Vulnerability Summary for the Week of June 8, 2020

Released
Jun 15, 2020
Document ID
SB20-167

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
anydesk -- anydesk
 
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.2020-06-097.5CVE-2020-13160
MISC
MISC
apache -- unomi
 
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.2020-06-0510CVE-2020-11975
MISC
apple -- ios_and_ipados
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to cause arbitrary code execution.2020-06-097.5CVE-2020-9838
MISC
apple -- macos_catalina
 
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.5. A file may be incorrectly rendered to execute JavaScript.2020-06-099.3CVE-2020-9788
MISC
apple -- macos_catalina
 
An integer overflow was addressed through improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.2020-06-099.3CVE-2020-9841
MISC
apple -- macos_catalina
 
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.2020-06-099.3CVE-2020-9834
MISC
apple -- macos_catalina
 
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.2020-06-099.3CVE-2020-9830
MISC
apple -- macos_catalina
 
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to execute arbitrary code with kernel privileges.2020-06-099.3CVE-2020-9822
MISC
apple -- macos_catalina
 
A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges.2020-06-099.3CVE-2020-9817
MISC
apple -- multiple_productsA logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.2020-06-099.3CVE-2020-9814
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.2020-06-097.5CVE-2020-9850
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.2020-06-097.8CVE-2020-9844
MISC
MISC
apple -- multiple_products
 
An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.2020-06-099.3CVE-2020-9852
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.2020-06-099.3CVE-2020-9821
MISC
MISC
MISC
MISC
apple -- multiple_products
 
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.2020-06-099.3CVE-2020-9816
MISC
MISC
MISC
MISC
apple -- multiple_products
 
An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.2020-06-097.1CVE-2020-9812
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to execute arbitrary code with kernel privileges.2020-06-099.3CVE-2020-9795
MISC
MISC
MISC
MISC
apple -- multiple_products
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.2020-06-099.3CVE-2020-9815
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause arbitrary code execution.2020-06-099.3CVE-2020-9793
MISC
MISC
MISC
MISC
apple -- multiple_products
 
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.2020-06-099.3CVE-2020-9791
MISC
MISC
MISC
MISC
apple -- multiple_products
 
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.2020-06-099.3CVE-2020-9790
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_products
 
An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine kernel memory layout.2020-06-097.1CVE-2020-9809
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.2020-06-099.3CVE-2020-9813
MISC
MISC
MISC
MISC
apple -- multiple_products
 
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.2020-06-099.3CVE-2020-9789
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.2020-06-057.2CVE-2020-9859
MISC
artica -- pandora_fms
 
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.2020-06-119CVE-2020-13855
MISC
MISC
artica -- pandora_fms
 
Artica Pandora FMS 7.44 allows privilege escalation.2020-06-1110CVE-2020-13854
MISC
MISC
artica -- pandora_fms
 
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.2020-06-119CVE-2020-13852
MISC
MISC
artica -- pandora_fms
 
Artica Pandora FMS 7.44 allows remote command execution via the events feature.2020-06-119CVE-2020-13851
MISC
MISC
citrix -- workspace_app
 
Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application.2020-06-087.2CVE-2020-13885
MISC
CONFIRM
citrix -- workspace_app
 
Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application.2020-06-087.2CVE-2020-13884
MISC
CONFIRM
docker -- docker_desktop
 
An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges.2020-06-057.2CVE-2020-11492
MISC
MISC
facade -- ignitionThe Ignition page before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env.2020-06-077.5CVE-2020-13909
MISC
MISC
google -- android
 
In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1476063472020-06-107.2CVE-2020-0114
MISC
google -- android
 
In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-1500384282020-06-107.2CVE-2020-0115
MISC
google -- android
 
In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1395329772020-06-117.2CVE-2020-0165
MISC
google -- android
 
In RW_T4tPresenceCheck of rw_t4t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1413314052020-06-117.5CVE-2020-0217
MISC
google -- android
 
In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-1511551942020-06-1010CVE-2020-0117
MISC
huawei -- multiple_products
 
Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device.2020-06-087.5CVE-2020-9099
MISC
ibm -- websphere_application_server
 
IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228.2020-06-0510CVE-2020-4448
XF
CONFIRM
MISC
ibm -- websphere_application_server
 
IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231.2020-06-0510CVE-2020-4450
XF
CONFIRM
MISC
ibm -- worklight/mobilefoundation
 
IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. IBM X-Force ID: 175211.2020-06-057.5CVE-2020-4229
XF
CONFIRM
lg -- multiple_mobile_devices
 
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020).2020-06-0510CVE-2020-13839
CONFIRM
lg -- multiple_mobile_devices
 
An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020).2020-06-0510CVE-2020-13841
CONFIRM
lg -- multiple_mobile_devices
 
An issue was disefscovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020).2020-06-057.5CVE-2020-13840
CONFIRM
microsoft -- chakracore_and_edge_(edgehtml-based)A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.2020-06-099.3CVE-2020-1073
MISC
microsoft -- internet_explorer_9_and_11A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1260.2020-06-097.6CVE-2020-1230
MISC
microsoft -- internet_explorer_9_and_11A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260.2020-06-097.6CVE-2020-1214
MISC
microsoft -- internet_explorer_9_and_11A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260.2020-06-097.6CVE-2020-1215
MISC
microsoft -- internet_explorer_9_and_11A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1230, CVE-2020-1260.2020-06-097.6CVE-2020-1216
MISC
microsoft -- internet_explorer_9_and_11
 
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260.2020-06-097.6CVE-2020-1213
MISC

microsoft -- multiple_products

An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1163.2020-06-097.2CVE-2020-1170
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1170.2020-06-097.2CVE-2020-1163
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310.2020-06-097.2CVE-2020-1247
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1253, CVE-2020-1310.2020-06-097.2CVE-2020-1251
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when Windows Modules Installer Service improperly handles class object members.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Modules Installer Service Elevation of Privilege Vulnerability'.2020-06-097.2CVE-2020-1254
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1251, CVE-2020-1310.2020-06-097.2CVE-2020-1253
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1251, CVE-2020-1253.2020-06-097.2CVE-2020-1310
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1247, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310.2020-06-097.2CVE-2020-1207
MISC
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.2020-06-097.2CVE-2020-0986
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0915.2020-06-097.2CVE-2020-0916
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0916.2020-06-097.2CVE-2020-0915
MISC
microsoft -- multiple_windows_products
 
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1208.2020-06-099.3CVE-2020-1236
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.2020-06-097.2CVE-2020-1246
MISC
microsoft -- windows_10_and_windows_server
 
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.2020-06-099.3CVE-2020-1248
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2016_and_2019

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'.2020-06-097.2CVE-2020-1197
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2016_and_2019

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.2020-06-097.2CVE-2020-1266
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2016_and_2019

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.2020-06-097.1CVE-2020-1283
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.2020-06-097.2CVE-2020-1258
MISC
perl -- perl
 
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.2020-06-057.5CVE-2020-10543
CONFIRM
CONFIRM
CONFIRM
GENTOO
CONFIRM
perl -- perl
 
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.2020-06-057.5CVE-2020-10878
CONFIRM
CONFIRM
CONFIRM
CONFIRM
GENTOO
CONFIRM
qbik -- wingate
 
WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse.2020-06-087.2CVE-2020-13866
MISC
MISC
FULLDISC
targetcli-fb -- targetcli-fb
 
Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).2020-06-057.5CVE-2020-13867
MISC

tibco -- managed_file_transfer_platform_server_for_ibm_i

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.2020-06-0910CVE-2020-9412
CONFIRM
CONFIRM

tibco -- managed_file_transfer_platform_server_for_ibm_i

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component. This vulnerability is exploitable when the configuration option 'Require Node Resp' is set to 'No'. In the event of a successful exploit, the attacker could theoretically read and write any file on the file system accessible to the affected component, thus fully affecting the confidentiality, integrity, and availability of the operating system hosting the deployment of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.2020-06-099.3CVE-2020-9411
CONFIRM
CONFIRM
wordpress -- wordpress
 
The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.2020-06-087.5CVE-2020-12800
MISC
CONFIRM
zephyrproject -- zephyr
 
An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.2020-06-057.5CVE-2020-10062
MISC
MISC
MISC
MISC
zephyrproject -- zephyr
 
The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.2020-06-057.5CVE-2020-10071
MISC
MISC
MISC
MISC
zephyrproject -- zephyr
 
In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.2020-06-057.5CVE-2020-10070
MISC
MISC
MISC
MISC
zoom -- zoom_client
 
An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability.2020-06-087.5CVE-2020-6109
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Produ-t4jra9i0r3OJI{ct
DescriptionPublishedCVSS ScoreSource & Patch Info
apple -- ios_and_ipados
 
An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 13.5 and iPadOS 13.5. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing.2020-06-095CVE-2020-9835
MISC
apple -- ios_and_ipados
 
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to modify the file system.2020-06-095CVE-2020-9820
MISC
apple -- ios_and_ipados
 
This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5. Users removed from an iMessage conversation may still be able to alter state.2020-06-095CVE-2020-9823
MISC
apple -- macos_catalina
 
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.5. A local attacker may be able to elevate their privileges.2020-06-094.6CVE-2020-9855
MISC
apple -- macos_catalina
 
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. Inserting a USB device that sends invalid messages may cause a kernel panic.2020-06-094.9CVE-2020-9804
MISC
apple -- macos_catalina
 
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges.2020-06-094.6CVE-2020-9856
MISC
apple -- macos_catalina
 
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A non-privileged user may be able to modify restricted network settings.2020-06-095CVE-2020-9824
MISC
apple -- macos_catalina
 
A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.5. A local user may be able to read kernel memory.2020-06-094.9CVE-2020-9833
MISC
apple -- macos_catalina
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout.2020-06-094.3CVE-2020-9831
MISC
apple -- macos_catalina
 
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to modify protected parts of the file system.2020-06-094.3CVE-2020-9851
MISC
apple -- macos_catalina
 
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout.2020-06-094.3CVE-2020-9832
MISC
apple -- macos_catalina
 
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. Importing a maliciously crafted calendar invitation may exfiltrate user information.2020-06-094.3CVE-2020-3882
MISC
apple -- macos_catalina
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox.2020-06-096.8CVE-2020-9847
MISC
apple -- multiple_productsAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory.2020-06-095CVE-2020-9837
MISC
MISC
MISC
apple -- multiple_products
 
An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.2020-06-094.3CVE-2020-9811
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted text message may lead to application denial of service.2020-06-094.3CVE-2020-9829
MISC
MISC
MISC
apple -- multiple_products
 
This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to use arbitrary entitlements.2020-06-094.3CVE-2020-9842
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to cause unexpected system termination or write kernel memory.2020-06-095.8CVE-2020-9808
MISC
MISC
MISC
MISC
apple -- multiple_products
 
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.2020-06-095.8CVE-2020-9794
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service.2020-06-095CVE-2020-9827
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service.2020-06-095CVE-2020-9826
MISC
MISC
apple -- multiple_products
 
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack.2020-06-094.3CVE-2020-9843
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.2020-06-095.1CVE-2020-9839
MISC
MISC
MISC
MISC
apple -- multiple_products
 
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine another application's memory layout.2020-06-094.3CVE-2020-9797
MISC
MISC
MISC
MISC
apple -- multiple_products
 
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.2020-06-096.8CVE-2020-9818
MISC
MISC
MISC
apple -- multiple_products
 
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.2020-06-096.8CVE-2020-9806
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.2020-06-096.8CVE-2020-9800
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_products
 
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A malicious application may be able to bypass Privacy preferences.2020-06-096.8CVE-2020-9825
MISC
MISC
apple -- multiple_products
 
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.2020-06-094.3CVE-2020-9805
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.2020-06-096.8CVE-2020-9802
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.2020-06-096.8CVE-2020-9803
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.2020-06-096.8CVE-2020-9807
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_products
 
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption.2020-06-094.3CVE-2020-9819
MISC
MISC
MISC
MISC
apple -- safari
 
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A malicious process may cause Safari to launch an application.2020-06-094.6CVE-2020-9801
MISC
artica -- pandora_fms
 
Artica Pandora FMS 7.44 has inadequate access controls on a web folder.2020-06-115CVE-2020-13850
MISC
MISC
bolt -- bolt
 
In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented. This is fixed in Bolt 3.7.1.2020-06-084.3CVE-2020-4041
MISC
MISC
CONFIRM
bolt -- bolt
 
Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.12020-06-084.3CVE-2020-4040
MISC
MISC
CONFIRM
combodo -- itop
 
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.2020-06-054.3CVE-2020-11697
CONFIRM
CONFIRM
combodo -- itop
 
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.2020-06-054.3CVE-2020-11696
CONFIRM
CONFIRM
couchbase -- couchbase_server
 
In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request.2020-06-086.8CVE-2020-9042
CONFIRM
couchbase -- couchbase_server_and_couchbase_sync_gateway
 
In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections.2020-06-085CVE-2020-9041
CONFIRM
couchbase -- couchbase_server_java_sdk
 
Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname verification.2020-06-085CVE-2020-9040
CONFIRM
craft -- craft_cms
 
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity.2020-06-054.3CVE-2020-13868
MISC
d-link -- multiple_devices
 
D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name.2020-06-085CVE-2020-13960
MISC
dext5 -- dext5
 
handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field.2020-06-075CVE-2020-13894
MISC
ffmpeg -- ffmpeg
 
FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c.2020-06-074.3CVE-2020-13904
MISC
MISC
freedesktop -- dbus
 
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.2020-06-084.9CVE-2020-12049
CONFIRM
MISC
MISC
MISC
MISC
google -- android
 
In setSyncSampleParams of SampleTable.cpp, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1247713642020-06-116.8CVE-2020-0160
MISC
google -- android
 
In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1452067632020-06-114.6CVE-2020-0210
MISC
google -- android
 
In markBootComplete of InstalldNativeService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1402375922020-06-114.6CVE-2020-0124
MISC
google -- android
 
In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1452068422020-06-114.6CVE-2020-0209
MISC
google -- android
 
In phNxpNciHal_write_ext of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1397335432020-06-114.6CVE-2020-0153
MISC
google -- android
 
In rw_t3t_message_set_block_list of rw_t3t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1422803292020-06-114.6CVE-2020-0150
MISC
google -- android
 
In phNxpNciHal_send_ese_hal_cmd of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1397363862020-06-114.6CVE-2020-0155
MISC
google -- android
 
In multiple locations of Parcel.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1200784552020-06-114.6CVE-2020-0136
MISC
google -- android
 
In ihevcd_iquant_itrans_recon_ctb of ihevcd_iquant_itrans_recon_ctb.c and related functions, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1446869612020-06-114.3CVE-2020-0195
MISC
google -- android
 
In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1452070982020-06-114.6CVE-2020-0208
MISC
google -- android
 
In sendCaptureResult of Camera3OutputUtils.cpp, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-1509449132020-06-104.9CVE-2020-0113
MISC
google -- android
 
In checkSystemLocationAccess of LocationAccessPolicy.java, there is a possible bypass of user profile isolation due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1513308092020-06-104.9CVE-2020-0116
MISC
google -- android
 
In addListener of RegionSamplingThread.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1509046942020-06-106.9CVE-2020-0118
MISC
google -- android
 
In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1239409192020-06-115CVE-2020-0128
MISC
google -- android
 
In setIPv6AddrGenMode of NetworkManagementService.java, there is a possible bypass of networking permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1419202892020-06-114.6CVE-2020-0137
MISC
google -- android
 
In SetData of btm_ble_multi_adv.cc, there is a possible out-of-bound write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1232920102020-06-114.6CVE-2020-0129
MISC
google -- android
 
In next_marker of jdmarker.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1355322892020-06-114.3CVE-2020-0207
MISC
google -- android
 
In rw_i93_sm_format of rw_i93.c, there is a possible information disclosure due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1464357612020-06-115CVE-2020-0142
MISC
google -- android
 
In ihevc_intra_pred_chroma_mode_3_to_9_av8 of ihevc_intra_pred_chroma_mode_3_to_9.s, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1445954882020-06-114.3CVE-2020-0193
MISC
google -- android
 
In avdt_msg_prs_rej of avdt_msg.cc, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-797024842020-06-115CVE-2020-0176
MISC
google -- android
 
In ih264d_decode_slice_thread of ih264d_thread_parse_decode.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1446870802020-06-114.3CVE-2020-0192
MISC
google -- android
 
In ih264d_update_default_index_list() of ih264d_dpb_mgr.c, there is a possible out of bounds read due to a logic error. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1405614842020-06-114.3CVE-2020-0191
MISC
google -- android
 
In GetOpusHeaderBuffers() of OpusHeader.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1428617382020-06-114.3CVE-2020-0180
MISC
google -- android
 
In multiple functions of URI.java, there is a possible escalation of privilege due to missing validation in the parceling of URI information. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1245268602020-06-114.6CVE-2020-0166
MISC
google -- android
 
In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. This could lead to local elevation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1228360812020-06-114.6CVE-2020-0219
MISC
google -- android
 
In rw_i93_sm_detect_ndef of rw_i93.c, there is a possible information disclosure due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1460532152020-06-115CVE-2020-0140
MISC
google -- android
 
In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1450750762020-06-115CVE-2020-0181
MISC
google -- android
 
In ce_t4t_process_select_file_cmd of ce_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1402922642020-06-115CVE-2020-0214
MISC
google -- android
 
In load of ResourceTypes.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1294751002020-06-114.3CVE-2020-0167
MISC
google -- android
 
In parseSampleAuxiliaryInformationSizes of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1245255152020-06-114.3CVE-2020-0163
MISC
google -- android
 
In parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1245269592020-06-114.3CVE-2020-0162
MISC
google -- android
 
In parseChunk of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1279735502020-06-114.3CVE-2020-0161
MISC
goole -- android
 
In nfa_hci_conn_cback of nfa_hci_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1397408142020-06-114CVE-2020-0157
MISC
hesk -- hesk
 
HESK before 3.1.10 allows reflected XSS.2020-06-074.3CVE-2020-13897
MISC
huawei -- multiple_devices
 
Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones.2020-06-055CVE-2020-9074
MISC
huawei -- multiple_products
 
Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak vulnerability. An attacker with high privileges exploits this vulnerability by continuously performing specific operations. Successful exploitation of this vulnerability can cause service abnormal.2020-06-054CVE-2020-1883
MISC
ibm -- maximo_asset_management
 
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713.2020-06-086.5CVE-2020-4529
XF
CONFIRM
ibm -- websphere_application_server
 
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230.2020-06-055CVE-2020-4449
XF
CONFIRM
MISC
imagemagik -- imagemagik
 
ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.2020-06-075.8CVE-2020-13902
MISC
lg -- multiple_mobile_devices
 
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020).2020-06-054.6CVE-2020-13842
CONFIRM
lg -- multiple_mobile_devices
 
An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).2020-06-054.9CVE-2020-13843
CONFIRM
libreoffice -- libreoffice
 
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.4.4 LibreOffice allowed forms to be submitted to any URI, including file: URIs, enabling form submissions to overwrite local files. User-interaction is required to submit the form, but to avoid the possibility of malicious documents engineered to maximize the possibility of inadvertent user submission this feature has now been limited to http[s] URIs, removing the possibility to overwrite local files. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.2020-06-084.3CVE-2020-12803
MISC
libreoffice -- libreoffice
 
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.2020-06-084.3CVE-2020-12802
MISC
microsoft -- multiple_productsAn elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293.2020-06-094.6CVE-2020-1278
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.2020-06-094.6CVE-2020-1264
MISC
microsoft -- multiple_products
 
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278.2020-06-094.6CVE-2020-1293
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293.2020-06-094.6CVE-2020-1257
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when an OLE Automation component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'OLE Automation Elevation of Privilege Vulnerability'.2020-06-096.8CVE-2020-1212
MISC
microsoft -- multiple_windows_products
 
A denial of service vulnerability exists when Windows Registry improperly handles filesystem operations, aka 'Windows Registry Denial of Service Vulnerability'.2020-06-094.9CVE-2020-1194
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.2020-06-096.5CVE-2020-1255
MISC
microsoft -- multiple_windows_products
 
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1238.2020-06-096.8CVE-2020-1239
MISC
MISC

microsoft -- sharepoint_enterprise_server_2013_and_2016_and_sharepoint_server_2010_and_2019

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.2020-06-096.5CVE-2020-1181
MISC
MISC
microsoft -- sharepoint_server
 
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka 'Microsoft SharePoint Server Elevation of Privilege Vulnerability'.2020-06-096.5CVE-2020-1178
MISC

microsoft -- windows_10_and_windows_server

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.2020-06-094.6CVE-2020-1273
MISC

microsoft -- windows_10_and_windows_server

A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1244.2020-06-094.9CVE-2020-1120
MISC

microsoft -- windows_10_and_windows_server

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.2020-06-094.6CVE-2020-1275
MISC

microsoft -- windows_10_and_windows_server

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334.2020-06-094.6CVE-2020-1265
MISC

microsoft -- windows_10_and_windows_server

An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'.2020-06-096.8CVE-2020-1209
MISC

microsoft -- windows_10_and_windows_server

An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'.2020-06-095CVE-2020-1206
MISC
MISC
microsoft -- windows_10_and_windows_server
 
A denial of service vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Denial of Service Vulnerability'.2020-06-094.3CVE-2020-1284
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2016_and_2019

A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.The update addresses the vulnerability by correcting how Windows Kernel handles parameter sanitization., aka 'Windows Kernel Security Feature Bypass Vulnerability'.2020-06-096.8CVE-2020-1241
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2016_and_2019

A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1120.2020-06-095.8CVE-2020-1244
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2016_and_2019

An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'.2020-06-096.8CVE-2020-1211
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2016_and_2019

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334.2020-06-096.8CVE-2020-1235
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2016_and_2019

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'.2020-06-094.3CVE-2020-1232
MISC
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1239.2020-06-096.8CVE-2020-1238
MISC
MISC
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

An information disclosure vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Information Disclosure Vulnerability'.2020-06-096.8CVE-2020-1217
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.2020-06-094.6CVE-2020-1274
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1307, CVE-2020-1316.2020-06-094.6CVE-2020-1276
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.2020-06-096.8CVE-2020-1237
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege (user to user) vulnerability exists in Windows Security Health Service when handling certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1324.2020-06-094.6CVE-2020-1162
MISC
mumble -- mumble
 
Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)2020-06-095CVE-2020-13962
MISC
MISC
MISC
nagios -- nagios
 
Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files.2020-06-094CVE-2020-13977
MISC
MISC
MISC
nextcloud -- talk
 
A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator.2020-06-086.5CVE-2020-8180
MISC
MISC
node.js -- node.js
 
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.2020-06-085.8CVE-2020-8172
MISC
MISC
opensearch -- opensearch_web_browser
 
OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link that opens another app in the browser can be manipulated]2020-06-085.8CVE-2020-8954
MISC
MISC
otrs -- open_ticket_request_systemBCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions.2020-06-084.3CVE-2020-1775
MISC
owasp -- json-sanitizer
 
OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause non-script content to be interpreted as JavaScript.2020-06-094.3CVE-2020-13973
MISC
pam_tacplus -- pam_tacplus
 
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.2020-06-064.3CVE-2020-13881
MLIST
MISC
MISC
MLIST
pengutronix -- barebox
 
Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check.2020-06-076.4CVE-2020-13910
MISC
perl -- perl
 
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.2020-06-055CVE-2020-12723
CONFIRM
CONFIRM
CONFIRM
MISC
MISC
GENTOO
CONFIRM
phpmailer -- phpmailer
 
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.2020-06-085CVE-2020-13625
CONFIRM
CONFIRM
MLIST
prisma -- graphql_playground
 
GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage() method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Note that some of the associated dependent middleware packages are also affected including but not limited to graphql-playground-middleware-express before version 1.7.16, graphql-playground-middleware-koa before version 1.6.15, graphql-playground-middleware-lambda before version 1.7.17, and graphql-playground-middleware-hapi before 1.6.13.2020-06-084.3CVE-2020-4038
MISC
MISC
CONFIRM
pydio -- cells
 
In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous user that obtains a valid public link can get the associated hidden account username and password and proceed to login to the web application. Once logged into the web application with the hidden user account, some actions that were not available with the public share link can now be performed.2020-06-055.8CVE-2020-12848
MISC
MISC
MISC
realtek -- adsl/pon_modern_soc_devices
 
A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the build-in network monitoring tool.2020-06-086.5CVE-2020-12773
MISC
roundcube -- webmail
 
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.2020-06-094.3CVE-2020-13965
MISC
MISC
MISC
MISC
CONFIRM
DEBIAN
roundcube -- webmail
 
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.2020-06-094.3CVE-2020-13964
MISC
MISC
MISC
CONFIRM
DEBIAN
solarwinds -- advanced_monitoring_agent
 
SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file.2020-06-076CVE-2020-13912
MISC
sqlite -- sqlite
 
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.2020-06-065CVE-2020-13871
MISC
MISC
MISC
swift_networks -- red_cheetahIn the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.2020-06-056.1CVE-2020-13646
MISC
videolan -- vlc_media_player
 
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.2020-06-086.8CVE-2020-13428
MISC
MISC
CONFIRM
whitesource -- application_vulnerability_management
 
The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data and false entries.2020-06-085CVE-2020-5304
MISC
MISC
wordpress -- wordpress
 
The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via the data/typeahead-generate.php q (aka name) parameter.2020-06-104.3CVE-2020-14010
MISC
ws02 -- multiple_products
 
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.2020-06-066.5CVE-2020-13883
MISC
xack -- xack_dns
 
XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver's performance or compromising the recursive resolver as a reflector in a reflection attack.2020-06-055CVE-2020-5591
MISC
MISC
zephyrproject -- zephyr
 
Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.2020-06-055.8CVE-2020-10061
MISC
MISC
MISC
MISC
MISC
MISC
zepthyr_project -- zephyr
 
A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.2020-06-055CVE-2020-10063
MISC
MISC
MISC
MISC
MISC
MISC
zoom -- zoom_client
 
An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to trigger this vulnerability. For the most severe effect, target user interaction is required.2020-06-086.8CVE-2020-6110
MISC

Back to top0-tw-0itw

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
angular -- angular.js
 
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.2020-06-083.5CVE-2020-7676
MISC
MISC
MISC
apple -- ios_and_ipados
 
An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5. A person with physical access to an iOS device may be able to view notification contents from the lockscreen.2020-06-092.1CVE-2020-9848
MISC
apple -- multiple_products
 
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A USB device may be able to cause a denial of service.2020-06-092.1CVE-2020-9792
MISC
MISC
arm -- arm8-a_coreArm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."2020-06-082.1CVE-2020-13844
CONFIRM
CONFIRM
MISC
CONFIRM
CONFIRM
artica -- pandora_fms
 
Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.2020-06-113.5CVE-2020-13853
MISC
MISC
bitdefender -- antivirus_free
 
A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178.2020-06-053.6CVE-2020-8103
CONFIRM
bludit -- bluditshowAlert() in the administration panel in Bludit 3.12.0 allows XSS.2020-06-063.5CVE-2020-13889
MISC
craft -- craft_cmsAn issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name.2020-06-053.5CVE-2020-13869
MISC
craft -- craft_cmsAn issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name.2020-06-053.5CVE-2020-13870
MISC
enhancesoft -- osticket
 
scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent.2020-06-103.5CVE-2020-14012
MISC
google -- android
 
In btu_hcif_mode_change_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1425440892020-06-112.1CVE-2020-0149
MISC
google -- android
 
In nfc_ncif_proc_t3t_polling_ntf of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1415471282020-06-112.1CVE-2020-0158
MISC
google -- android
 
In nci_proc_core_rsp of nci_hrcv.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1415509192020-06-112.1CVE-2020-0154
MISC
google -- android
 
In avb_vbmeta_image_verify of avb_vbmeta_image.c there is a possible out of bounds read due to a missing bounds check. This could lead to a local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1331643842020-06-112.1CVE-2020-0151
MISC
google -- android
 
In BnAAudioService::onTransact of IAAudioService.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1394738162020-06-112.1CVE-2020-0132
MISC
google -- android
 
In btu_hcif_pin_code_request_evt, btu_hcif_link_key_request_evt, and btu_hcif_link_key_notification_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1426384922020-06-112.1CVE-2020-0148
MISC
google -- android
 
In btu_hcif_esco_connection_chg_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1426383922020-06-112.1CVE-2020-0147
MISC
google -- android
 
In btu_hcif_hardware_error_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1425465612020-06-112.1CVE-2020-0146
MISC
google -- android
 
In btm_simple_pair_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1425440792020-06-112.1CVE-2020-0145
MISC
google -- android
 
In nfa_dm_ndef_find_next_handler of nfa_dm_ndef.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of heap data via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1455972772020-06-112.1CVE-2020-0143
MISC
google -- android
 
In NxpNfc::ioctl of NxpNfc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1397361272020-06-112.1CVE-2020-0156
MISC
google -- android
 
In avb_vbmeta_image_verify of avb_vbmeta_image.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1459921592020-06-112.1CVE-2020-0152
MISC
google -- android
 
In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1397361252020-06-112.1CVE-2020-0164
MISC
google -- android
 
In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1485173832020-06-112.1CVE-2020-0187
MISC
google -- android
 
In getAllConfigFlags of SettingsProvider.cpp, there is a possible illegal read due to a missing permission check. This could lead to local information disclosure of config flags with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1432993982020-06-112.1CVE-2020-0178
MISC
google -- android
 
In connect() of PanService.java, there is a possible permissions bypass. This could lead to local escalation of privilege to change network connection settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1262063532020-06-112.1CVE-2020-0177
MISC
google -- android
 
In updateUidProcState of AppOpsService.java, there is a possible permission bypass due to a logic error. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1481807662020-06-102.1CVE-2020-0121
MISC
google -- android
 
In rw_mfc_writeBlock of rw_mfc.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1407680352020-06-113.5CVE-2020-0159
MISC
google -- android
 
In BnDrm::onTransact of IDrm.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1460527712020-06-112.1CVE-2020-0134
MISC
google -- android
 
In NDEF_MsgValidate of ndef_utils.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malformed NFC tag is provided by the firmware. System execution privileges are needed and user interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1455204712020-06-112.1CVE-2020-0139
MISC
google -- android
 
In dump of RollbackManagerServiceImpl.java, there is a possible backup metadata exposure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1509498372020-06-112.1CVE-2020-0135
MISC
google -- android
 
In InitDataParser::parsePssh of InitDataParser.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1373703792020-06-112.1CVE-2020-0197
MISC
google -- android
 
In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-799451522020-06-112.1CVE-2020-0185
MISC
google -- android
 
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1471409172020-06-112.1CVE-2020-0182
MLIST
MISC
google -- android
 
In btm_proc_sp_req_evt of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1425434972020-06-112.1CVE-2020-0144
MISC
huawei -- multiple_smartphones
 
Some Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. The affected products and versions are: ALP-AL00B Versions earlier than 9.0.0.181(C00E87R2P20T8) ALP-L09 Versions earlier than 9.0.0.201(C432E4R1P9) ALP-L29 Versions earlier than 9.0.0.177(C185E2R1P12T8), Versions earlier than 9.0.0.195(C636E2R1P12) Anne-AL00 Versions earlier than 8.0.0.168(C00) BLA-AL00B Versions earlier than 9.0.0.181(C00E88R2P15T8) BLA-L09C Versions earlier than 9.0.0.177(C185E2R1P13T8), Versions earlier than 9.0.0.206(C432E4R1P11) BLA-L29C Versions earlier than 9.0.0.179(C576E2R1P7T8), Versions earlier than 9.0.0.194(C185E2R1P13), Versions earlier than 9.0.0.206(C432E4R1P11), Versions earlier than 9.0.0.210(C635E4R1P13) Berkeley-AL20 Versions earlier than 9.0.0.156(C00E156R2P14T8) Berkeley-L09 Versions earlier than 8.0.0.172(C432), Versions earlier than 8.0.0.173(C636) Emily-L29C Versions earlier than 9.0.0.159(C185E2R1P12T8), Versions earlier than 9.0.0.159(C461E2R1P11T8), Versions earlier than 9.0.0.160(C432E7R1P11T8), Versions earlier than 9.0.0.165(C605E2R1P12), Versions earlier than 9.0.0.168(C636E7R1P13T8), Versions earlier than 9.0.0.168(C782E3R1P11T8), Versions earlier than 9.0.0.196(C635E2R1P11T8) Figo-L03 Versions earlier than 9.1.0.130(C605E6R1P5T8) Figo-L21 Versions earlier than 9.1.0.130(C185E6R1P5T8), Versions earlier than 9.1.0.130(C635E6R1P5T8) Figo-L23 Versions earlier than 9.1.0.130(C605E6R1P5T8) Figo-L31 Versions earlier than 9.1.0.130(C432E8R1P5T8) Florida-L03 Versions earlier than 9.1.0.121(C605E5R1P1T8) Florida-L21 Versions earlier than 8.0.0.129(C605), Versions earlier than 8.0.0.131(C432), Versions earlier than 8.0.0.132(C185) Florida-L22 Versions earlier than 8.0.0.132(C636) Florida-L23 Versions earlier than 8.0.0.144(C605) HUAWEI P smart Versions earlier than 9.1.0.130(C185E6R1P5T8), Versions earlier than 9.1.0.130(C605E6R1P5T8) HUAWEI P smart, HUAWEI Y7s Versions earlier than 9.1.0.124(C636E6R1P5T8) HUAWEI P20 lite Versions earlier than 8.0.0.148(C635), Versions earlier than 8.0.0.155(C185), Versions earlier than 8.0.0.155(C605), Versions earlier than 8.0.0.156(C605), Versions earlier than 8.0.0.157(C432) HUAWEI nova 3e, HUAWEI P20 lite Versions earlier than 8.0.0.147(C461), Versions earlier than 8.0.0.148(ZAFC185), Versions earlier than 8.0.0.160(C185), Versions earlier than 8.0.0.160(C605), Versions earlier than 8.0.0.168(C432), Versions earlier than 8.0.0.172(C636) Honor View 10 Versions earlier than 9.0.0.202(C567E6R1P12T8) Leland-AL00A Versions earlier than 8.0.0.182(C00) Leland-L21A Versions earlier than 8.0.0.135(C185), Versions earlier than 9.1.0.118(C636E4R1P1T8) Leland-L22A Versions earlier than 9.1.0.118(C636E4R1P1T8) Leland-L22C Versions earlier than 9.1.0.118(C636E4R1P1T8) Leland-L31A Versions earlier than 8.0.0.139(C432)2020-06-082.1CVE-2019-19412
CONFIRM
microsoft -- edge_(edgehtml-based)
 
An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure Vulnerability'.2020-06-092.6CVE-2020-1242
MISC

microsoft -- multiple_sharepoint_products

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.2020-06-093.5CVE-2020-1297
MISC
microsoft -- multiple_sharepoint_productsA cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1320.2020-06-093.5CVE-2020-1318
MISC
microsoft -- multiple_sharepoint_products
 
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318.2020-06-093.5CVE-2020-1320
MISC
microsoft -- multiple_sharepoint_products
 
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.2020-06-093.5CVE-2020-1177
MISC
microsoft -- multiple_sharepoint_products
 
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.2020-06-093.5CVE-2020-1183
MISC
microsoft -- multiple_sharepoint_products
 
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1177, CVE-2020-1183, CVE-2020-1297, CVE-2020-1318, CVE-2020-1320.2020-06-093.5CVE-2020-1298
MISC
microsoft -- multiple_windows_products
 
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'.2020-06-092.1CVE-2020-1160
MISC

microsoft -- sharepoint_enterprise_server 2013_and_2016_and_sharepoint_server_2010_and_2019

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1289.2020-06-093.5CVE-2020-1148
MISC
microsoft -- sharepoint_foundation_2010
 
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1148.2020-06-093.5CVE-2020-1289
MISC
microsoft -- windows_10_and_windows_server
 
An information disclosure vulnerability exists when a Windows service improperly handles objects in memory, aka 'Windows Service Information Disclosure Vulnerability'.2020-06-092.1CVE-2020-1268
MISC
neon -- neonThe Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard.2020-06-063.5CVE-2020-13890
MISC
pydio -- cellsPydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user.2020-06-053.5CVE-2020-12849
MISC
MISC
MISC
royal_apps -- royal_ts
 
Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach.2020-06-093.3CVE-2020-13872
MISC
FULLDISC
MISC
wordpress -- wordpress
 
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.2020-06-053.5CVE-2020-13864
MISC
wordpress -- wordpress
 
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.2020-06-053.5CVE-2020-13865
MISC
wordpress -- wordpress
 
The SportsPress plugin before 2.7.2 for WordPress allows XSS.2020-06-093.5CVE-2020-13892
MISC
your_online_shop -- your_online_shop
 
Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a Change Name or Change Surname operation.2020-06-093.5CVE-2020-13911
MISC
zephyrproject -- zephyr
 
In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.2020-06-053.3CVE-2020-10068
MISC
MISC
MISC
MISC
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- experience_managerAdobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.2020-06-12not yet calculatedCVE-2020-9645
CONFIRM
adobe -- experience_managerAdobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.2020-06-12not yet calculatedCVE-2020-9647
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.2020-06-12not yet calculatedCVE-2020-9651
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.2020-06-12not yet calculatedCVE-2020-9643
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.2020-06-12not yet calculatedCVE-2020-9644
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.2020-06-12not yet calculatedCVE-2020-9648
CONFIRM
adobe -- flash_player
 
Adobe Flash Player versions 32.0.0.371 and earlier, 32.0.0.371 and earlier, and 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-12not yet calculatedCVE-2020-9633
CONFIRM
GENTOO
adobe -- framemaker
 
Adobe Framemaker versions 2019.0.5 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-12not yet calculatedCVE-2020-9636
CONFIRM
adobe -- framemaker
 
Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-12not yet calculatedCVE-2020-9634
CONFIRM
adobe -- framemaker
 
Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-12not yet calculatedCVE-2020-9635
CONFIRM
apache -- karaf
 
In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role can call get*. It's possible to authenticate as a viewer role + invokes on the MLet getMBeansFromURL method, which goes off to a remote server to fetch the desired MBean, which is then registered in Karaf. At this point the attack fails as "viewer" doesn't have the permission to invoke on the MBean. Still, it could act as a SSRF style attack and also it essentially allows a "viewer" role to pollute the MBean registry, which is a kind of privilege escalation. The vulnerability is low as it's possible to add a ACL to limit access. Users should update to Apache Karaf 4.2.9 or newer.2020-06-12not yet calculatedCVE-2020-11980
MISC
apple -- windows_migration_assistant
 
A dynamic library loading issue was addressed with improved path searching. This issue is fixed in Windows Migration Assistant 2.2.0.0 (v. 1A11). Running the installer in an untrusted directory may result in arbitrary code execution.2020-06-09not yet calculatedCVE-2020-9858
MISC
arista -- cloud_eos_vm/veos
 
A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368.*, 4.21.4-FCRFX.*, 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1, 4.22.3.1, and 4.23.2.1 Router code in a scenario where TCP MSS options are configured.2020-06-10not yet calculatedCVE-2020-11622
MISC
CONFIRM
cd-messenger -- cd-messenger
 
cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the `color` argument executed by the `eval` function resulting in code execution.2020-06-10not yet calculatedCVE-2020-7675
MISC

ciphermail -- community_gateway_and_professional/enterprise_gateway_and_webmail_messenger

An issue was discovered in CipherMail Community Gateway and Professional/Enterprise Gateway 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger 1.1.1 through 3.1.1-0. Attackers with administrative access to the web interface have multiple options to escalate their privileges to the Unix root account.2020-06-11not yet calculatedCVE-2020-12713
MISC
MISC
MISC
MISC
MISC
MISC

ciphermail -- community_gateway_virtual_appliances_and_professional/enterprise_gateway_and_webmail_messenger_virtual_appliances

An issue was discovered in CipherMail Community Gateway Virtual Appliances and Professional/Enterprise Gateway Virtual Appliances versions 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger Virtual Appliances 1.1.1 through 3.1.1-0. A Diffie-Hellman parameter of insufficient size could allow man-in-the-middle compromise of communications between CipherMail products and external SMTP clients.2020-06-11not yet calculatedCVE-2020-12714
MISC
MISC
MISC
MISC
MISC
MISC
citrix -- xenapp
 
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered.2020-06-11not yet calculatedCVE-2020-13998
MISC
cypress -- psoc_creator_ble
 
The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 128 bits during BLE pairing. This is the case for both authenticated and unauthenticated pairing with both LE Secure Connections as well as LE Legacy Pairing. A predictable or brute-forceable random number allows an attacker (in radio range) to perform a MITM attack during BLE pairing.2020-06-09not yet calculatedCVE-2020-11957
CONFIRM
dell -- multiple_productsDell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which an unauthorized actor, with local system access with OS administrator privileges, could bypass the BIOS Administrator authentication to restore BIOS Setup configuration to default values.2020-06-10not yet calculatedCVE-2020-5362
MISC
dell -- multiple_products
 
Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive.2020-06-10not yet calculatedCVE-2020-5363
MISC
freebsd -- freebsd
 
In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with physical access to a USB port to be able to use a specially crafted USB device to gain kernel or user-space code execution.2020-06-09not yet calculatedCVE-2020-7456
MISC
geovision -- door_access_control_devicesGeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs.2020-06-12not yet calculatedCVE-2020-3930
MISC
geovision -- door_access_control_devicesGeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices.2020-06-12not yet calculatedCVE-2020-3928
MISC
geovision -- door_access_control_devices
 
GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages.2020-06-12not yet calculatedCVE-2020-3929
MISC

gitlab -- gitlab_community_and_enterprise_editions

A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.12020-06-10not yet calculatedCVE-2020-13267
CONFIRM
MISC
MISC

gitlab -- gitlab_community_and_enterprise_editions

Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions2020-06-09not yet calculatedCVE-2020-13266
CONFIRM
MISC

gitlab -- gitlab_community_and_enterprise_editions

A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.12020-06-10not yet calculatedCVE-2020-13269
CONFIRM
MISC
MISC

gitlab -- gitlab_community_and_enterprise_editions

A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.12020-06-10not yet calculatedCVE-2020-13268
CONFIRM
MISC
MISC

gitlab -- gitlab_community_and_enterprise_editions

A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.12020-06-10not yet calculatedCVE-2020-13271
CONFIRM
MISC
MISC

gitlab -- gitlab_community_and_enterprise_editions

Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API2020-06-10not yet calculatedCVE-2020-13270
CONFIRM
MISC
MISC
google -- androidIn RTTTL_Event of eas_rtttl.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1237003832020-06-11not yet calculatedCVE-2020-0169
MISC
google -- androidIn _onBufferDestroyed of InputBufferManager.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1351408542020-06-11not yet calculatedCVE-2020-0212
MISC
google -- android
 
Missing SSL Certificate Validation in the Nutfind.com application through 3.9.12 for Android allows a man-in-the-middle attacker to sniff and manipulate all API requests, including login credentials and location data.2020-06-12not yet calculatedCVE-2019-16252
MISC
google -- android
 
In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1262040732020-06-11not yet calculatedCVE-2020-0216
MISC
google -- android
 
In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possible heap disclosure due to a race condition. This could lead to remote information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1425447932020-06-11not yet calculatedCVE-2020-0141
MISC
google -- android
 
In ihevcd_ref_list() of ihevcd_ref_list.c, there is a possible infinite loop due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1416889742020-06-11not yet calculatedCVE-2020-0184
MISC
google -- android
 
In addOrUpdateNetworkInternal and related functions of WifiConfigManager.java, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1505002472020-06-10not yet calculatedCVE-2020-0119
MISC
google -- android
 
In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1378789302020-06-11not yet calculatedCVE-2020-0126
MISC
google -- android
 
In AudioStream::decode of AudioGroup.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the phone process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1400545062020-06-11not yet calculatedCVE-2020-0127
MISC
google -- android
 
In MockLocationAppPreferenceController.java, it is possible to mock the GPS location of the device due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1451360602020-06-11not yet calculatedCVE-2020-0133
MISC
google -- android
 
In parseChunk of MPEG4Extractor.cpp, there is a possible out of bounds write due to incompletely initialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1511596382020-06-11not yet calculatedCVE-2020-0131
MISC
google -- android
 
In loadSoundModel and related functions of SoundTriggerHwService.cpp, there is possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1360059052020-06-11not yet calculatedCVE-2020-0218
MISC
google -- android
 
In get_element_attr_rsp of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if bluetoothtbd were used, which it isn't in typical Android platforms, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1428784162020-06-11not yet calculatedCVE-2020-0138
MISC
google -- android
 
In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege of a pairing Bluetooth MAC address with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1404172482020-06-11not yet calculatedCVE-2020-0215
MISC
google -- android
 
In handleMessage of BluetoothManagerService, there is an incomplete reset. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1101814792020-06-11not yet calculatedCVE-2020-0183
MISC
google -- android
 
In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1438265902020-06-11not yet calculatedCVE-2020-0194
MISC
google -- android
 
In hevcd_fmt_conv_420sp_to_420sp_av8 of ihevcd_fmt_conv_420sp_to_420sp.s, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1434643142020-06-11not yet calculatedCVE-2020-0213
MISC
google -- android
 
In ihevcd_decode() of ihevcd_decode.c, there is possible resource exhaustion due to an infinite loop. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1399392832020-06-11not yet calculatedCVE-2020-0189
MISC
google -- android
 
In onCreatePermissionRequest of SettingsSliceProvider.java, there is a possible permissions bypass due to a PendingIntent error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1473558972020-06-11not yet calculatedCVE-2020-0188
MISC
google -- android
 
In doSendObjectInfo of MtpServer.cpp, there is a possible path traversal attack due to insufficient input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is required for exploitation.Product: AndroidVersions: Android-10Android ID: A-1306569172020-06-11not yet calculatedCVE-2020-0179
MISC
google -- android
 
In main of main.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1502252552020-06-11not yet calculatedCVE-2020-0233
MISC
google -- android
 
In Parse_lins of eas_mdls.c, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1273137642020-06-11not yet calculatedCVE-2020-0173
MISC
google -- android
 
In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv of impeg2_format_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1377983822020-06-11not yet calculatedCVE-2020-0168
MISC
google -- android
 
In onStart of MainActivity.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1429365252020-06-11not yet calculatedCVE-2020-0202
MISC
google -- android
 
In ideint_weave_blk of ideint_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1403248902020-06-11not yet calculatedCVE-2020-0190
MISC
google -- android
 
In Parse_ptbl of eas_mdls.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1273135372020-06-11not yet calculatedCVE-2020-0174
MISC
google -- android
 
In Parse_art of eas_mdls.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1273125502020-06-11not yet calculatedCVE-2020-0172
MISC
google -- android
 
In Parse_lart of eas_mdls.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1273132232020-06-11not yet calculatedCVE-2020-0171
MISC
google -- android
 
In IMY_Event of eas_imelody.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1273108102020-06-11not yet calculatedCVE-2020-0170
MISC
google -- android
 
In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1464289412020-06-11not yet calculatedCVE-2020-0198
MLIST
MISC
google -- android
 
In RegisterNotificationResponse::GetEvent of register_notification_packet.cc, there is a possible abort due to improper input validation. This could lead to remote denial of service of the Bluetooth service, over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1440668332020-06-11not yet calculatedCVE-2020-0196
MISC
google -- android
 
In the settings app, there is a possible app crash due to improper input validation. This could lead to local denial of service of the Settings app with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1360050612020-06-11not yet calculatedCVE-2020-0206
MISC
google -- android
 
In XMF_ReadNode of eas_xmf.c, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1263808182020-06-11not yet calculatedCVE-2020-0175
MISC
google -- android
 
In freeIsolatedUidLocked of ProcessList.java, there is a possible UID reuse due to improper cleanup. This could lead to local escalation of privilege between constrained processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1463133112020-06-11not yet calculatedCVE-2020-0203
MISC
google -- android
 
In InstallPackage of package.cpp, there is a possible bypass of a signature check due to a Time of Check/Time of Use condition. This could lead to local escalation of privilege by allowing a bypass of the initial zip file signature check for an OS update with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1364981302020-06-11not yet calculatedCVE-2020-0204
MISC
google -- android
 
In the DaalaBitReader constructor of entropy_decoder.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the media server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1472340202020-06-11not yet calculatedCVE-2020-0205
MISC
google -- android
 
In SumCompoundHorizontalTaps of convolve_neon.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1474917732020-06-11not yet calculatedCVE-2020-0211
MISC
google -- android
 
In showSecurityFields of WifiConfigController.java there is a possible credential leak due to a confused deputy. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1436017272020-06-11not yet calculatedCVE-2020-0201
MISC
google -- android
 
In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a possible use-after-free due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1421424062020-06-11not yet calculatedCVE-2020-0199
MISC
google -- android
 
In ReadLittleEndian of raw_bit_reader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the media server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1472318622020-06-11not yet calculatedCVE-2020-0200
MISC
google -- android
 
In hal_fd_init of hal_fd.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1461444632020-06-11not yet calculatedCVE-2020-0186
MISC
hashicorp -- consul_and_consul_enterprise
 
HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.2020-06-11not yet calculatedCVE-2020-13170
CONFIRM
CONFIRM
CONFIRM
hashicorp -- consul_and_consul_enterprise
 
HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4.2020-06-11not yet calculatedCVE-2020-12758
CONFIRM
CONFIRM
CONFIRM
hashicorp -- consul_and_consul_enterprise
 
HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.2020-06-11not yet calculatedCVE-2020-12797
CONFIRM
CONFIRM
CONFIRM
hashicorp -- consul_and_consul_enterprise
 
HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4.2020-06-11not yet calculatedCVE-2020-13250
CONFIRM
CONFIRM
CONFIRM
hashicorp -- vault_and_vault_enterpriseHashiCorp Vault and Vault Enterprise 1.4.x before 1.4.2 has Incorrect Access Control.2020-06-10not yet calculatedCVE-2020-12757
MISC
CONFIRM
hashicorp -- vault_and_vault_enterprise
 
HashiCorp Vault and Vault Enterprise before 1.3.6, and 1.4.2 before 1.4.2, insert Sensitive Information into a Log File.2020-06-10not yet calculatedCVE-2020-13223
MISC
MISC
hcl -- digital_experience"HCL Digital Experience is susceptible to Server Side Request Forgery."2020-06-11not yet calculatedCVE-2020-4101
MISC
http_file_server -- http_file_server
 
rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers.2020-06-08not yet calculatedCVE-2020-13432
MISC
MISC
FULLDISC
MISC
MISC
MISC
ibm -- api_connect
 
IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489.2020-06-12not yet calculatedCVE-2020-4251
XF
CONFIRM
ibm -- multiple_aspera_products
 
Certain IBM Aspera applications are vulnerable to command injection after valid authentication, which could allow an attacker with intimate knowledge of the system to execute commands in a SOAP API. IBM X-Force ID: 180810.2020-06-10not yet calculatedCVE-2020-4432
XF
CONFIRM
ibm -- multiple_aspera_products
 
Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180900.2020-06-10not yet calculatedCVE-2020-4434
XF
CONFIRM
ibm -- multiple_aspera_products
 
Certain IBM Aspera applications are vulnerable to arbitrary memory corruption based on the product configuration, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service (DoS) through the http fallback service. IBM X-Force ID: 180901.2020-06-10not yet calculatedCVE-2020-4435
XF
CONFIRM
ibm -- multiple_aspera_products
 
Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM X-Force ID: 180814.2020-06-10not yet calculatedCVE-2020-4433
XF
CONFIRM
ibm -- multiple_aspera_products
 
Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service. IBM X-Force ID: 180902.2020-06-10not yet calculatedCVE-2020-4436
XF
CONFIRM
ibm -- qradar_network_packet_captureIBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and 7.4.0 GA does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166803.2020-06-10not yet calculatedCVE-2019-4576
XF
CONFIRM
ibm -- workload_scheduler
 
IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179160.2020-06-11not yet calculatedCVE-2020-4380
XF
CONFIRM
icanga -- icanga2An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user.2020-06-12not yet calculatedCVE-2020-14004
CONFIRM
MISC
MISC
MISC
MISC
inductive_automation -- ignitionThe affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10), allowing an attacker to obtain sensitive information.2020-06-09not yet calculatedCVE-2020-12004
MISC
inductive_automation -- ignition
 
The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10), allowing an attacker to obtain sensitive information.2020-06-09not yet calculatedCVE-2020-12000
MISC
inductive_automation -- ignition
 
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10), allowing an attacker to obtain sensitive information.2020-06-09not yet calculatedCVE-2020-10644
MISC
irfanview -- irfanviewIrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038eb7.2020-06-10not yet calculatedCVE-2020-13906
MISC
MISC
irfanview -- irfanview
 
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038ed4.2020-06-10not yet calculatedCVE-2020-13905
MISC
MISC
joomla! -- joomla!The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection attack by a trusted store manager.2020-06-09not yet calculatedCVE-2020-13996
MISC
MISC
kata_containers -- kata_containersA malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; Kata Containers 1.9 and earlier versions.2020-06-10not yet calculatedCVE-2020-2026
MISC
MISC
MISC
MISC
kata_containers -- kata_containers
 
Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; and Kata Containers 1.9 and earlier versions.2020-06-10not yet calculatedCVE-2020-2023
MISC
MISC
MISC
MISC
MISC
MISC
MISC
lenovo -- multiple_devices
 
A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges.2020-06-09not yet calculatedCVE-2019-6173
MISC
lenovo -- multiple_devices
 
A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation.2020-06-09not yet calculatedCVE-2019-6196
MISC
lenovo -- multiple_thinkpad_devicesThe BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.2020-06-09not yet calculatedCVE-2020-8334
MISC
lenovo -- multiple_thinkpad_devicesLenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.2020-06-09not yet calculatedCVE-2020-8336
MISC
lenovo -- mutliple_thinkpad_devices
 
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.2020-06-09not yet calculatedCVE-2020-8320
MISC
lenovo -- notebook_and_thinkstation_devices
 
A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.2020-06-09not yet calculatedCVE-2020-8321
MISC
lenovo -- notebook_and_thinkstation_devices
 
A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.2020-06-09not yet calculatedCVE-2020-8322
MISC
lenovo -- thinkpad_and_notebook_and_thinkstation_devices
 
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.2020-06-09not yet calculatedCVE-2020-8323
MISC
lenovo -- thinksystem_devices
 
A potential vulnerability in the BIOS configuration of some ThinkSystem models due to missing DMA protections that may allow a user with physical access read or write access to system memory.2020-06-09not yet calculatedCVE-2020-8331
MISC
liferay -- portal_and_dxpIn Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity templates.2020-06-10not yet calculatedCVE-2020-13445
CONFIRM
liferay -- portal_and_dxp
 
Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 19, and 7.2 before fix pack 7, does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers.2020-06-10not yet calculatedCVE-2020-13444
CONFIRM
linux -- linux_kernelAn issue was discovered in the Linux kernel through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059.2020-06-09not yet calculatedCVE-2020-13974
MISC
MISC
linux -- linux_kernel
 
A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.2020-06-09not yet calculatedCVE-2020-10757
SUSE
REDHAT
MISC
MLIST
FEDORA
DEBIAN
DEBIAN
MISC
linux -- linux_kernel
 
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.2020-06-12not yet calculatedCVE-2020-10732
SUSE
CONFIRM
MISC
MISC
MISC
MISC
mcafee -- agent
 
DLL Search Order Hijacking vulnerability in McAfee Agent (MA) prior to 5.6.4 allows attackers with local access to execute arbitrary code via execution from a compromised folder.2020-06-10not yet calculatedCVE-2019-3613
CONFIRM
mcafee -- host_intrusion_prevention_system
 
DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder.2020-06-10not yet calculatedCVE-2020-7279
CONFIRM
mcafee -- total_protection_for_macos
 
Privilege escalation vulnerability in McAfee Total Protection (ToPS) for Mac OS prior to 4.6 allows local users to gain root privileges via incorrect protection of temporary files.2020-06-10not yet calculatedCVE-2019-3617
CONFIRM
mcafee -- virus_scan_enterprise
 
Privilege Escalation vulnerability during daily DAT updates when using McAfee Virus Scan Enterprise (VSE) prior to 8.8 Patch 15 allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links. This is timing dependent.2020-06-10not yet calculatedCVE-2020-7280
CONFIRM
mcafee -- virusscan_enterprise
 
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow local users to interact with the On-Access Scan Messages - Threat Alert Window with elevated privileges via running McAfee Tray with elevated privileges.2020-06-10not yet calculatedCVE-2019-3585
CONFIRM
mcafee -- virusscan_enterprise
 
Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 14 may allow unauthorized users to interact with the On-Access Scan Messages - Threat Alert Window when the Windows Login Screen is locked.2020-06-10not yet calculatedCVE-2019-3588
CONFIRM
meetecho -- janus-gateway
 
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory.2020-06-10not yet calculatedCVE-2020-13899
MISC
CONFIRM
MISC
meetecho -- janus-gateway
 
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference.2020-06-10not yet calculatedCVE-2020-13898
MISC
MISC
CONFIRM
MISC
meetecho -- janus-gateway
 
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference.2020-06-10not yet calculatedCVE-2020-13900
MISC
MISC
CONFIRM
MISC
meetecho -- janus-gateway
 
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_merge in sdp.c has a stack-based buffer overflow.2020-06-10not yet calculatedCVE-2020-13901
MISC
CONFIRM
MISC
micro_focus -- arcsight_logger
 
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure.2020-06-12not yet calculatedCVE-2020-11839
MISC
microsoft -- azure_devops_server_2019A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.2020-06-09not yet calculatedCVE-2020-1327
MISC
microsoft -- bing_search_for_androidA spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content, aka 'Microsoft Bing Search Spoofing Vulnerability'.2020-06-09not yet calculatedCVE-2020-1329
MISC

microsoft -- chakracore_and_internet_explorer_11_and_edge_(edgehtml-based)

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.2020-06-09not yet calculatedCVE-2020-1219
MISC
MISC
microsoft -- edge_(chromium-based)
 
A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'.2020-06-09not yet calculatedCVE-2020-1220
MISC
microsoft -- internet_explorer_9_and_11An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory, aka 'Internet Explorer Information Disclosure Vulnerability'.2020-06-09not yet calculatedCVE-2020-1315
MISC
microsoft -- internet_explorer_9_and_11
 
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230.2020-06-09not yet calculatedCVE-2020-1260
MISC
microsoft -- multiple_productsA remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1225.2020-06-09not yet calculatedCVE-2020-1226
MISC
MISC
microsoft -- multiple_productsAn information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'.2020-06-09not yet calculatedCVE-2020-1322
MISC
microsoft -- multiple_productsA remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'.2020-06-09not yet calculatedCVE-2020-1321
MISC
microsoft -- multiple_productsA security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.2020-06-09not yet calculatedCVE-2020-1229
MISC
microsoft -- multiple_productsA remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1226.2020-06-09not yet calculatedCVE-2020-1225
MISC
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1294.2020-06-09not yet calculatedCVE-2020-1287
MISC

microsoft -- multiple_windows_products

An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1261.2020-06-09not yet calculatedCVE-2020-1263
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306.2020-06-09not yet calculatedCVE-2020-1334
MISC
microsoft -- multiple_windows_productsA remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1236.2020-06-09not yet calculatedCVE-2020-1208
MISC
microsoft -- multiple_windows_productsAn information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.2020-06-09not yet calculatedCVE-2020-1348
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists in the way that the printconfig.dll handles objects in memory, aka 'Windows Print Configuration Elevation of Privilege Vulnerability'.2020-06-09not yet calculatedCVE-2020-1196
MISC
microsoft -- multiple_windows_productsA remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'.2020-06-09not yet calculatedCVE-2020-1301
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.2020-06-09not yet calculatedCVE-2020-1269
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when Group Policy improperly checks access, aka 'Group Policy Elevation of Privilege Vulnerability'.2020-06-09not yet calculatedCVE-2020-1317
MISC
microsoft -- multiple_windows_productsA remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files.To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user into installing a malicious cabinet file disguised as a printer driver.The update addresses the vulnerability by correcting how Windows handles cabinet files., aka 'Windows Remote Code Execution Vulnerability'.2020-06-09not yet calculatedCVE-2020-1300
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1272, CVE-2020-1277, CVE-2020-1312.2020-06-09not yet calculatedCVE-2020-1302
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'.2020-06-09not yet calculatedCVE-2020-1271
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server fails to properly handle messages sent from TSF clients, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'.2020-06-09not yet calculatedCVE-2020-1314
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.2020-06-09not yet calculatedCVE-2020-1291
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334.2020-06-09not yet calculatedCVE-2020-1282
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists in the way that the wlansvc.dll handles objects in memory, aka 'Windows WLAN Service Elevation of Privilege Vulnerability'.2020-06-09not yet calculatedCVE-2020-1270
MISC
microsoft -- multiple_windows_productsAn elevation of privilege vulnerability exists when Component Object Model (COM) client uses special case IIDs, aka 'Component Object Model Elevation of Privilege Vulnerability'.2020-06-09not yet calculatedCVE-2020-1311
MISC
microsoft -- multiple_windows_productsA remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.2020-06-09not yet calculatedCVE-2020-1299
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1203.2020-06-09not yet calculatedCVE-2020-1202
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.2020-06-09not yet calculatedCVE-2020-1262
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334.2020-06-09not yet calculatedCVE-2020-1231
MISC
microsoft -- multiple_windows_products
 
A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.2020-06-09not yet calculatedCVE-2020-1281
MISC
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1277, CVE-2020-1302, CVE-2020-1312.2020-06-09not yet calculatedCVE-2020-1272
MISC
microsoft -- multiple_windows_products
 
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1202.2020-06-09not yet calculatedCVE-2020-1203
MISC
microsoft -- nugetgalleryA spoofing vulnerability exists when the NuGetGallery does not properly sanitize input on package metadata values, aka 'NuGetGallery Spoofing Vulnerability'.2020-06-09not yet calculatedCVE-2020-1340
MISC
microsoft -- sharepoint_enterprise_server_2013_and_2016_and_sharepoint_server_2019
 
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.2020-06-09not yet calculatedCVE-2020-1295
MISC

microsoft -- sharepoint_enterprise_server_2016_and_sharepoint_foundation_2013_and_sharepoint_server_2019

An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, aka 'SharePoint Open Redirect Vulnerability'.2020-06-09not yet calculatedCVE-2020-1323
MISC

microsoft -- system_center_2016_operations_manager

A spoofing vulnerability exists when System Center Operations Manager (SCOM) does not properly sanitize a specially crafted web request to an affected SCOM instance, aka 'System Center Operations Manager Spoofing Vulnerability'.2020-06-09not yet calculatedCVE-2020-1331
MISC
microsoft -- visual_studio_code_live_share_extension
 
An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text, aka 'Visual Studio Code Live Share Information Disclosure Vulnerability'.2020-06-09not yet calculatedCVE-2020-1343
MISC
microsoft -- windows_10
 
An elevation of privilege vulnerability exists when the Windows Feedback Hub improperly handles objects in memory, aka 'Windows Feedback Hub Elevation of Privilege Vulnerability'.2020-06-09not yet calculatedCVE-2020-1199
MISC

microsoft -- windows_10_and_windows_server

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1316.2020-06-09not yet calculatedCVE-2020-1307
MISC

microsoft -- windows_10_and_windows_server

An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka 'Windows Update Orchestrator Service Elevation of Privilege Vulnerability'.2020-06-09not yet calculatedCVE-2020-1313
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2016_and_2019

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307.2020-06-09not yet calculatedCVE-2020-1316
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2016_and_2019

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1306, CVE-2020-1334.2020-06-09not yet calculatedCVE-2020-1304
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2016_and_2019

A security feature bypass vulnerability exists when Windows Host Guardian Service improperly handles hashes recorded and logged, aka 'Windows Host Guardian Service Security Feature Bypass Vulnerability'.2020-06-09not yet calculatedCVE-2020-1259
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2016_and_2019

An elevation of privilege vulnerability exists in the way that the Windows Bluetooth Service handles objects in memory, aka 'Windows Bluetooth Service Elevation of Privilege Vulnerability'.2020-06-09not yet calculatedCVE-2020-1280
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2016_and_2019

An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1287.2020-06-09not yet calculatedCVE-2020-1294
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2016_and_2019

An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly load spotlight images from a secure location, aka 'Windows Lockscreen Elevation of Privilege Vulnerability'.2020-06-09not yet calculatedCVE-2020-1279
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2016_and_2019

An elevation of privilege vulnerability exists when Windows Error Reporting improperly handles objects in memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.2020-06-09not yet calculatedCVE-2020-1234
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2016_and_2019

An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory, aka 'Windows Error Reporting Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1263.2020-06-09not yet calculatedCVE-2020-1261
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2016_and_2019

An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1222.2020-06-09not yet calculatedCVE-2020-1309
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2016_and_2019

 

An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'.2020-06-09not yet calculatedCVE-2020-1305
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1272, CVE-2020-1302, CVE-2020-1312.2020-06-09not yet calculatedCVE-2020-1277
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user, aka 'Windows Shell Remote Code Execution Vulnerability'.2020-06-09not yet calculatedCVE-2020-1286
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege vulnerability exists when the Microsoft Store Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Microsoft Store Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1309.2020-06-09not yet calculatedCVE-2020-1222
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.2020-06-09not yet calculatedCVE-2020-1290
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'.2020-06-09not yet calculatedCVE-2020-1204
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

A vulnerability exists in the way the Windows Diagnostics &amp; feedback settings app handles objects in memory, aka 'Windows Diagnostics & feedback Information Disclosure Vulnerability'.2020-06-09not yet calculatedCVE-2020-1296
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege (user to user) vulnerability exists in Windows Security Health Service when handling certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1162.2020-06-09not yet calculatedCVE-2020-1324
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334.2020-06-09not yet calculatedCVE-2020-1233
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1334.2020-06-09not yet calculatedCVE-2020-1306
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege vulnerability exists in the way the Windows Now Playing Session Manager handles objects in memory, aka 'Windows Now Playing Session Manager Elevation of Privilege Vulnerability'.2020-06-09not yet calculatedCVE-2020-1201
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1272, CVE-2020-1277, CVE-2020-1302.2020-06-09not yet calculatedCVE-2020-1312
MISC

microsoft -- windows_10_and_windows_server_and_windows_server_2019

An elevation of privilege vulnerability exists in OpenSSH for Windows when it does not properly restrict access to configuration settings, aka 'OpenSSH for Windows Elevation of Privilege Vulnerability'.2020-06-09not yet calculatedCVE-2020-1292
MISC

microsoft -- word_for_android

A remote code execution vulnerability exists when Microsoft Word for Android fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file.The update addresses the vulnerability by correcting how Microsoft Word for Android handles specially crafted URL files., aka 'Word for Android Remote Code Execution Vulnerability'.2020-06-09not yet calculatedCVE-2020-1223
MISC
mids_reborn_hero_designer -- mids_reborn_hero_designerMids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace executable files with malicious versions, which the operating system then executes under the context of the user running Hero Designer.2020-06-11not yet calculatedCVE-2020-11614
MISC
MISC
mids_reborn_hero_designer -- mids_reborn_hero_designer
 
Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application.2020-06-11not yet calculatedCVE-2020-11613
MISC
MISC
mitel -- micollab_awv
 
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.2020-06-10not yet calculatedCVE-2020-11798
CONFIRM
CONFIRM
mitsubishi -- melsec-iq-r_series_devicesMitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production.2020-06-10not yet calculatedCVE-2020-13238
MISC
CONFIRM
MISC
morgan_stanley -- hobbes
 
In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds (OOB) read/write vulnerability that leads to both local and remote code (via RPC) execution.2020-06-12not yet calculatedCVE-2020-13656
MISC
mosc -- mosc
 
mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to `properties` argument is executed by the `eval` function, resulting in code execution.2020-06-10not yet calculatedCVE-2020-7672
MISC
networkmanager -- networkmanager
 
It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.2020-06-08not yet calculatedCVE-2020-10754
CONFIRM
FEDORA
node-extend -- node-extend
 
node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument `A` of `extend` function`(A,B,as,isAargs)` located within `lib/extend.js` is executed by the `eval` function, resulting in code execution.2020-06-10not yet calculatedCVE-2020-7673
MISC
ohler -- agoo
 
agoo through 2.12.3 allows request smuggling attacks where agoo is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks.2020-06-10not yet calculatedCVE-2020-7670
MISC
MISC
open_connectivity_framework -- universal_plug_and_play_protocolThe Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.2020-06-08not yet calculatedCVE-2020-12695
MISC
MLIST
MISC
MISC
MISC
MISC
openstack -- cinder
 
An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the ``connection_info`` element in all Block Storage v3 Attachments API calls containing that element. This flaw enables an end-user to create a volume, make an API call to show the attachment detail information, and retrieve a username and password that may be used to connect to another user's volume. Additionally, these credentials are valid for the ScaleIO or VxFlex OS Management API, should an attacker discover the Management API endpoint. Source: OpenStack project2020-06-10not yet calculatedCVE-2020-10755
CONFIRM
MISC
p5-crypt-perl -- p5-crypt-perl
 
Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail.2020-06-07not yet calculatedCVE-2020-13895
MISC
MISC
palo_alto_networks -- globalprotect_appA race condition vulnerability Palo Alto Networks GlobalProtect app on Windows allows a local limited Windows user to execute programs with SYSTEM privileges. This issue can be exploited only while performing a GlobalProtect app upgrade. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 on Windows; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 on Windows.2020-06-10not yet calculatedCVE-2020-2032
MISC
palo_alto_networks -- globalprotect_app
 
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. This allows the attacker to access the GlobalProtect Server as allowed by configured Security rules for the 'pre-login' user. This access may be limited compared to the network access of regular users. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 when the prelogon feature is enabled; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 when the prelogon feature is enabled.2020-06-10not yet calculatedCVE-2020-2033
MISC
palo_alto_networks -- pan-osAn OS Command Injection vulnerability in PAN-OS management server allows authenticated administrators to execute arbitrary OS commands with root privileges when uploading a new certificate in FIPS-CC mode. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13; PAN-OS 9.0 versions earlier than PAN-OS 9.0.7.2020-06-10not yet calculatedCVE-2020-2028
MISC
palo_alto_networks -- pan-os
 
A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This issue affects: All versions of PAN-OS 7.1 and PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13; PAN-OS 9.0 versions earlier than PAN-OS 9.0.7.2020-06-10not yet calculatedCVE-2020-2027
MISC
palo_alto_networks -- pan-os
 
An OS Command Injection vulnerability in the PAN-OS web management interface allows authenticated administrators to execute arbitrary OS commands with root privileges by sending a malicious request to generate new certificates for use in the PAN-OS configuration. This issue affects: All versions of PAN-OS 8.0; PAN-OS 7.1 versions earlier than PAN-OS 7.1.26; PAN-OS 8.1 versions earlier than PAN-OS 8.1.13.2020-06-10not yet calculatedCVE-2020-2029
MISC
philips -- intellibridge_enterprise
 
Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). Unencrypted user credentials received in the IntelliBridge Enterprise (IBE) are logged within the transaction logs, which are secured behind the login based administrative web portal. The unencrypted user credentials sent from the affected products listed above, for the purpose of handshake or authentication with the Enterprise Systems, are logged as the payload in IntelliBridge Enterprise (IBE) within the transaction logs. An attacker with administrative privileges could exploit this vulnerability to read plain text credentials from log files.2020-06-11not yet calculatedCVE-2020-12023
MISC
phpmussel -- phpmussel
 
phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Uploading a specially crafted file to an affected version allows arbitrary code execution (discovered, tested, and confirmed by myself), so the risk factor should be regarded as very high. Newer phpMussel versions don't use PHP's phar wrapper, and are therefore unaffected. This has been fixed in version 1.6.0.2020-06-10not yet calculatedCVE-2020-4043
MISC
MISC
MISC
CONFIRM
MISC
postrank_labs -- goliath
 
goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a frontend proxy also being vulnerable. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks.2020-06-10not yet calculatedCVE-2020-7671
MISC
MISC
pydio -- cells_enterprise_ovfThe following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF (such as version 2.0.3) have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the appliance, the user pydio is responsible for running all the services and binaries that are contained in the Pydio Cells web application package, such as mysqld, cells, among others. This user has privileges restricted to run those services and nothing more.2020-06-11not yet calculatedCVE-2020-12850
MISC
MISC
MISC
qemu -- qemu
 
An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions before QEMU 5.0.1. This flaw occurs when an nbd-client sends a spec-compliant request that is near the boundary of maximum permitted request length. A remote nbd-client could use this flaw to crash the qemu-nbd server resulting in a denial of service.2020-06-09not yet calculatedCVE-2020-10761
CONFIRM
MISC
red_hat -- openshift_api_server
 
A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token.2020-06-12not yet calculatedCVE-2020-10752
CONFIRM
CONFIRM
red_hat -- undertowA flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.2020-06-10not yet calculatedCVE-2020-10705
MISC
redash -- redash
 
Havoc Research discovered an authenticated Server-Side Request Forgery (SSRF) via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding headers, selecting any HTTP verb, etc.2020-06-11not yet calculatedCVE-2020-12725
MISC
MISC
MISC

sap -- business_objects_business_intelligence_platform

Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.2020-06-10not yet calculatedCVE-2020-6269
MISC
MISC
sap -- business_one
 
Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure.2020-06-10not yet calculatedCVE-2020-6239
MISC
MISC
sap -- commerce
 
SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data Hub), versions - 6.7, 1808, 1811, 1905, allows an attacker to bypass the authentication and/or authorization that has been configured by the system administrator due to the use of Hardcoded Credentials.2020-06-09not yet calculatedCVE-2020-6265
MISC
MISC
sap -- commerce
 
SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker to access information under certain conditions which would otherwise be restricted, leading to Information Disclosure.2020-06-10not yet calculatedCVE-2020-6264
MISC
MISC
sap -- erp
 
Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check.2020-06-10not yet calculatedCVE-2020-6268
MISC
MISC
sap -- fiori_for_sap_s4/hana
 
SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection.2020-06-10not yet calculatedCVE-2020-6266
MISC
MISC
sap -- netweaver_as_abap
 
SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices.2020-06-10not yet calculatedCVE-2020-6270
MISC
MISC
sap -- netweaver_as_abap
 
SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database.2020-06-10not yet calculatedCVE-2020-6275
MISC
MISC
sap -- netweaver_as_abap
 
SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.2020-06-10not yet calculatedCVE-2020-6246
MISC
MISC
sap -- netweaver_as_javaStandalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.2020-06-10not yet calculatedCVE-2020-6263
MISC
MISC
sap -- solution_manager
 
SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data (files visible for technical administration users of the diagnostics agent).2020-06-10not yet calculatedCVE-2020-6271
MISC
MISC
sap -- solution_manager
 
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist.2020-06-10not yet calculatedCVE-2020-6260
MISC
MISC
sap -- successfactors_recruitingOData APIs and JobApplicationInterview and JobApplication export permissions in SAP SuccessFactors Recruiting, version 2005, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.2020-06-10not yet calculatedCVE-2020-6279
MISC
MISC
secure_scaleable_scuttlebutt -- ssb-dbSSB-DB version 20.0.0 has an information disclosure vulnerability. The get() method is supposed to only decrypt messages when you explicitly ask it to, but there is a bug where it's decrypting any message that it can. This means that it is returning the decrypted content of private messages, which a malicious peer could use to get access to private data. This only affects peers running SSB-DB@20.0.0 who also have private messages, and is only known to be exploitable if you're also running SSB-OOO (default in SSB-Server), which exposes a thin wrapper around get() to anonymous peers. This is fixed in version 20.0.1. Note that users of SSB-Server verion 16.0.0 should upgrade to 16.0.1 to get the fixed version of SSB-DB.2020-06-11not yet calculatedCVE-2020-4045
MISC
CONFIRM
siemens -- logo!
 
A vulnerability has been identified in LOGO!8 BM (incl. SIPLUS variants) (All versions). The vulnerability could lead to an attacker reading and modifying the device configuration and obtain project files from affected devices. The security vulnerability could be exploited by an unauthenticated attacker with network access to port 135/tcp. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.2020-06-10not yet calculatedCVE-2020-7589
MISC
MISC
siemens -- multiple_devices
 
A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC PDM (All versions), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.2020-06-10not yet calculatedCVE-2020-7585
MISC
MISC
siemens -- multiple_devices
 
A vulnerability has been identified in SIMATIC Automation Tool (All versions), SIMATIC NET PC software (All versions V16 < V16 Upd3), SIMATIC PCS 7 (All versions), SIMATIC PCS neo (All versions), SIMATIC ProSave (All versions), SIMATIC S7-1500 Software Controller (All versions), SIMATIC STEP 7 (All versions < V5.6 SP2 HF3), SIMATIC STEP 7 (TIA Portal) V13 (All versions), SIMATIC STEP 7 (TIA Portal) V14 (All versions), SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions), SIMATIC WinCC OA V3.16 (All versions < P018), SIMATIC WinCC OA V3.17 (All versions < P003), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions), SIMATIC WinCC Runtime Professional V15 (All versions), SIMATIC WinCC Runtime Professional V16 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER commissioning tool (All versions), SINAMICS Startdrive (All versions), SINEC NMS (All versions), SINEMA Server (All versions), SINUMERIK ONE virtual (All versions), SINUMERIK Operate (All versions). A component within the affected application regularly calls a helper binary with SYSTEM privileges while the call path is not quoted.2020-06-10not yet calculatedCVE-2020-7580
MISC
MISC
siemens -- multiple_devices
 
A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC PDM (All versions), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF1). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.2020-06-10not yet calculatedCVE-2020-7586
MISC
MISC
sony -- multiple_wireless_headphones
 
Multiple SONY Wireless Headphones have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing.2020-06-09not yet calculatedCVE-2020-5589
MISC
MISC
sos -- jobscheduler
 
A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile.2020-06-11not yet calculatedCVE-2020-12712
CONFIRM
MISC
MISC
suse -- xawtv
 
An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command.2020-06-08not yet calculatedCVE-2020-13696
SUSE
SUSE
CONFIRM
MISC
MISC
MISC
MISC
MLIST
synaptics -- smart_audio_uwp_app
 
An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.2020-06-09not yet calculatedCVE-2020-8337
MISC
MISC
the_linux_foundation -- indy_node
 
In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3.2020-06-11not yet calculatedCVE-2020-11090
MISC
CONFIRM
MISC
tuple -- access-policy
 
access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the `template` function is executed by the `eval` function resulting in code execution.2020-06-10not yet calculatedCVE-2020-7674
MISC
viki_solutions -- vera
 
The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated user to change the logo on the website. An attacker could use this to upload a malicious .aspx file and gain Remote Code Execution on the site.2020-06-12not yet calculatedCVE-2019-15123
MISC
MISC
vmware -- spring_batch
 
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means that through the previous exploit, arbitrary code could be executed if all of the following is true: * Spring Batch's Jackson support is being leveraged to serialize a job's ExecutionContext. * A malicious user gains write access to the data store used by the JobRepository (where the data to be deserialized is stored). In order to protect against this type of attack, Jackson prevents a set of untrusted gadget classes from being deserialized. Spring Batch should be proactive against blocking unknown "deserialization gadgets" when enabling default typing.2020-06-11not yet calculatedCVE-2020-5411
CONFIRM
wago -- pfc200_devices
 
An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.2020-06-11not yet calculatedCVE-2020-6090
MISC
wordpress -- wordpressIn affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).2020-06-12not yet calculatedCVE-2020-4047
MISC
CONFIRM
MISC
wordpress -- wordpress
 
In affected versions of WordPress, misuse of the `set-screen-option` filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).2020-06-12not yet calculatedCVE-2020-4050
MISC
CONFIRM
MISC
wordpress -- wordpress
 
In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).2020-06-12not yet calculatedCVE-2020-4049
MISC
CONFIRM
MISC
wordpress -- wordpress
 
In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).2020-06-12not yet calculatedCVE-2020-4048
MISC
CONFIRM
MISC
wordpress -- wordpress
 
In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).2020-06-12not yet calculatedCVE-2020-4046
CONFIRM
MISC
zenphoto -- zenphoto
 
Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file.2020-06-11not yet calculatedCVE-2020-5593
MISC
MISC
zenphoto -- zenphoto
 
Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 allows remote attackers to inject an arbitrary JavaScript via unspecified vectors.2020-06-11not yet calculatedCVE-2020-5592
MISC
MISC
zoho -- manageengine_servicedesk_plusZoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.2020-06-12not yet calculatedCVE-2020-14048
MISC
MISC

Back to to

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.