|
209041
|
7.8 |
HIGH
Local
|
google
|
android
|
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain sensitiv…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-28341
|
2024-11-21 14:22 |
2020-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209042
|
9.8 |
CRITICAL
Network
|
google
|
android
|
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via Secure Folder. The Samsung ID is SVE-2020…
|
NVD-CWE-noinfo
|
CVE-2020-28340
|
2024-11-21 14:22 |
2020-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209043
|
8.8 |
HIGH
Network
|
collne
|
welcart_e-commerce
|
The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-28339
|
2024-11-21 14:22 |
2020-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209044
|
5.9 |
MEDIUM
Network
|
axios
siemens
|
axios
sinec_ins
|
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2020-28168
|
2024-11-21 14:22 |
2020-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209045
|
8.8 |
HIGH
Network
|
salesagility
|
suitecrm
|
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-28328
|
2024-11-21 14:22 |
2020-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209046
|
5.3 |
MEDIUM
Network
|
digium
sangoma
|
certified_asterisk
asterisk
|
A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon r…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2020-28327
|
2024-11-21 14:22 |
2020-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209047
|
7.5 |
HIGH
Network
|
mit
fedoraproject
netapp
oracle
|
kerberos_5
fedora
cloud_backup
snapcenter
oncommand_workflow_automation
oncommand_insight
active_iq_unified_manager
communications_offline_mediation_controller
mysql_server
MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite l…
|
CWE-674
Uncontrolled Recursion
|
CVE-2020-28196
|
2024-11-21 14:22 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
209048
|
9.8 |
CRITICAL
Network
|
cellinx
|
nvt_web_server
|
Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side.
|
NVD-CWE-Other
|
CVE-2020-28250
|
2024-11-21 14:22 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209049
|
6.1 |
MEDIUM
Network
|
joplin_project
|
joplin
|
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.
|
CWE-79
Cross-site Scripting
|
CVE-2020-28249
|
2024-11-21 14:22 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209050
|
6.5 |
MEDIUM
Network
|
maxmind
debian
fedoraproject
|
libmaxminddb
debian_linux
fedora
|
libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2020-28241
|
2024-11-21 14:22 |
2020-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
