Skip to main content
CVE-2020-3811 HIGH POC This Week

qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Netqmail Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-12389 CRITICAL Act Now

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Microsoft Information Disclosure Firefox Firefox Esr
NVD
CVSS 3.1
10.0
EPSS
1.7%
CVE-2020-12388 CRITICAL Act Now

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Microsoft Information Disclosure Firefox Firefox Esr
NVD
CVSS 3.1
10.0
EPSS
2.7%
CVE-2020-13614 MEDIUM POC This Month

An issue was discovered in ssl.c in Axel before 2.17.8. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Axel Fedora Backports Sle Leap
NVD GitHub
CVSS 3.1
5.9
EPSS
1.9%
CVE-2020-6831 CRITICAL PATCH Act Now

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Mozilla Memory Corruption Firefox Firefox Esr +4
NVD
CVSS 3.1
9.8
EPSS
5.8%
CVE-2020-12390 CRITICAL Act Now

Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Deserialization Firefox
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-12396 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 75. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-12395 CRITICAL Act Now

Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Mozilla Memory Corruption Firefox +3
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-8171 CRITICAL Act Now

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Airos
NVD
CVSS 3.1
9.8
EPSS
3.9%
CVE-2020-3812 MEDIUM POC This Month

qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Information Disclosure Netqmail Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-8168 HIGH This Week

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Airos
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-13487 MEDIUM POC This Month

The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Bbpress
NVD
CVSS 3.1
4.8
EPSS
1.4%
CVE-2020-12387 HIGH This Week

A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Denial Of Service Mozilla Firefox Firefox Esr +1
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2020-9046 HIGH This Week

A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Kantech Entrapass
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12393 HIGH This Week

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Mozilla Command Injection Firefox Firefox Esr +1
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2020-6830 HIGH This Week

For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-12391 HIGH This Week

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-10719 MEDIUM PATCH This Month

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Undertow Oncommand Insight Fuse +5
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-8170 MEDIUM This Month

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Airos
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-10751 MEDIUM PATCH This Month

A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Information Disclosure Selinux Enterprise Linux Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2020-13616 MEDIUM PATCH This Month

The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Pichi
NVD GitHub
CVSS 3.1
5.9
EPSS
0.9%
CVE-2020-13615 MEDIUM PATCH This Month

lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification for X.509 certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Qore
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2020-12392 MEDIUM This Month

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Mozilla Path Traversal Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-12394 LOW Monitor

A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
3.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy