|
209521
|
7.5 |
HIGH
Network
|
mofinetwork
|
mofi4500-4gxelte_firmware
|
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-15834
|
2024-11-21 14:06 |
2021-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209522
|
9.8 |
CRITICAL
Network
|
mofinetwork
|
mofi4500-4gxelte_firmware
|
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. T…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2020-15833
|
2024-11-21 14:06 |
2021-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209523
|
7.5 |
HIGH
Network
|
mofinetwork
|
mofi4500-4gxelte_firmware
|
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with t…
|
NVD-CWE-noinfo
|
CVE-2020-15832
|
2024-11-21 14:06 |
2021-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209524
|
9.8 |
CRITICAL
Network
|
nim-lang
|
nim
|
In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.
|
CWE-74
Injection
|
CVE-2020-15690
|
2024-11-21 14:06 |
2021-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209525
|
7.8 |
HIGH
Local
|
panasonic
|
fpwin_pro
|
FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-16236
|
2024-11-21 14:06 |
2021-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209526
|
6.1 |
MEDIUM
Network
|
quali
|
cloudshell
|
An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that execute…
|
CWE-79
Cross-site Scripting
|
CVE-2020-15864
|
2024-11-21 14:06 |
2021-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209527
|
6.1 |
MEDIUM
Network
|
google
|
chrome
|
Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
|
CWE-79
Cross-site Scripting
|
CVE-2020-16046
|
2024-11-21 14:06 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209528
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted H…
|
CWE-416
Use After Free
|
CVE-2020-16045
|
2024-11-21 14:06 |
2021-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209529
|
7.8 |
HIGH
Local
|
linux
canonical
debian
|
linux_kernel
ubuntu_linux
debian_linux
|
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ub…
|
CWE-416
Use After Free
|
CVE-2020-16119
|
2024-11-21 14:06 |
2021-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209530
|
9.8 |
CRITICAL
Network
|
siemens
|
scalance_x200-4pirt_firmware
scalance_x201-3pirt_firmware
scalance_x202-2irt_firmware
scalance_x202-2pirt_firmware
scalance_x202-2pirt_siplus_net_firmware
scalance_x204irt_firmware
…
|
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5…
|
-
|
CVE-2020-15800
|
2024-11-21 14:06 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
