|
210881
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < …
|
NVD-CWE-noinfo
|
CVE-2020-15651
|
2024-11-21 14:05 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210882
|
5.5 |
MEDIUM
Local
|
mozilla
|
firefox_esr
|
Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only a…
|
NVD-CWE-noinfo
|
CVE-2020-15650
|
2024-11-21 14:05 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210883
|
5.5 |
MEDIUM
Local
|
mozilla
|
firefox_esr
|
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-15649
|
2024-11-21 14:05 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210884
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
thunderbird
|
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2.
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2020-15648
|
2024-11-21 14:05 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210885
|
7.4 |
HIGH
Network
|
mozilla
|
firefox
|
A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This…
|
CWE-200
Information Exposure
|
CVE-2020-15647
|
2024-11-21 14:05 |
2020-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210886
|
8.8 |
HIGH
Local
|
passmark
|
performancetest
osforensics
burnintest
|
An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to r…
|
NVD-CWE-noinfo
|
CVE-2020-15480
|
2024-11-21 14:05 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210887
|
8.8 |
HIGH
Local
|
passmark
|
performancetest
osforensics
burnintest
|
An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver's IOCTL request handler attempts to copy the input buffer onto the stac…
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-15479
|
2024-11-21 14:05 |
2020-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210888
|
8.8 |
HIGH
Network
|
cohesive
|
vns3
|
The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise.
|
CWE-78
OS Command
|
CVE-2020-15467
|
2024-11-21 14:05 |
2020-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210889
|
5.3 |
MEDIUM
Network
|
hashicorp
|
terraform_enterprise
|
HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1.
|
NVD-CWE-noinfo
|
CVE-2020-15511
|
2024-11-21 14:05 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210890
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_desktop_central
|
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequ…
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2020-15588
|
2024-11-21 14:05 |
2020-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
