WiZ Colors A60 1.14.0. API credentials are locally logged.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-11923
|
2024-11-21 13:58 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212165
|
8.8 |
HIGH
Adjacent
|
luvion
|
grand_elite_3_connect_firmware
|
An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the device is based on a username and password. The root credentials are the same across all devices of t…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2020-11925
|
2024-11-21 13:58 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212166
|
4.3 |
MEDIUM
Adjacent
|
wizconnected
|
a60_colors_firmware
|
An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, i…
|
CWE-200
Information Exposure
|
CVE-2020-11922
|
2024-11-21 13:58 |
2021-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212167
|
7.8 |
HIGH
Local
|
zscaler
|
client_connector
|
The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they …
|
NVD-CWE-noinfo
|
CVE-2020-11635
|
2024-11-21 13:58 |
2021-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212168
|
9.8 |
CRITICAL
Network
|
svakom
|
siime_eye_firmware
|
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the dev…
|
CWE-78
OS Command
|
CVE-2020-11920
|
2024-11-21 13:58 |
2021-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212169
|
6.8 |
MEDIUM
Physics
|
svakom
|
siime_eye_firmware
|
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. By sending a set_params.cgi?telnetd=1&save=1&reboot=1 request to the webserver, it is possible to enable the telnet interface…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2020-11915
|
2024-11-21 13:58 |
2021-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212170
|
5.5 |
MEDIUM
Local
|
google
|
android
|
OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforc…
|
NVD-CWE-noinfo
|
CVE-2020-11836
|
2024-11-21 13:58 |
2021-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
