Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-15 | CVE-2020-14080 | Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware 2.06B04 TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. | 7.5 |
| 2020-06-15 | CVE-2020-14067 | Unrestricted Upload of File with Dangerous Type vulnerability in Naviwebs Navigatecms 2.9 The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php. | 7.5 |
| 2020-06-14 | CVE-2020-14060 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). | 8.1 |
| 2020-06-14 | CVE-2020-14062 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). | 8.1 |
| 2020-06-14 | CVE-2020-14061 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). | 8.1 |
| 2020-06-12 | CVE-2020-13656 | Out-of-bounds Read vulnerability in Morganstanley Hobbes 20200521 In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds (OOB) read/write vulnerability that leads to both local and remote code (via RPC) execution. | 7.5 |
| 2020-06-12 | CVE-2020-14004 | Link Following vulnerability in multiple products An issue was discovered in Icinga2 before v2.12.0-rc1. | 7.8 |
| 2020-06-11 | CVE-2020-0233 | Use After Free vulnerability in Google Android 10.0 In main of main.cpp, there is possible memory corruption due to a use after free. | 7.2 |
| 2020-06-11 | CVE-2020-0217 | Out-of-bounds Write vulnerability in Google Android 10.0 In RW_T4tPresenceCheck of rw_t4t.cc, there is a possible out of bounds write due to a missing bounds check. | 7.5 |
| 2020-06-11 | CVE-2020-0215 | Incorrect Default Permissions vulnerability in Google Android In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. | 7.8 |