|
213291
|
7.8 |
HIGH
Local
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) software. The MTK kernel does not properly implement exception handling, allowing an attacker to ga…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2020-11875
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213292
|
7.5 |
HIGH
Network
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. Attackers can bypass Factory Reset Protection (FRP). The LG ID is LVE-SMP-200004 (March 2020).
|
NVD-CWE-noinfo
|
CVE-2020-11874
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213293
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A stack-based buffer overflow in the logging tool could allow an attacker to gain privileges. The LG ID…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-11873
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213294
|
8.8 |
HIGH
Network
|
wpewebkit
webkitgtk
canonical
fedoraproject
opensuse
|
wpe_webkit
webkitgtk
ubuntu_linux
fedora
leap
|
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memo…
|
CWE-416
Use After Free
|
CVE-2020-11793
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213295
|
7.5 |
HIGH
Network
|
bluetrace
|
opentrace
|
The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-11872
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213296
|
7.5 |
HIGH
Network
|
ntp
redhat
netapp
debian
opensuse
|
ntp
enterprise_linux
clustered_data_ontap
virtual_storage_console
data_ontap
vasa_provider_for_clustered_data_ontap
solidfire
hci_management_node
hci_storage_node_firmware
…
|
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissi…
|
CWE-346
Origin Validation Error
|
CVE-2020-11868
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213297
|
7.5 |
HIGH
Network
|
appinghouse
|
memono
|
Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2020-11826
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213298
|
8.8 |
HIGH
Network
|
dolibarr
|
dolibarr_erp\/crm
|
In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be va…
|
CWE-352
Origin Validation Error
|
CVE-2020-11825
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213299
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. This may lead to stealing of the admin account.
|
CWE-79
Cross-site Scripting
|
CVE-2020-11823
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213300
|
9.8 |
CRITICAL
Network
|
rukovoditel
|
rukovoditel
|
Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter.
|
CWE-89
SQL Injection
|
CVE-2020-11820
|
2024-11-21 13:58 |
2020-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
