• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

NVD-CWE-Other

CVE-2020-15768

February 26, 2023 by

An issue was discovered in Gradle Enterprise 2017.3 – 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 – 9.2. Unrestricted HTTP header reflection in Gradle Enterprise allows remote attackers to obtain authentication cookies, if they are able to discover a separate XSS vulnerability. This potentially allows an attacker to impersonate another user. Gradle Enterprise affected application request paths:/info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers. Gradle Enterprise Build Cache Node affected application request paths:/cache-node-info/headers.

CVE-2020-15687

February 26, 2023 by

Missing access control restrictions in the Hypervisor component of the ACRN Project (v2.0 and v1.6.1) allow a malicious entity, with root access in the Service VM userspace, to abuse the PCIe assign/de-assign Hypercalls via crafted ioctls and payloads. This attack results in a corrupt state and Denial of Service (DoS) for previously assigned PCIe devices to the Service VM at runtime.

CVE-2020-15653

February 26, 2023 by

An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

CVE-2020-15662

February 26, 2023 by

A rogue webpage could override the injected WKUserScript used by the download feature, this exploit could result in the user downloading an unintended file. This vulnerability affects Firefox for iOS < 28.

CVE-2020-15665

February 26, 2023 by

Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80.

CVE-2020-15589

February 26, 2023 by

A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access Plus before 10.1.2119.1. By exploiting this issue, an attacker-controlled server can force the client to skip TLS certificate validation, leading to a man-in-the-middle attack against HTTPS and unauthenticated remote code execution.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 662
  • Go to page 663
  • Go to page 664
  • Go to page 665
  • Go to page 666
  • Interim pages omitted …
  • Go to page 940
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE