National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 136,335 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2020-8170

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Multiple end-points with parameters vulnerable to reflected cross site scripting (XSS), allowing attackers to abuse the user' session information and/or account takeover of the admin user.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.

Published: May 26, 2020; 12:15:12 PM -04:00
(not available)
CVE-2020-8168

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-points not protected against cross-site request forgery (CSRF), as a result authenticated users can be persuaded to visit malicious web pages, which allows attackers to perform arbitrary actions, such as downgrade the device's firmware to older versions, modify configuration, upload arbitrary firmware, exfiltrate files and tokens.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.

Published: May 26, 2020; 12:15:12 PM -04:00
(not available)
CVE-2020-10719

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

Published: May 26, 2020; 12:15:12 PM -04:00
(not available)
CVE-2020-10751

A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.

Published: May 26, 2020; 11:15:10 AM -04:00
(not available)
CVE-2020-13487

The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI.

Published: May 26, 2020; 10:15:13 AM -04:00
(not available)
CVE-2020-3812

qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first.

Published: May 26, 2020; 09:15:10 AM -04:00
(not available)
CVE-2020-3811

qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability.

Published: May 26, 2020; 09:15:10 AM -04:00
(not available)
CVE-2020-13486

The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.

Published: May 25, 2020; 07:15:09 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 5.8 MEDIUM
CVE-2020-13485

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.

Published: May 25, 2020; 07:15:09 PM -04:00
V3.1: 9.1 CRITICAL
    V2: 6.4 MEDIUM
CVE-2020-13482

EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.

Published: May 25, 2020; 06:15:09 PM -04:00
(not available)
CVE-2020-13459

An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.

Published: May 25, 2020; 01:15:09 PM -04:00
(not available)
CVE-2020-13458

An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.

Published: May 25, 2020; 01:15:09 PM -04:00
(not available)
CVE-2020-13442

A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/.

Published: May 25, 2020; 11:15:09 AM -04:00
(not available)
CVE-2020-5537

Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.

Published: May 25, 2020; 02:15:10 AM -04:00
(not available)
CVE-2020-13440

ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.

Published: May 24, 2020; 07:15:09 PM -04:00
(not available)
CVE-2020-13439

ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c.

Published: May 24, 2020; 07:15:09 PM -04:00
(not available)
CVE-2020-13438

ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.

Published: May 24, 2020; 07:15:09 PM -04:00
(not available)
CVE-2020-13435

SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.

Published: May 24, 2020; 06:15:10 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-13434

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

Published: May 24, 2020; 06:15:10 PM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-13433

Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter.

Published: May 24, 2020; 06:15:10 PM -04:00
(not available)