National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 136,310 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-3812

qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first.

Published: May 26, 2020; 09:15:10 AM -04:00
(not available)
CVE-2020-3811

qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability.

Published: May 26, 2020; 09:15:10 AM -04:00
(not available)
CVE-2020-13486

The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.

Published: May 25, 2020; 07:15:09 PM -04:00
(not available)
CVE-2020-13485

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.

Published: May 25, 2020; 07:15:09 PM -04:00
(not available)
CVE-2020-13482

EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.

Published: May 25, 2020; 06:15:09 PM -04:00
(not available)
CVE-2020-13459

An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.

Published: May 25, 2020; 01:15:09 PM -04:00
(not available)
CVE-2020-13458

An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.

Published: May 25, 2020; 01:15:09 PM -04:00
(not available)
CVE-2020-13442

A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/.

Published: May 25, 2020; 11:15:09 AM -04:00
(not available)
CVE-2020-5537

Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.

Published: May 25, 2020; 02:15:10 AM -04:00
(not available)
CVE-2020-13440

ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.

Published: May 24, 2020; 07:15:09 PM -04:00
(not available)
CVE-2020-13439

ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c.

Published: May 24, 2020; 07:15:09 PM -04:00
(not available)
CVE-2020-13438

ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.

Published: May 24, 2020; 07:15:09 PM -04:00
(not available)
CVE-2020-13435

SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.

Published: May 24, 2020; 06:15:10 PM -04:00
(not available)
CVE-2020-13434

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

Published: May 24, 2020; 06:15:10 PM -04:00
(not available)
CVE-2020-13433

Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter.

Published: May 24, 2020; 06:15:10 PM -04:00
(not available)
CVE-2020-13430

Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.

Published: May 24, 2020; 02:15:10 PM -04:00
(not available)
CVE-2020-13429

legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option.

Published: May 24, 2020; 02:15:10 PM -04:00
(not available)
CVE-2020-13425

TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted.

Published: May 23, 2020; 04:15:10 PM -04:00
(not available)
CVE-2020-13424

The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure.

Published: May 23, 2020; 03:15:09 PM -04:00
(not available)
CVE-2020-13417

An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.

Published: May 22, 2020; 05:15:12 PM -04:00
(not available)