|
201911
|
5.9 |
MEDIUM
Network
|
google
|
earth
|
A Buffer Overflow vulnerability in the khcrypt implementation in Google Earth Pro versions up to and including 7.3.2 allows an attacker to perform a Man-in-the-Middle attack using a specially crafted…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-8896
|
2024-11-21 14:39 |
2020-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201912
|
5.3 |
MEDIUM
Network
|
oklok_project
|
oklok
|
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveal…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2020-8792
|
2024-11-21 14:39 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201913
|
6.5 |
MEDIUM
Network
|
oklok_project
|
oklok
|
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote attackers to submit API requests using authenticated but unauthorized tokens, resulting in IDOR issue…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-8791
|
2024-11-21 14:39 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201914
|
9.8 |
CRITICAL
Network
|
oklok_project
|
oklok
|
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak password requirements combined with improper restriction of excessive authentication attempts, which could…
|
CWE-307
CWE-521
mproper Restriction of Excessive Authentication Attempts
Weak Password Requirements
|
CVE-2020-8790
|
2024-11-21 14:39 |
2020-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201915
|
8.9 |
HIGH
Network
|
pega
|
platform
|
Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8775
|
2024-11-21 14:39 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201916
|
8.8 |
HIGH
Network
|
pega
|
pega_platform
|
Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8774
|
2024-11-21 14:39 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201917
|
8.9 |
HIGH
Network
|
pega
|
platform
|
The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2020-8773
|
2024-11-21 14:39 |
2020-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201918
|
9.8 |
CRITICAL
Network
|
huawei
|
ar3200_firmware
|
Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability. Attackers need to …
|
CWE-287
Improper Authentication
|
CVE-2020-9068
|
2024-11-21 14:39 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201919
|
6.7 |
MEDIUM
Local
|
huawei
|
osd_firmware
|
Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a local privilege escalation vulnerability. An authenticated, local attacker can constructs a specific file path to exploit this vu…
|
NVD-CWE-noinfo
|
CVE-2020-9072
|
2024-11-21 14:39 |
2020-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
201920
|
5.5 |
MEDIUM
Local
|
juplink
|
rx4-1500_firmware
|
httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network.
|
CWE-276
Incorrect Default Permissions
|
CVE-2020-8798
|
2024-11-21 14:39 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
