|
210871
|
5.5 |
MEDIUM
Local
|
mozilla
|
firefox_esr
|
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-15649
|
2024-11-21 14:05 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210872
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
thunderbird
|
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2.
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-15648
|
2024-11-21 14:05 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210873
|
7.4 |
HIGH
Network
|
mozilla
|
firefox
|
A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This…
|
CWE-200
Information Exposure
|
CVE-2020-15647
|
2024-11-21 14:05 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210874
|
8.8 |
HIGH
Local
|
passmark
|
performancetest
osforensics
burnintest
|
An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to r…
|
NVD-CWE-noinfo
|
CVE-2020-15480
|
2024-11-21 14:05 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210875
|
8.8 |
HIGH
Local
|
passmark
|
performancetest
osforensics
burnintest
|
An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver's IOCTL request handler attempts to copy the input buffer onto the stac…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-15479
|
2024-11-21 14:05 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210876
|
8.8 |
HIGH
Network
|
cohesive
|
vns3
|
The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise.
|
CWE-78
OS Command
|
CVE-2020-15467
|
2024-11-21 14:05 |
2020-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210877
|
5.3 |
MEDIUM
Network
|
hashicorp
|
terraform_enterprise
|
HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1.
|
NVD-CWE-noinfo
|
CVE-2020-15511
|
2024-11-21 14:05 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210878
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_desktop_central
|
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequ…
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2020-15588
|
2024-11-21 14:05 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210879
|
7.5 |
HIGH
Network
|
veeam
|
one_firmware
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability. …
|
-
|
CVE-2020-15419
|
2024-11-21 14:05 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210880
|
7.5 |
HIGH
Network
|
veeam
|
one_firmware
|
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability. …
|
-
|
CVE-2020-15418
|
2024-11-21 14:05 |
2020-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
