|
210901
|
7.5 |
HIGH
Network
|
google
|
android
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppInfo. The Samsung ID is SVE-2020-17758 (August 2020).
|
NVD-CWE-noinfo
|
CVE-2020-25051
|
2024-11-21 14:17 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210902
|
7.5 |
HIGH
Network
|
google
|
android
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (August 2020).
|
NVD-CWE-noinfo
|
CVE-2020-25050
|
2024-11-21 14:17 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210903
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. StatusBarService has insufficient DEX access control. The Samsung ID is SVE-2020-17797 (August 2020).
|
NVD-CWE-noinfo
|
CVE-2020-25049
|
2024-11-21 14:17 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210904
|
4.6 |
MEDIUM
Physics
|
google
|
android
|
An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Sa…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-25048
|
2024-11-21 14:17 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210905
|
5.5 |
MEDIUM
Local
|
google
|
android
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (released in China and India) software. The S Secure application does not enforce the intended password requirement for a loc…
|
NVD-CWE-noinfo
|
CVE-2020-25047
|
2024-11-21 14:17 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210906
|
5.3 |
MEDIUM
Network
|
easyjs
|
easywebpack-cli
|
Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request.
|
CWE-22
Path Traversal
|
CVE-2020-24855
|
2024-11-21 14:16 |
2022-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210907
|
8.8 |
HIGH
Network
|
thedaylightstudio
|
fuel_cms
|
SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.
|
CWE-89
SQL Injection
|
CVE-2020-24950
|
2024-11-21 14:16 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210908
|
8.8 |
HIGH
Network
|
xuxueli
|
xxl-job
|
Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html …
|
CWE-352
Origin Validation Error
|
CVE-2020-24922
|
2024-11-21 14:16 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210909
|
6.5 |
MEDIUM
Network
|
davesteele
|
gnome-gmail
|
An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link.
|
NVD-CWE-noinfo
|
CVE-2020-24904
|
2024-11-21 14:16 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210910
|
6.1 |
MEDIUM
Network
|
lepton-cms
|
leptoncms
|
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.
|
CWE-79
Cross-site Scripting
|
CVE-2020-24872
|
2024-11-21 14:16 |
2023-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
