National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 136,785 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-13865

The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.

Published: June 05, 2020; 06:15:12 PM -04:00
(not available)
CVE-2020-13864

The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.

Published: June 05, 2020; 06:15:12 PM -04:00
(not available)
CVE-2020-11696

In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.

Published: June 05, 2020; 06:15:11 PM -04:00
(not available)
CVE-2020-13646

In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.

Published: June 05, 2020; 05:15:12 PM -04:00
(not available)
CVE-2020-11697

In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.

Published: June 05, 2020; 05:15:12 PM -04:00
(not available)
CVE-2020-13870

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name.

Published: June 05, 2020; 03:15:13 PM -04:00
(not available)
CVE-2020-13869

An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name.

Published: June 05, 2020; 03:15:13 PM -04:00
(not available)
CVE-2020-13868

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity.

Published: June 05, 2020; 03:15:13 PM -04:00
(not available)
CVE-2020-5591

XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver's performance or compromising the recursive resolver as a reflector in a reflection attack.

Published: June 05, 2020; 02:15:14 PM -04:00
(not available)
CVE-2020-13867

Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).

Published: June 05, 2020; 02:15:13 PM -04:00
(not available)
CVE-2020-10071

The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

Published: June 05, 2020; 02:15:13 PM -04:00
(not available)
CVE-2020-10070

In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

Published: June 05, 2020; 02:15:12 PM -04:00
(not available)
CVE-2020-10068

In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.

Published: June 05, 2020; 02:15:12 PM -04:00
(not available)
CVE-2020-10063

A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

Published: June 05, 2020; 02:15:12 PM -04:00
(not available)
CVE-2020-10062

An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

Published: June 05, 2020; 02:15:12 PM -04:00
(not available)
CVE-2020-10061

Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.

Published: June 05, 2020; 02:15:12 PM -04:00
(not available)
CVE-2020-8555

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).

Published: June 05, 2020; 01:15:11 PM -04:00
(not available)
CVE-2020-8103

A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178.

Published: June 05, 2020; 01:15:11 PM -04:00
(not available)
CVE-2020-4450

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231.

Published: June 05, 2020; 01:15:11 PM -04:00
(not available)
CVE-2020-4449

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.

Published: June 05, 2020; 01:15:11 PM -04:00
(not available)