|
209811
|
7.5 |
HIGH
Network
|
google
|
android
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (August 2020).
|
NVD-CWE-noinfo
|
CVE-2020-25050
|
2024-11-21 14:17 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209812
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. StatusBarService has insufficient DEX access control. The Samsung ID is SVE-2020-17797 (August 2020).
|
NVD-CWE-noinfo
|
CVE-2020-25049
|
2024-11-21 14:17 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209813
|
4.6 |
MEDIUM
Physics
|
google
|
android
|
An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Sa…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-25048
|
2024-11-21 14:17 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209814
|
5.5 |
MEDIUM
Local
|
google
|
android
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (released in China and India) software. The S Secure application does not enforce the intended password requirement for a loc…
|
NVD-CWE-noinfo
|
CVE-2020-25047
|
2024-11-21 14:17 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209815
|
5.3 |
MEDIUM
Network
|
easyjs
|
easywebpack-cli
|
Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request.
|
CWE-22
Path Traversal
|
CVE-2020-24855
|
2024-11-21 14:16 |
2022-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209816
|
8.8 |
HIGH
Network
|
thedaylightstudio
|
fuel_cms
|
SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.
|
CWE-89
SQL Injection
|
CVE-2020-24950
|
2024-11-21 14:16 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209817
|
8.8 |
HIGH
Network
|
xuxueli
|
xxl-job
|
Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html …
|
CWE-352
Origin Validation Error
|
CVE-2020-24922
|
2024-11-21 14:16 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209818
|
6.5 |
MEDIUM
Network
|
davesteele
|
gnome-gmail
|
An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link.
|
NVD-CWE-noinfo
|
CVE-2020-24904
|
2024-11-21 14:16 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209819
|
6.1 |
MEDIUM
Network
|
lepton-cms
|
leptoncms
|
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24872
|
2024-11-21 14:16 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209820
|
6.5 |
MEDIUM
Network
|
cms-dev
|
cms
|
Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2020-24804
|
2024-11-21 14:16 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
