|
196721
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
|
A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the us…
|
CWE-862
Missing Authorization
|
CVE-2020-6823
|
2024-11-21 14:36 |
2020-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196722
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been explo…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-6822
|
2024-11-21 14:36 |
2020-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196723
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
firefox_esr
thunderbird
|
When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memor…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2020-6821
|
2024-11-21 14:36 |
2020-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196724
|
8.1 |
HIGH
Network
|
mozilla
|
thunderbird
firefox
firefox_esr
|
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thund…
|
CWE-362
Race Condition
|
CVE-2020-6820
|
2024-11-21 14:36 |
2020-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196725
|
8.1 |
HIGH
Network
|
mozilla
|
thunderbird
firefox
firefox_esr
|
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affec…
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2020-6819
|
2024-11-21 14:36 |
2020-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196726
|
5.4 |
MEDIUM
Network
|
hp
|
onboard_administrator
|
A potential security vulnerability has been identified in HPE Onboard Administrator. The vulnerability could be remotely exploited to allow Reflected Cross Site Scripting. HPE has made the following …
|
CWE-79
Cross-site Scripting
|
CVE-2020-7132
|
2024-11-21 14:36 |
2020-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196727
|
9.9 |
CRITICAL
Network
|
elementor
|
elementor_page_builder
|
An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Import Templates function, allowing an attacker to execute code via a crafted ZIP archive.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-7055
|
2024-11-21 14:36 |
2020-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196728
|
7.8 |
HIGH
Local
|
autodesk
|
fbx_software_development_kit
|
A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution on a system running it.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7085
|
2024-11-21 14:36 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196729
|
5.5 |
MEDIUM
Local
|
autodesk
|
fbx_software_development_kit
|
A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-7084
|
2024-11-21 14:36 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196730
|
6.5 |
MEDIUM
Network
|
autodesk
|
fbx_software_development_kit
|
An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2020-7083
|
2024-11-21 14:36 |
2020-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
