|
202361
|
8.8 |
HIGH
Network
|
mozilla
canonical
|
firefox_esr
thunderbird
firefox
ubuntu_linux
|
When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task may have been executed after the stream was destroyed, causing a use-after-free and a potential…
|
CWE-416
Use After Free
|
CVE-2020-6807
|
2024-11-21 14:36 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202362
|
8.8 |
HIGH
Network
|
mozilla
canonical
|
firefox_esr
thunderbird
firefox
ubuntu_linux
|
By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a poten…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-6806
|
2024-11-21 14:36 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202363
|
8.8 |
HIGH
Network
|
mozilla
canonical
|
firefox_esr
thunderbird
firefox
ubuntu_linux
|
When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbi…
|
CWE-416
Use After Free
|
CVE-2020-6805
|
2024-11-21 14:36 |
2020-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202364
|
6.1 |
MEDIUM
Network
|
mozilla
fedoraproject
|
bleach
fedora
|
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False.
|
CWE-79
Cross-site Scripting
|
CVE-2020-6816
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202365
|
6.1 |
MEDIUM
Network
|
mozilla
fedoraproject
|
bleach
fedora
|
In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.
|
CWE-79
Cross-site Scripting
|
CVE-2020-6802
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202366
|
9.8 |
CRITICAL
Network
|
moxa
|
eds-g516e_firmware
eds-510e_firmware
|
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service.
|
CWE-787
Out-of-bounds Write
|
CVE-2020-7007
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202367
|
7.5 |
HIGH
Network
|
moxa
|
eds-g516e_firmware
eds-510e_firmware
|
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptographic algorithm, which may allow confidential information to be disclosed.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2020-7001
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202368
|
7.5 |
HIGH
Network
|
moxa
|
eds-g516e_firmware
eds-510e_firmware
|
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive information is transmitted over some web applications in cleartext.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2020-6997
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202369
|
9.8 |
CRITICAL
Network
|
moxa
|
eds-g516e_firmware
eds-510e_firmware
|
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password requirements may allow an attacker to gain access using brute force.
|
CWE-521
Weak Password Requirements
|
CVE-2020-6991
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202370
|
8.8 |
HIGH
Adjacent
|
honeywell
|
win-pak
|
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.
|
CWE-74
Injection
|
CVE-2020-6982
|
2024-11-21 14:36 |
2020-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
