|
212901
|
5.5 |
MEDIUM
Local
|
oppo
|
reno3_pro_firmware
find_x2_pro_firmware
|
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a vulnerabil…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-11834
|
2024-11-21 13:58 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212902
|
5.5 |
MEDIUM
Local
|
oppo
|
reno3_pro_firmware
find_x2_pro_firmware
|
In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a vulnerabilit…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-11833
|
2024-11-21 13:58 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212903
|
5.5 |
MEDIUM
Local
|
oppo
|
reno3_pro_firmware
find_x2_pro_firmware
|
In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c have not checked the parameters, which causes a vulnerabili…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-11832
|
2024-11-21 13:58 |
2021-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212904
|
3.8 |
LOW
Local
|
qemu
|
qemu
|
iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-11947
|
2024-11-21 13:58 |
2020-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212905
|
7.5 |
HIGH
Network
|
bilanc
|
bilanc
|
An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. It relies on broken encryption with a weak and guessable static encryption key.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-11719
|
2024-11-21 13:58 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212906
|
9.8 |
CRITICAL
Network
|
bilanc
|
bilanc
|
An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. During the installation, it sets up administrative access by default with the account admin and passwor…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-11720
|
2024-11-21 13:58 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212907
|
7.4 |
HIGH
Network
|
bilanc
|
bilanc
|
An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and below. Its software-update packages are downloaded via cleartext HTTP.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-11718
|
2024-11-21 13:58 |
2020-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212908
|
9.8 |
CRITICAL
Network
|
bilanc
|
bilanc
|
An issue was discovered in Programi 014 31.01.2020. It has multiple SQL injection vulnerabilities.
|
CWE-89
SQL Injection
|
CVE-2020-11717
|
2024-11-21 13:58 |
2020-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212909
|
3.3 |
LOW
Local
|
audacityteam
fedoraproject
|
audacity
fedora
|
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and…
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-11867
|
2024-11-21 13:58 |
2020-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212910
|
9.8 |
CRITICAL
Network
|
oppo
|
ovoicemanager
|
OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2020-11831
|
2024-11-21 13:58 |
2020-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
