|
207941
|
9.8 |
CRITICAL
Network
|
readytalk
|
avian
|
An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-27. The FileOutputStream.write() method in FileOutputStream.java has a boundary check to prevent out-of-bounds memory read/write operat…
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2020-28371
|
2024-11-21 14:22 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207942
|
6.1 |
MEDIUM
Network
|
locust
|
locust
|
A stored cross-site scripting (XSS) vulnerability affects the Web UI in Locust before 1.3.2, if the installation violates the usage expectations by exposing this UI to outside users.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28364
|
2024-11-21 14:22 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207943
|
7.8 |
HIGH
Local
|
capasystems
|
capainstaller
|
CapaSystems CapaInstaller before 6.0.101 does not properly assign, modify, or check privileges for an actor who attempts to edit registry values, allowing an attacker to escalate privileges.
|
NVD-CWE-noinfo
|
CVE-2020-27977
|
2024-11-21 14:22 |
2020-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207944
|
6.1 |
MEDIUM
Network
|
mitel
|
shoretel_firmware
|
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due…
|
CWE-79
Cross-site Scripting
|
CVE-2020-28351
|
2024-11-21 14:22 |
2020-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207945
|
6.5 |
MEDIUM
Network
|
chirpstack
|
network_server
|
An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in CollectAndCallOnceCol…
|
CWE-20
Improper Input Validation
|
CVE-2020-28349
|
2024-11-21 14:22 |
2020-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207946
|
9.8 |
CRITICAL
Network
|
tp-link
|
ac1750_firmware
|
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE…
|
CWE-78
OS Command
|
CVE-2020-28347
|
2024-11-21 14:22 |
2020-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207947
|
7.5 |
HIGH
Network
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 10 software. The Wi-Fi subsystem may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200025 (November 2020).
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-28345
|
2024-11-21 14:22 |
2020-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207948
|
7.5 |
HIGH
Network
|
google
|
android
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. System services may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200024 (Nove…
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-28344
|
2024-11-21 14:22 |
2020-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207949
|
7.8 |
HIGH
Local
|
google
|
android
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintend…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-28343
|
2024-11-21 14:22 |
2020-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207950
|
7.8 |
HIGH
Local
|
google
|
android
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (China / India) software. The S Secure application allows attackers to bypass authentication for a locked Gallery application…
|
NVD-CWE-Other
|
CVE-2020-28342
|
2024-11-21 14:22 |
2020-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
