|
215821
|
7.2 |
HIGH
Network
|
wso2
|
enterprise_integrator
|
WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploade…
|
CWE-611
CWE-918
XXE
Server-Side Request Forgery (SSRF)
|
CVE-2020-11885
|
2024-11-21 13:58 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215822
|
5.3 |
MEDIUM
Network
|
divante
|
storefront-api
vue-storefront-api
|
In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, wit…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-11883
|
2024-11-21 13:58 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215823
|
6.5 |
MEDIUM
Network
|
kde
|
kmail
|
An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local file…
|
NVD-CWE-Other
|
CVE-2020-11880
|
2024-11-21 13:58 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215824
|
6.5 |
MEDIUM
Network
|
gnome
|
evolution
|
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach …
|
NVD-CWE-Other
|
CVE-2020-11879
|
2024-11-21 13:58 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215825
|
9.8 |
CRITICAL
Network
|
jitsi
|
meet
|
The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-11878
|
2024-11-21 13:58 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215826
|
7.5 |
HIGH
Network
|
zoom
|
meetings
|
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. NOTE: the vendor states that this IV is used only within unreachable…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-11877
|
2024-11-21 13:58 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215827
|
7.5 |
HIGH
Network
|
zoom
|
meetings
|
airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. NOTE: the vendor states that this initializa…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-11876
|
2024-11-21 13:58 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215828
|
7.8 |
HIGH
Local
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) software. The MTK kernel does not properly implement exception handling, allowing an attacker to ga…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2020-11875
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215829
|
7.5 |
HIGH
Network
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. Attackers can bypass Factory Reset Protection (FRP). The LG ID is LVE-SMP-200004 (March 2020).
|
NVD-CWE-noinfo
|
CVE-2020-11874
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215830
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A stack-based buffer overflow in the logging tool could allow an attacker to gain privileges. The LG ID…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-11873
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
