National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search Last 3 Months
There are 6,282 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2020-12388

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.

Published: May 26, 2020; 02:15:11 PM -04:00
V3.1: 10.0 CRITICAL
    V2: 7.5 HIGH
CVE-2020-12387

A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

Published: May 26, 2020; 02:15:10 PM -04:00
(not available)
CVE-2020-12396

Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 76.

Published: May 26, 2020; 01:15:10 PM -04:00
(not available)
CVE-2020-12395

Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

Published: May 26, 2020; 01:15:10 PM -04:00
(not available)
CVE-2020-12394

A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. This vulnerability affects Firefox < 76.

Published: May 26, 2020; 01:15:10 PM -04:00
(not available)
CVE-2020-12393

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

Published: May 26, 2020; 01:15:10 PM -04:00
(not available)
CVE-2020-8171

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that are vulnerable to command injection. It is possible to craft an input string that passes the filter check but still contains commands, resulting in remote code execution.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.

Published: May 26, 2020; 12:15:12 PM -04:00
(not available)
CVE-2020-8170

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Multiple end-points with parameters vulnerable to reflected cross site scripting (XSS), allowing attackers to abuse the user' session information and/or account takeover of the admin user.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.

Published: May 26, 2020; 12:15:12 PM -04:00
(not available)
CVE-2020-8168

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-points not protected against cross-site request forgery (CSRF), as a result authenticated users can be persuaded to visit malicious web pages, which allows attackers to perform arbitrary actions, such as downgrade the device's firmware to older versions, modify configuration, upload arbitrary firmware, exfiltrate files and tokens.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.

Published: May 26, 2020; 12:15:12 PM -04:00
(not available)
CVE-2020-10719

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

Published: May 26, 2020; 12:15:12 PM -04:00
(not available)
CVE-2020-10751

A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.

Published: May 26, 2020; 11:15:10 AM -04:00
(not available)
CVE-2020-13487

The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI.

Published: May 26, 2020; 10:15:13 AM -04:00
(not available)
CVE-2020-3812

qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory, without dropping its privileges first.

Published: May 26, 2020; 09:15:10 AM -04:00
(not available)
CVE-2020-3811

qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability.

Published: May 26, 2020; 09:15:10 AM -04:00
(not available)
CVE-2020-13486

The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.

Published: May 25, 2020; 07:15:09 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 5.8 MEDIUM
CVE-2020-13485

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.

Published: May 25, 2020; 07:15:09 PM -04:00
V3.1: 9.1 CRITICAL
    V2: 6.4 MEDIUM
CVE-2020-13482

EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.

Published: May 25, 2020; 06:15:09 PM -04:00
V3.1: 8.1 HIGH
    V2: 6.8 MEDIUM
CVE-2020-13459

An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.

Published: May 25, 2020; 01:15:09 PM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2020-13458

An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.

Published: May 25, 2020; 01:15:09 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2020-13442

A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870. An attacker can upload a PHP file via dext5handler.jsp handler because the uploaded file is stored under dext5uploadeddata/.

Published: May 25, 2020; 11:15:09 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH