Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-08 | CVE-2020-4041 | Cross-site Scripting vulnerability in Boltcms Bolt In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. | 6.1 |
| 2020-06-08 | CVE-2020-4040 | Cross-Site Request Forgery (CSRF) vulnerability in Boltcms Bolt Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. | 4.3 |
| 2020-06-08 | CVE-2020-4038 | Cross-site Scripting vulnerability in Prisma products GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. | 4.3 |
| 2020-06-08 | CVE-2020-13960 | Unspecified vulnerability in Dlink Dir-600M Firmware and Dsl-2730U Firmware D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name. | 5.0 |
| 2020-06-08 | CVE-2020-13885 | Incorrect Default Permissions vulnerability in Citrix Workspace APP 1909/1911/2002 Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application. | 7.2 |
| 2020-06-08 | CVE-2020-13884 | Incorrect Default Permissions vulnerability in Citrix Workspace APP 1909/1911/2002 Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application. | 7.2 |
| 2020-06-08 | CVE-2020-13428 | Out-of-bounds Write vulnerability in multiple products A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. | 7.8 |
| 2020-06-08 | CVE-2019-19412 | Unspecified vulnerability in Huawei products Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. | 2.1 |
| 2020-06-08 | CVE-2020-13432 | Classic Buffer Overflow vulnerability in Rejetto Http File Server 2.3M rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers. | 5.0 |
| 2020-06-08 | CVE-2020-10754 | Missing Authentication for Critical Function vulnerability in multiple products It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. | 4.3 |