Weekly Vulnerabilities Reports > June 15 to 21, 2020
Overview
474 new vulnerabilities reported during this period, including 58 critical vulnerabilities and 197 high severity vulnerabilities. This weekly summary report vulnerabilities in 1066 products from 111 vendors including Mattermost, Cisco, Debian, Intel, and Opensuse. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Improper Input Validation", "Incorrect Permission Assignment for Critical Resource", and "Out-of-bounds Read".
- 400 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 124 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 307 reported vulnerabilities are exploitable by an anonymous user.
- Mattermost has the most reported vulnerabilities, with 158 reported vulnerabilities.
- Mattermost has the most reported critical vulnerabilities, with 15 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
58 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-06-17 | CVE-2020-11897 | Treck | Out-of-bounds Write vulnerability in Treck Tcp/Ip 4.7.1.27 The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets. | 10.0 |
2020-06-17 | CVE-2020-11896 | Treck | Out-of-bounds Write vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling. | 10.0 |
2020-06-21 | CVE-2020-14942 | Tendenci | Deserialization of Untrusted Data vulnerability in Tendenci 12.0.10 Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py. | 9.8 |
2020-06-20 | CVE-2020-14932 | Squirrelmail | Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22 compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. | 9.8 |
2020-06-19 | CVE-2020-14931 | Dmitry Project | Out-of-bounds Write vulnerability in Dmitry Project Dmitry 1.3A A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_format_buff. | 9.8 |
2020-06-19 | CVE-2017-18920 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.6.2. | 9.8 |
2020-06-19 | CVE-2017-18915 | Mattermost | Incorrect Default Permissions vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 9.8 |
2020-06-19 | CVE-2017-18908 | Mattermost | Improper Authentication vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. | 9.8 |
2020-06-19 | CVE-2016-11074 | Mattermost | Improper Authentication vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.0. | 9.8 |
2020-06-19 | CVE-2016-11064 | Mattermost | Code Injection vulnerability in Mattermost Desktop An issue was discovered in Mattermost Desktop App before 3.4.0. | 9.8 |
2020-06-19 | CVE-2017-18912 | Mattermost | Path Traversal vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 9.8 |
2020-06-19 | CVE-2017-18900 | Mattermost | Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. | 9.8 |
2020-06-19 | CVE-2017-18888 | Mattermost | SQL Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 9.8 |
2020-06-19 | CVE-2017-18885 | Mattermost | Improper Privilege Management vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 9.8 |
2020-06-19 | CVE-2020-8165 | Rubyonrails Debian Opensuse | Deserialization of Untrusted Data vulnerability in multiple products A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. | 9.8 |
2020-06-19 | CVE-2018-21251 | Mattermost | Missing Authorization vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.2 and 5.1.1. | 9.8 |
2020-06-19 | CVE-2019-20856 | Mattermost | Uncontrolled Search Path Element vulnerability in Mattermost Desktop 3.4.0/4.0.0/4.2.2 An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. | 9.8 |
2020-06-19 | CVE-2019-20853 | Mattermost | Exposure of Resource to Wrong Sphere vulnerability in Mattermost Packages An issue was discovered in Mattermost Packages before 5.16.3. | 9.8 |
2020-06-19 | CVE-2020-7679 | Casperjs | Unspecified vulnerability in Casperjs In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution. | 9.8 |
2020-06-18 | CVE-2020-11503 | Sophos | Out-of-bounds Write vulnerability in Sophos Sfos A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely. | 9.8 |
2020-06-18 | CVE-2020-13640 | Gvectors | SQL Injection vulnerability in Gvectors Wpdiscuz A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. | 9.8 |
2020-06-18 | CVE-2017-9104 | GNU Opensuse Fedoraproject | Resource Exhaustion vulnerability in multiple products An issue was discovered in adns before 1.5.2. | 9.8 |
2020-06-18 | CVE-2017-9103 | GNU Opensuse Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in adns before 1.5.2. | 9.8 |
2020-06-18 | CVE-2017-9109 | GNU Opensuse Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in adns before 1.5.2. | 9.8 |
2020-06-18 | CVE-2020-3361 | Cisco | Improper Authentication vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. | 9.8 |
2020-06-16 | CVE-2020-7512 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component. | 9.8 |
2020-06-16 | CVE-2020-7508 | Schneider Electric | Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force. | 9.8 |
2020-06-16 | CVE-2020-7500 | Schneider Electric | SQL Injection vulnerability in Schneider-Electric products A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered. | 9.8 |
2020-06-16 | CVE-2020-7498 | Schneider Electric | Use of Hard-coded Credentials vulnerability in Schneider-Electric OS Loader and Unity Loader A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions). | 9.8 |
2020-06-16 | CVE-2020-7497 | Schneider Electric | Path Traversal vulnerability in Schneider-Electric Ecostruxure Operator Terminal Expert 3.0/3.1 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application execution when the computer starts. | 9.8 |
2020-06-16 | CVE-2020-9296 | Netflix | Expression Language Injection vulnerability in Netflix Conductor Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. | 9.8 |
2020-06-16 | CVE-2020-0235 | Out-of-bounds Write vulnerability in Google Android In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size" variable, and then use that variable as the size parameter for "copy_from_user", ending up overwriting memory following "crus_sp_hdr". | 9.8 | |
2020-06-16 | CVE-2020-0232 | Use After Free vulnerability in Google Android Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds it to the session object then continues to work with it. | 9.8 | |
2020-06-16 | CVE-2020-0223 | Out-of-bounds Write vulnerability in Google Android This is an unbounded write into kernel global memory, via a user-controlled buffer size.Product: AndroidVersions: Android kernelAndroid ID: A-135130450 | 9.8 | |
2020-06-15 | CVE-2020-12019 | Advantech | Out-of-bounds Write vulnerability in Advantech Webaccess WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | 9.8 |
2020-06-15 | CVE-2020-12001 | Rockwellautomation | Improper Input Validation vulnerability in Rockwellautomation Factorytalk Linx and Rslinx Classic FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. | 9.8 |
2020-06-15 | CVE-2020-11969 | Apache | Missing Authentication for Critical Function vulnerability in Apache Tomee If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. | 9.8 |
2020-06-15 | CVE-2020-14034 | Meetecho | Classic Buffer Overflow vulnerability in Meetecho Janus An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. | 9.8 |
2020-06-15 | CVE-2020-14033 | Meetecho | Classic Buffer Overflow vulnerability in Meetecho Janus An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. | 9.8 |
2020-06-15 | CVE-2018-21246 | Caddyserver | Improper Authentication vulnerability in Caddyserver Caddy Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode. | 9.8 |
2020-06-15 | CVE-2020-14054 | Sokkia | SQL Injection vulnerability in Sokkia Gnr5 Vanguard Firmware 1.2 SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3) and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that uses the User Name or Password field on the login page. | 9.8 |
2020-06-15 | CVE-2020-14011 | Lansweeper | Insecure Default Initialization of Resource vulnerability in Lansweeper Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. | 9.8 |
2020-06-15 | CVE-2020-4469 | IBM | OS Command Injection vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. | 9.8 |
2020-06-15 | CVE-2020-4216 | IBM | Use of Hard-coded Credentials vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
2020-06-15 | CVE-2020-0595 | Intel | Use After Free vulnerability in Intel products Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 |
2020-06-15 | CVE-2020-0594 | Intel | Out-of-bounds Read vulnerability in Intel products Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 |
2020-06-15 | CVE-2020-14080 | Trendnet | Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. | 9.8 |
2020-06-15 | CVE-2020-14067 | Naviwebs | Unrestricted Upload of File with Dangerous Type vulnerability in Naviwebs Navigatecms 2.9 The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php. | 9.8 |
2020-06-19 | CVE-2017-18911 | Mattermost | Improper Certificate Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 9.1 |
2020-06-19 | CVE-2017-18883 | Mattermost | Insufficient Entropy vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. | 9.1 |
2020-06-19 | CVE-2019-20851 | Mattermost | Path Traversal vulnerability in Mattermost An issue was discovered in Mattermost Mobile Apps before 1.26.0. | 9.1 |
2020-06-18 | CVE-2020-12886 | ARM | Out-of-bounds Read vulnerability in ARM Mbed OS 5.15.3 A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. | 9.1 |
2020-06-18 | CVE-2020-12884 | ARM | Out-of-bounds Read vulnerability in ARM Mbed OS 5.15.3 A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. | 9.1 |
2020-06-18 | CVE-2020-12883 | ARM | Out-of-bounds Read vulnerability in ARM Mbed OS 5.15.3 Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. | 9.1 |
2020-06-17 | CVE-2020-11898 | Treck | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak. | 9.1 |
2020-06-15 | CVE-2020-5754 | Webroot | Type Confusion vulnerability in Webroot Endpoint Agents Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulnerability over its listening TCP port, resulting in crashing or reading memory contents of the Webroot endpoint agent. | 9.1 |
2020-06-15 | CVE-2018-21245 | Apsis | HTTP Request Smuggling vulnerability in Apsis Pound Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711. | 9.1 |
2020-06-17 | CVE-2020-11901 | Treck | Incorrect Calculation of Buffer Size vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response. | 9.0 |
197 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-06-21 | CVE-2020-14950 | Aapanel | OS Command Injection vulnerability in Aapanel aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store. | 8.8 |
2020-06-20 | CVE-2020-14933 | Squirrelmail | Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22 compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. | 8.8 |
2020-06-19 | CVE-2020-13263 | Gitlab | Incorrect Authorization vulnerability in Gitlab An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. | 8.8 |
2020-06-19 | CVE-2020-13272 | Gitlab | Insufficient Verification of Data Authenticity vulnerability in Gitlab OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow | 8.8 |
2020-06-19 | CVE-2019-20891 | Woocommerce | Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. | 8.8 |
2020-06-19 | CVE-2017-18903 | Mattermost | Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. | 8.8 |
2020-06-19 | CVE-2017-18886 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 8.8 |
2020-06-19 | CVE-2018-21264 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. | 8.8 |
2020-06-19 | CVE-2018-21263 | Mattermost | Improper Authentication vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. | 8.8 |
2020-06-19 | CVE-2019-20865 | Mattermost | Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. | 8.8 |
2020-06-19 | CVE-2019-20861 | Mattermost | Unspecified vulnerability in Mattermost Desktop 3.4.0/4.0.0 An issue was discovered in Mattermost Desktop App before 4.2.2. | 8.8 |
2020-06-19 | CVE-2019-20841 | Mattermost | Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. | 8.8 |
2020-06-18 | CVE-2020-14443 | Dolibarr | SQL Injection vulnerability in Dolibarr A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | 8.8 |
2020-06-18 | CVE-2020-14442 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
2020-06-18 | CVE-2020-14441 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
2020-06-18 | CVE-2020-14440 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
2020-06-18 | CVE-2020-14439 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
2020-06-18 | CVE-2020-14438 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
2020-06-18 | CVE-2020-14437 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
2020-06-18 | CVE-2020-14436 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
2020-06-18 | CVE-2020-14435 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
2020-06-18 | CVE-2020-14432 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF. | 8.8 |
2020-06-18 | CVE-2020-14431 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of administrative credentials. | 8.8 |
2020-06-18 | CVE-2020-14430 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of administrative credentials. | 8.8 |
2020-06-18 | CVE-2020-14429 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of administrative credentials. | 8.8 |
2020-06-18 | CVE-2020-14428 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of administrative credentials. | 8.8 |
2020-06-18 | CVE-2020-14427 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of administrative credentials. | 8.8 |
2020-06-18 | CVE-2020-14426 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of administrative credentials. | 8.8 |
2020-06-18 | CVE-2017-9105 | GNU Fedoraproject | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in adns before 1.5.2. | 8.8 |
2020-06-18 | CVE-2020-3342 | Cisco | Improper Certificate Validation vulnerability in Cisco Webex Meetings A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. | 8.8 |
2020-06-17 | CVE-2020-13224 | TP Link | Classic Buffer Overflow vulnerability in Tp-Link products TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow | 8.8 |
2020-06-16 | CVE-2020-14212 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 4.3 FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted. | 8.8 |
2020-06-16 | CVE-2020-7503 | Schneider Electric | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted. | 8.8 |
2020-06-16 | CVE-2020-7501 | Schneider Electric | Use of Hard-coded Credentials vulnerability in Schneider-Electric Vijeo Designer A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer. | 8.8 |
2020-06-15 | CVE-2020-5742 | Plex | Unspecified vulnerability in Plex Media Server Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests. | 8.8 |
2020-06-15 | CVE-2020-14159 | Connectwise | SQL Injection vulnerability in Connectwise Automate API By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL injection vulnerability in /LabTech/agent.aspx. | 8.8 |
2020-06-15 | CVE-2020-14156 | Openbmc Project | Incorrect Default Permissions vulnerability in Openbmc-Project Openbmc user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions. | 8.8 |
2020-06-15 | CVE-2019-19109 | Gvectors | Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpforo 1.6.5 The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF. | 8.8 |
2020-06-15 | CVE-2020-14076 | Trendnet | Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. | 8.8 |
2020-06-15 | CVE-2020-14081 | Trendnet | OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device. | 8.8 |
2020-06-15 | CVE-2020-14079 | Trendnet | Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. | 8.8 |
2020-06-15 | CVE-2020-14078 | Trendnet | Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. | 8.8 |
2020-06-15 | CVE-2020-14077 | Trendnet | Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. | 8.8 |
2020-06-15 | CVE-2020-14075 | Trendnet | OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device. | 8.8 |
2020-06-15 | CVE-2020-14074 | Trendnet | Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. | 8.8 |
2020-06-17 | CVE-2020-11900 | Treck | Double Free vulnerability in Treck Tcp/Ip 4.7.1.27/5.0.1.35/6.0.1.28 The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free. | 8.2 |
2020-06-19 | CVE-2020-13275 | Gitlab | Unspecified vulnerability in Gitlab A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 | 8.1 |
2020-06-19 | CVE-2020-14930 | BT Ctroms Terminal Project | Insufficiently Protected Credentials vulnerability in BT Ctroms Terminal Project BT Ctroms Terminal An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. | 8.1 |
2020-06-19 | CVE-2017-18906 | Mattermost | Improper Authentication vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. | 8.1 |
2020-06-19 | CVE-2017-18894 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. | 8.1 |
2020-06-19 | CVE-2017-18884 | Mattermost | Improper Privilege Management vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 8.1 |
2020-06-19 | CVE-2020-5590 | EC Cube | Path Traversal vulnerability in Ec-Cube Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. | 8.1 |
2020-06-17 | CVE-2020-14157 | Abus | Cleartext Transmission of Sensitive Information vulnerability in Abus Secvest Wireless Control Fube50001 Firmware The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). | 8.1 |
2020-06-17 | CVE-2020-6869 | ZTE | Unspecified vulnerability in ZTE Ztemarket APK 10.06 All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. | 8.1 |
2020-06-16 | CVE-2020-14195 | Fasterxml Netapp Debian Oracle | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). | 8.1 |
2020-06-15 | CVE-2020-11999 | Rockwellautomation | Improper Input Validation vulnerability in Rockwellautomation Factorytalk Linx and Rslinx Classic FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. | 8.1 |
2020-06-15 | CVE-2020-4470 | IBM | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. | 8.0 |
2020-06-19 | CVE-2020-14019 | Rtslib FB Project | Incorrect Default Permissions vulnerability in Rtslib-Fb Project Rtslib-Fb Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. | 7.8 |
2020-06-18 | CVE-2020-9225 | Huawei | Improper Privilege Management vulnerability in Huawei Fusionsphere Openstack 6.5.1 FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. | 7.8 |
2020-06-17 | CVE-2020-9332 | Fabulatech | Unspecified vulnerability in Fabulatech USB for Remote Desktop 20200219/6.1.0.0 ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 allows privilege escalation via crafted IoCtl code related to a USB HID device. | 7.8 |
2020-06-16 | CVE-2020-7496 | SE | Argument Injection or Modification vulnerability in SE Ecostruxure Operator Terminal Expert 3.1 A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause unauthorized write access when opening the project file. | 7.8 |
2020-06-16 | CVE-2020-7494 | Schneider Electric | Path Traversal vulnerability in Schneider-Electric Ecostruxure Operator Terminal Expert 3.0/3.1 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file. | 7.8 |
2020-06-16 | CVE-2020-7493 | Schneider Electric | SQL Injection vulnerability in Schneider-Electric Ecostruxure Operator Terminal Expert 3.0/3.1 A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file. | 7.8 |
2020-06-16 | CVE-2020-0234 | Out-of-bounds Write vulnerability in Google Android In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2020-06-16 | CVE-2019-18614 | Cypress | Out-of-bounds Write vulnerability in Cypress Cyw20735 Firmware On the Cypress CYW20735 evaluation board, any data that exceeds 384 bytes is copied and causes an overflow. | 7.8 |
2020-06-16 | CVE-2020-13431 | Geti2P | Incorrect Permission Assignment for Critical Resource vulnerability in Geti2P I2P I2P before 0.9.46 allows local users to gain privileges via a Trojan horse I2PSvc.exe file because of weak permissions on a certain %PROGRAMFILES% subdirectory. | 7.8 |
2020-06-15 | CVE-2020-5358 | Dell | Incorrect Permission Assignment for Critical Resource vulnerability in Dell Encryption and Endpoint Security Suite Enterprise Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. | 7.8 |
2020-06-15 | CVE-2020-5755 | Webroot | Incorrect Permission Assignment for Critical Resource vulnerability in Webroot Endpoint Agents Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming. | 7.8 |
2020-06-15 | CVE-2020-13651 | Digdash | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Digdash 2018R2/2019R1/2019R2 An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. | 7.8 |
2020-06-15 | CVE-2020-3961 | Vmware | Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Horizon Client VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. | 7.8 |
2020-06-15 | CVE-2020-13150 | Dlink | Missing Authentication for Critical Function vulnerability in Dlink Dsl-2750U Firmware Me1.03 D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active. | 7.8 |
2020-06-15 | CVE-2020-0586 | Intel | Improper Initialization vulnerability in Intel Server Platform Services Improper initialization in subsystem for Intel(R) SPS versions before SPS_E3_04.01.04.109.0 and SPS_E3_04.08.04.070.0 may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. | 7.8 |
2020-06-15 | CVE-2020-0542 | Intel | Unspecified vulnerability in Intel Converged Security Management Engine Firmware Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. | 7.8 |
2020-06-15 | CVE-2020-0529 | Intel | Improper Initialization vulnerability in Intel products Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2020-06-15 | CVE-2020-0528 | Intel | Unspecified vulnerability in Intel products Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. | 7.8 |
2020-06-15 | CVE-2020-14147 | Redislabs Oracle Suse Debian | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. | 7.7 |
2020-06-19 | CVE-2020-13274 | Gitlab | Unspecified vulnerability in Gitlab A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1 | 7.5 |
2020-06-19 | CVE-2020-13273 | Gitlab | Unspecified vulnerability in Gitlab A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 | 7.5 |
2020-06-19 | CVE-2017-18917 | Mattermost | Use of Password Hash With Insufficient Computational Effort vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 7.5 |
2020-06-19 | CVE-2016-11069 | Mattermost | Weak Password Requirements vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.2.0. | 7.5 |
2020-06-19 | CVE-2016-11066 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.2.0. | 7.5 |
2020-06-19 | CVE-2015-9548 | Mattermost | Resource Exhaustion vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 1.2.0. | 7.5 |
2020-06-19 | CVE-2020-14929 | Alpine Project Fedoraproject Debian | Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. | 7.5 |
2020-06-19 | CVE-2017-18909 | Mattermost | Improper Certificate Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. | 7.5 |
2020-06-19 | CVE-2020-8184 | Rack Project Debian Canonical | Improper Input Validation vulnerability in multiple products A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. | 7.5 |
2020-06-19 | CVE-2020-8164 | Rubyonrails Debian Opensuse | Deserialization of Untrusted Data vulnerability in multiple products A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. | 7.5 |
2020-06-19 | CVE-2020-8162 | Rubyonrails Debian | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits. | 7.5 |
2020-06-19 | CVE-2019-20888 | Mattermost | Memory Leak vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. | 7.5 |
2020-06-19 | CVE-2019-20886 | Mattermost | Improper Privilege Management vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.8.0. | 7.5 |
2020-06-19 | CVE-2019-20885 | Mattermost | Missing Authorization vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.8.0. | 7.5 |
2020-06-19 | CVE-2019-20880 | Mattermost | Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. | 7.5 |
2020-06-19 | CVE-2018-21262 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.7.3. | 7.5 |
2020-06-19 | CVE-2018-21258 | Mattermost | Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.1. | 7.5 |
2020-06-19 | CVE-2018-21248 | Mattermost | Insufficiently Protected Credentials vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.4.0. | 7.5 |
2020-06-19 | CVE-2017-18871 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. | 7.5 |
2020-06-19 | CVE-2019-20874 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. | 7.5 |
2020-06-19 | CVE-2019-20871 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. | 7.5 |
2020-06-19 | CVE-2019-20868 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.11.0. | 7.5 |
2020-06-19 | CVE-2019-20864 | Mattermost | Unspecified vulnerability in Mattermost Plugins An issue was discovered in Mattermost Plugins before 5.13.0. | 7.5 |
2020-06-19 | CVE-2019-20863 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.13.0. | 7.5 |
2020-06-19 | CVE-2019-20862 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.13.0. | 7.5 |
2020-06-19 | CVE-2019-20859 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.15.0. | 7.5 |
2020-06-19 | CVE-2019-20858 | Mattermost | Resource Exhaustion vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.15.0. | 7.5 |
2020-06-19 | CVE-2019-20857 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.16.0. | 7.5 |
2020-06-19 | CVE-2019-20855 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. | 7.5 |
2020-06-19 | CVE-2019-20854 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.17.0. | 7.5 |
2020-06-19 | CVE-2019-20852 | Mattermost | Information Exposure Through Log Files vulnerability in Mattermost Mobile An issue was discovered in Mattermost Mobile Apps before 1.26.0. | 7.5 |
2020-06-19 | CVE-2020-14459 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.19.0. | 7.5 |
2020-06-19 | CVE-2020-14458 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.19.0. | 7.5 |
2020-06-19 | CVE-2020-14453 | Mattermost | Insufficient Verification of Data Authenticity vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.21.0. | 7.5 |
2020-06-19 | CVE-2020-14451 | Mattermost | Incomplete Cleanup vulnerability in Mattermost Mobile 1.26.0 An issue was discovered in Mattermost Mobile Apps before 1.29.0. | 7.5 |
2020-06-19 | CVE-2020-14450 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.22.0. | 7.5 |
2020-06-19 | CVE-2020-14449 | Mattermost | Unspecified vulnerability in Mattermost Mobile 1.26.0/1.29.0 An issue was discovered in Mattermost Mobile Apps before 1.30.0. | 7.5 |
2020-06-19 | CVE-2020-14448 | Mattermost | Infinite Loop vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.23.0. | 7.5 |
2020-06-19 | CVE-2020-14447 | Mattermost | Infinite Loop vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.23.0. | 7.5 |
2020-06-19 | CVE-2019-20848 | Mattermost | Improper Input Validation vulnerability in Mattermost Mobile An issue was discovered in Mattermost Mobile Apps before 1.26.0. | 7.5 |
2020-06-19 | CVE-2019-20846 | Mattermost | Improper Preservation of Permissions vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.18.0. | 7.5 |
2020-06-19 | CVE-2019-20845 | Mattermost | Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.18.0. | 7.5 |
2020-06-19 | CVE-2019-20843 | Mattermost | Improper Preservation of Permissions vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. | 7.5 |
2020-06-18 | CVE-2020-12887 | ARM | Memory Leak vulnerability in ARM Mbed-Coap 5.1.5 Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. | 7.5 |
2020-06-18 | CVE-2020-12885 | ARM | Infinite Loop vulnerability in ARM Mbed OS 5.15.3 An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. | 7.5 |
2020-06-18 | CVE-2017-9108 | GNU Opensuse Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in adns before 1.5.2. | 7.5 |
2020-06-18 | CVE-2017-9107 | GNU Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in adns before 1.5.2. | 7.5 |
2020-06-18 | CVE-2017-9106 | GNU Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in adns before 1.5.2. | 7.5 |
2020-06-18 | CVE-2020-3263 | Cisco | Improper Input Validation vulnerability in Cisco Webex Meetings 33.6.6/39.5.11 A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. | 7.5 |
2020-06-17 | CVE-2020-14040 | Golang Fedoraproject | Infinite Loop vulnerability in multiple products The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. | 7.5 |
2020-06-17 | CVE-2020-13637 | Heinekingmedia | Cleartext Storage of Sensitive Information vulnerability in Heinekingmedia Stashcat An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms. | 7.5 |
2020-06-17 | CVE-2019-9944 | Openmicroscopy | Unspecified vulnerability in Openmicroscopy Omero.Server 5.0.0/5.6.0 In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. | 7.5 |
2020-06-17 | CVE-2019-9943 | Openmicroscopy | Incorrect Default Permissions vulnerability in Openmicroscopy Omero.Server 5.6.0 In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled. | 7.5 |
2020-06-17 | CVE-2020-14400 | Libvncserver Project Debian Opensuse Canonical | An issue was discovered in LibVNCServer before 0.9.13. | 7.5 |
2020-06-17 | CVE-2020-14399 | Libvncserver Project Debian Opensuse Canonical | An issue was discovered in LibVNCServer before 0.9.13. | 7.5 |
2020-06-17 | CVE-2020-14398 | Libvnc Project Canonical Debian Siemens Opensuse | Infinite Loop vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 7.5 |
2020-06-17 | CVE-2020-14397 | Libvnc Project Canonical Debian Siemens Opensuse | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 7.5 |
2020-06-17 | CVE-2020-14396 | Libvnc Project Canonical Debian Siemens | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 7.5 |
2020-06-17 | CVE-2019-20840 | Libvnc Project Canonical Debian Siemens Opensuse | Out-of-bounds Write vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 7.5 |
2020-06-17 | CVE-2019-20839 | Libvnc Project Canonical Debian Siemens Opensuse | Classic Buffer Overflow vulnerability in multiple products libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. | 7.5 |
2020-06-17 | CVE-2018-21247 | Libvnc Project Canonical Debian Siemens Opensuse | Missing Initialization of Resource vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 7.5 |
2020-06-16 | CVE-2020-9289 | Fortinet | Use of Hard-coded Credentials vulnerability in Fortinet Fortimanager Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key. | 7.5 |
2020-06-16 | CVE-2019-17655 | Fortinet | Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortios A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system. | 7.5 |
2020-06-16 | CVE-2020-7513 | Schneider Electric | Cleartext Storage of Sensitive Information vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data. | 7.5 |
2020-06-16 | CVE-2020-7511 | Schneider Electric | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force. | 7.5 |
2020-06-16 | CVE-2020-7510 | Schneider Electric | Information Exposure vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys. | 7.5 |
2020-06-16 | CVE-2020-7507 | Schneider Electric | Resource Exhaustion vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service. | 7.5 |
2020-06-16 | CVE-2020-7506 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure. | 7.5 |
2020-06-16 | CVE-2020-7502 | Schneider Electric | Out-of-bounds Write vulnerability in Schneider-Electric Modicon M218 Firmware 4.3 A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (Firmware version 4.3 and prior), which may cause a Denial of Service when specific TCP/IP crafted packets are sent to the Modicon M218 Logic Controller. | 7.5 |
2020-06-16 | CVE-2020-8543 | Open Xchange | Improper Input Validation vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.3 has Improper Input Validation. | 7.5 |
2020-06-16 | CVE-2020-4310 | IBM | Unspecified vulnerability in IBM MQ and Websphere MQ IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. | 7.5 |
2020-06-15 | CVE-2020-14163 | Jerryscript | Out-of-bounds Read vulnerability in Jerryscript 2.2.0 An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. | 7.5 |
2020-06-15 | CVE-2020-12005 | Rockwellautomation | Unrestricted Upload of File with Dangerous Type vulnerability in Rockwellautomation Factorytalk Linx and Rslinx Classic FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. | 7.5 |
2020-06-15 | CVE-2020-12003 | Rockwellautomation | Path Traversal vulnerability in Rockwellautomation Factorytalk Linx and Rslinx Classic FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. | 7.5 |
2020-06-15 | CVE-2020-13650 | Digdash | Server-Side Request Forgery (SSRF) vulnerability in Digdash 2018R2/2019R1/2019R2 An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. | 7.5 |
2020-06-15 | CVE-2020-14149 | Troglobit | NULL Pointer Dereference vulnerability in Troglobit Uftpd In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. | 7.5 |
2020-06-15 | CVE-2020-14148 | Barton Debian Fedoraproject | Out-of-bounds Read vulnerability in multiple products The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. | 7.5 |
2020-06-15 | CVE-2019-20838 | Pcre Apple Splunk | Out-of-bounds Read vulnerability in multiple products libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. | 7.5 |
2020-06-15 | CVE-2020-4494 | IBM | Improper Authentication vulnerability in IBM products IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. | 7.5 |
2020-06-15 | CVE-2020-0597 | Intel | Out-of-bounds Read vulnerability in Intel products Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 |
2020-06-15 | CVE-2020-0596 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. | 7.5 |
2020-06-15 | CVE-2020-0540 | Intel | Insufficiently Protected Credentials vulnerability in Intel Active Management Technology Firmware Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. | 7.5 |
2020-06-15 | CVE-2020-0538 | Intel | Improper Input Validation vulnerability in Intel Active Management Technology Firmware Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 |
2020-06-15 | CVE-2020-0536 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access. | 7.5 |
2020-06-15 | CVE-2020-0534 | Intel | Improper Input Validation vulnerability in Intel Converged Security Management Engine Firmware Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 |
2020-06-19 | CVE-2019-20881 | Mattermost | Improper Restriction of Excessive Authentication Attempts vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.8.0. | 7.3 |
2020-06-19 | CVE-2020-14456 | Mattermost | Origin Validation Error vulnerability in Mattermost Desktop An issue was discovered in Mattermost Desktop App before 4.4.0. | 7.3 |
2020-06-18 | CVE-2020-4059 | Mversion Project | Unspecified vulnerability in Mversion Project Mversion In mversion before 2.0.0, there is a command injection vulnerability. | 7.3 |
2020-06-17 | CVE-2020-11904 | Treck | Integer Overflow or Wraparound vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write. | 7.3 |
2020-06-17 | CVE-2020-11902 | Treck | Out-of-bounds Read vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read. | 7.3 |
2020-06-16 | CVE-2020-4054 | Sanitize Project | Unspecified vulnerability in Sanitize Project Sanitize In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. | 7.3 |
2020-06-19 | CVE-2019-20842 | Mattermost | SQL Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. | 7.2 |
2020-06-18 | CVE-2020-14421 | Aapanel | Argument Injection or Modification vulnerability in Aapanel aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen. | 7.2 |
2020-06-18 | CVE-2020-3336 | Cisco | OS Command Injection vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service (DoS) or gain privileged access to the root filesystem. | 7.2 |
2020-06-18 | CVE-2020-3296 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 7.2 |
2020-06-18 | CVE-2020-3295 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 7.2 |
2020-06-18 | CVE-2020-3294 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 7.2 |
2020-06-18 | CVE-2020-3293 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 7.2 |
2020-06-18 | CVE-2020-3292 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 7.2 |
2020-06-18 | CVE-2020-3291 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 7.2 |
2020-06-18 | CVE-2020-3290 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 7.2 |
2020-06-18 | CVE-2020-3289 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 7.2 |
2020-06-18 | CVE-2020-3288 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 7.2 |
2020-06-18 | CVE-2020-3287 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 7.2 |
2020-06-18 | CVE-2020-3286 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 7.2 |
2020-06-18 | CVE-2020-3279 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. | 7.2 |
2020-06-18 | CVE-2020-3278 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. | 7.2 |
2020-06-18 | CVE-2020-3277 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. | 7.2 |
2020-06-18 | CVE-2020-3276 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. | 7.2 |
2020-06-18 | CVE-2020-3275 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. | 7.2 |
2020-06-18 | CVE-2020-3274 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. | 7.2 |
2020-06-18 | CVE-2020-3269 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. | 7.2 |
2020-06-18 | CVE-2020-3268 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. | 7.2 |
2020-06-17 | CVE-2020-14295 | Cacti Fedoraproject | SQL Injection vulnerability in multiple products A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. | 7.2 |
2020-06-17 | CVE-2020-12827 | Mjml | Path Traversal vulnerability in Mjml MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document. | 7.2 |
2020-06-16 | CVE-2020-7509 | Schneider Electric | Improper Privilege Management vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files. | 7.2 |
2020-06-16 | CVE-2020-7505 | Schneider Electric | Download of Code Without Integrity Check vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system. | 7.2 |
2020-06-15 | CVE-2020-14153 | IJG | Out-of-bounds Read vulnerability in IJG Libjpeg In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers. | 7.1 |
2020-06-15 | CVE-2020-14152 | IJG Debian | Resource Exhaustion vulnerability in multiple products In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption. | 7.1 |
2020-06-15 | CVE-2020-0532 | Intel | Improper Input Validation vulnerability in Intel Active Management Technology Firmware Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. | 7.1 |
2020-06-16 | CVE-2020-13162 | Pulsesecure | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Pulsesecure products A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges. | 7.0 |
211 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-06-18 | CVE-2020-14434 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
2020-06-18 | CVE-2020-14433 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
2020-06-16 | CVE-2020-4053 | Helm | Unspecified vulnerability in Helm In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. | 6.8 |
2020-06-15 | CVE-2020-9076 | Huawei | Improper Authentication vulnerability in Huawei P30 Firmware, P30 PRO Firmware and Tony-Al00B Firmware HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. | 6.8 |
2020-06-15 | CVE-2020-1813 | Huawei | Missing Authentication for Critical Function vulnerability in Huawei P30 Firmware HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. | 6.8 |
2020-06-15 | CVE-2020-8675 | Intel | Unspecified vulnerability in Intel Innovation Engine Firmware Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 6.8 |
2020-06-15 | CVE-2020-0566 | Intel | Unspecified vulnerability in Intel Trusted Execution Engine Firmware Improper Access Control in subsystem for Intel(R) TXE versions before 3.175 and 4.0.25 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 6.8 |
2020-06-18 | CVE-2020-3236 | Cisco | Path Traversal vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. | 6.7 |
2020-06-15 | CVE-2020-0541 | Intel | Out-of-bounds Write vulnerability in Intel Converged Security Management Engine Firmware Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2020-06-15 | CVE-2020-0533 | Intel | Inadequate Encryption Strength vulnerability in Intel Converged Security Management Engine Firmware Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access. | 6.7 |
2020-06-21 | CVE-2020-14958 | Gogs | Improper Preservation of Permissions vulnerability in Gogs 0.11.91 In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check. | 6.5 |
2020-06-19 | CVE-2016-11078 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.0. | 6.5 |
2020-06-19 | CVE-2016-11072 | Mattermost | Improper Authentication vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.2. | 6.5 |
2020-06-19 | CVE-2017-18874 | Mattermost | Path Traversal vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. | 6.5 |
2020-06-19 | CVE-2020-8167 | Rubyonrails Debian | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. | 6.5 |
2020-06-19 | CVE-2020-13277 | Gitlab | Incorrect Authorization vulnerability in Gitlab An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 | 6.5 |
2020-06-19 | CVE-2020-13961 | Strapi | Improper Input Validation vulnerability in Strapi Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. | 6.5 |
2020-06-19 | CVE-2018-21250 | Mattermost | Resource Exhaustion vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. | 6.5 |
2020-06-19 | CVE-2020-14470 | Octopus | Information Exposure Through Log Files vulnerability in Octopus Deploy In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password. | 6.5 |
2020-06-19 | CVE-2019-20873 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. | 6.5 |
2020-06-19 | CVE-2020-14460 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. | 6.5 |
2020-06-19 | CVE-2020-14455 | Mattermost | Improper Authentication vulnerability in Mattermost Desktop An issue was discovered in Mattermost Desktop App before 4.4.0. | 6.5 |
2020-06-19 | CVE-2019-20844 | Mattermost | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. | 6.5 |
2020-06-18 | CVE-2020-1835 | Huawei | Unspecified vulnerability in Huawei Mate 30 Firmware HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. | 6.5 |
2020-06-18 | CVE-2020-10782 | Redhat | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Ansible Tower 3.7.0 An exposure of sensitive information flaw was found in Ansible version 3.7.0. | 6.5 |
2020-06-18 | CVE-2020-3241 | Cisco | Path Traversal vulnerability in Cisco UCS Director A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. | 6.5 |
2020-06-17 | CVE-2020-14405 | Libvnc Project Canonical Debian Siemens | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 6.5 |
2020-06-17 | CVE-2020-14401 | Libvncserver Project Debian Opensuse Siemens | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 6.5 |
2020-06-17 | CVE-2020-11905 | Treck | Out-of-bounds Read vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read. | 6.5 |
2020-06-17 | CVE-2020-11903 | Treck | Out-of-bounds Read vulnerability in Treck Tcp/Ip 4.7.1.27/5.0.1.35 The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read. | 6.5 |
2020-06-16 | CVE-2020-14214 | Zammad | Incorrect Authorization vulnerability in Zammad Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. | 6.5 |
2020-06-16 | CVE-2020-7499 | Schneider Electric | Incorrect Authorization vulnerability in Schneider-Electric products A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes. | 6.5 |
2020-06-16 | CVE-2020-7492 | Schneider Electric | Weak Password Requirements vulnerability in Schneider-Electric Gp-Pro EX Firmware 1.00/4.08.200/4.09.120 A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded. | 6.5 |
2020-06-16 | CVE-2020-14199 | Satoshilabs | Improper Verification of Cryptographic Signature vulnerability in Satoshilabs Trezor Model T Firmware and Trezor ONE Firmware BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. | 6.5 |
2020-06-16 | CVE-2020-8544 | Open Xchange | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.3 allows SSRF. | 6.5 |
2020-06-16 | CVE-2020-8541 | Open Xchange | XXE vulnerability in Open-Xchange Appsuite 7.10.1/7.10.2/7.10.3 OX App Suite through 7.10.3 allows XXE attacks. | 6.5 |
2020-06-16 | CVE-2020-4320 | IBM | Improper Certificate Validation vulnerability in IBM MQ IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. | 6.5 |
2020-06-15 | CVE-2020-9075 | Huawei | Improper Input Validation vulnerability in Huawei products Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification. | 6.5 |
2020-06-15 | CVE-2020-1825 | Huawei | Improper Input Validation vulnerability in Huawei Fusionaccess 6.5.1 FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. | 6.5 |
2020-06-15 | CVE-2018-16848 | Redhat | Resource Exhaustion vulnerability in Redhat Openstack-Mistral A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. | 6.5 |
2020-06-15 | CVE-2020-4477 | IBM | Information Exposure Through Log Files vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. | 6.5 |
2020-06-15 | CVE-2020-4471 | IBM | Missing Authentication for Critical Function vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. | 6.5 |
2020-06-15 | CVE-2020-0531 | Intel | Improper Input Validation vulnerability in Intel Active Management Technology Firmware Improper input validation in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to potentially enable information disclosure via network access. | 6.5 |
2020-06-18 | CVE-2020-3350 | Cisco Fedoraproject Debian Canonical | Race Condition vulnerability in multiple products A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. | 6.3 |
2020-06-17 | CVE-2020-11907 | Treck | Unspecified vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP. | 6.3 |
2020-06-17 | CVE-2020-11906 | Treck | Integer Underflow (Wrap or Wraparound) vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow. | 6.3 |
2020-06-19 | CVE-2020-13262 | Gitlab | Injection vulnerability in Gitlab Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link | 6.1 |
2020-06-19 | CVE-2017-18921 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. | 6.1 |
2020-06-19 | CVE-2017-18913 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 6.1 |
2020-06-19 | CVE-2017-18907 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. | 6.1 |
2020-06-19 | CVE-2016-11084 | Mattermost | Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 2.1.0. | 6.1 |
2020-06-19 | CVE-2016-11083 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 2.2.0. | 6.1 |
2020-06-19 | CVE-2016-11082 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 2.2.0. | 6.1 |
2020-06-19 | CVE-2016-11079 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.0. | 6.1 |
2020-06-19 | CVE-2016-11073 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.0. | 6.1 |
2020-06-19 | CVE-2016-11071 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.1.0. | 6.1 |
2020-06-19 | CVE-2016-11063 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.5.1. | 6.1 |
2020-06-19 | CVE-2017-18904 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. | 6.1 |
2020-06-19 | CVE-2017-18897 | Mattermost | Open Redirect vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. | 6.1 |
2020-06-19 | CVE-2017-18893 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. | 6.1 |
2020-06-19 | CVE-2017-18892 | Mattermost | Improper Encoding or Escaping of Output vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. | 6.1 |
2020-06-19 | CVE-2017-18891 | Mattermost | Open Redirect vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. | 6.1 |
2020-06-19 | CVE-2017-18882 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 6.1 |
2020-06-19 | CVE-2017-18881 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 6.1 |
2020-06-19 | CVE-2017-18880 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 6.1 |
2020-06-19 | CVE-2017-18879 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 6.1 |
2020-06-19 | CVE-2020-14475 | Dolibarr | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.3 A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey). | 6.1 |
2020-06-19 | CVE-2017-18877 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 6.1 |
2020-06-19 | CVE-2020-14454 | Mattermost | Open Redirect vulnerability in Mattermost Desktop An issue was discovered in Mattermost Desktop App before 4.4.0. | 6.1 |
2020-06-18 | CVE-2020-14446 | Wso2 | Open Redirect vulnerability in Wso2 Identity Server and Identity Server AS KEY Manager An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. | 6.1 |
2020-06-18 | CVE-2020-3356 | Cisco | Cross-site Scripting vulnerability in Cisco Data Center Network Manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2020-06-18 | CVE-2020-3337 | Cisco | Open Redirect vulnerability in Cisco Umbrella A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. | 6.1 |
2020-06-17 | CVE-2020-14408 | Agentejo | Cross-site Scripting vulnerability in Agentejo Cockpit 0.10.2 An issue was discovered in Agentejo Cockpit 0.10.2. | 6.1 |
2020-06-16 | CVE-2020-4052 | Requarks | Unspecified vulnerability in Requarks Wiki.Js In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. | 6.1 |
2020-06-16 | CVE-2020-14210 | Monitorapp | Cross-site Scripting vulnerability in Monitorapp products Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. | 6.1 |
2020-06-16 | CVE-2020-10268 | Kuka | Unspecified vulnerability in Kuka KR C4 Firmware Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. | 6.1 |
2020-06-16 | CVE-2020-9522 | Microfocus | Cross-site Scripting vulnerability in Microfocus Arcsight Enterprise Security Manager Express 7.0.0/7.2/7.2.1 Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . | 6.1 |
2020-06-15 | CVE-2020-13652 | Digdash | Cross-site Scripting vulnerability in Digdash 2018R2/2019R1/2019R2 An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200528, 2019R2 before p20200430, and 2020R1 before p20200507. | 6.1 |
2020-06-15 | CVE-2020-9426 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange OX Guard 2.10.3 OX Guard 2.10.3 and earlier allows XSS. | 6.1 |
2020-06-15 | CVE-2019-19112 | Gvectors | Cross-site Scripting vulnerability in Gvectors Wpforo 1.6.5 The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php. | 6.1 |
2020-06-15 | CVE-2019-19111 | Gvectors | Cross-site Scripting vulnerability in Gvectors Wpforo 1.6.5 The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter. | 6.1 |
2020-06-21 | CVE-2020-14954 | Mutt Debian Neomutt Fedoraproject Canonical Opensuse | Injection vulnerability in multiple products Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. | 5.9 |
2020-06-18 | CVE-2020-14422 | Opensuse Python Fedoraproject Oracle | Use of Insufficiently Random Values vulnerability in multiple products Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. | 5.9 |
2020-06-15 | CVE-2020-14093 | Mutt Canonical Debian Opensuse | Cleartext Transmission of Sensitive Information vulnerability in multiple products Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. | 5.9 |
2020-06-18 | CVE-2020-3368 | Cisco | Improper Input Validation vulnerability in Cisco Asyncos A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. | 5.8 |
2020-06-17 | CVE-2020-7932 | Openmicroscopy | Information Exposure vulnerability in Openmicroscopy Omero.Web OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. | 5.7 |
2020-06-19 | CVE-2020-10750 | Linuxfoundation | Information Exposure Through Log Files vulnerability in Linuxfoundation Jaeger Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. | 5.5 |
2020-06-19 | CVE-2019-20872 | Mattermost | Server-Side Request Forgery (SSRF) vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. | 5.5 |
2020-06-19 | CVE-2019-20860 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. | 5.5 |
2020-06-18 | CVE-2020-3347 | Cisco | Information Exposure vulnerability in Cisco Webex Meetings 39.5.25/39.5.26/40.6.0 A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. | 5.5 |
2020-06-16 | CVE-2020-7495 | Schneider Electric | Path Traversal vulnerability in Schneider-Electric Ecostruxure Operator Terminal Expert 3.0/3.1 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file. | 5.5 |
2020-06-15 | CVE-2020-14150 | GNU | Unspecified vulnerability in GNU Bison GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). | 5.5 |
2020-06-15 | CVE-2020-13999 | Libemf Project Fedoraproject | Integer Overflow or Wraparound vulnerability in multiple products ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. | 5.5 |
2020-06-15 | CVE-2020-0543 | Intel Opensuse Canonical Fedoraproject Siemens Mcafee | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2020-06-15 | CVE-2020-0539 | Intel | Path Traversal vulnerability in Intel products Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access. | 5.5 |
2020-06-19 | CVE-2016-11070 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.1.0. | 5.4 |
2020-06-19 | CVE-2020-14926 | Cmsmadesimple | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page. | 5.4 |
2020-06-19 | CVE-2019-20876 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. | 5.4 |
2020-06-19 | CVE-2020-4297 | IBM | Cross-site Scripting vulnerability in IBM Doors Next and Rational Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. | 5.4 |
2020-06-19 | CVE-2020-4295 | IBM | Cross-site Scripting vulnerability in IBM Doors Next and Rational Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. | 5.4 |
2020-06-19 | CVE-2020-4281 | IBM | Cross-site Scripting vulnerability in IBM Doors Next and Rational Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. | 5.4 |
2020-06-19 | CVE-2020-14462 | Mitre | Cross-site Scripting vulnerability in Mitre Caldera 2.7.0 CALDERA 2.7.0 allows XSS via the Operation Name box. | 5.4 |
2020-06-18 | CVE-2020-14445 | Wso2 | Cross-site Scripting vulnerability in Wso2 Identity Server and Identity Server AS KEY Manager An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. | 5.4 |
2020-06-18 | CVE-2020-14444 | Wso2 | Cross-site Scripting vulnerability in Wso2 Identity Server and Identity Server AS KEY Manager An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. | 5.4 |
2020-06-17 | CVE-2020-14404 | Libvnc Project Canonical Debian Siemens | Out-of-bounds Write vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 5.4 |
2020-06-17 | CVE-2020-14403 | Libvnc Project Canonical Debian Siemens | Out-of-bounds Write vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 5.4 |
2020-06-17 | CVE-2020-14402 | Libvnc Project Canonical Debian Siemens | Out-of-bounds Write vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 5.4 |
2020-06-17 | CVE-2020-11899 | Treck Dell | Out-of-bounds Read vulnerability in multiple products The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. | 5.4 |
2020-06-16 | CVE-2020-14213 | Zammad | Missing Authorization vulnerability in Zammad In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge). | 5.4 |
2020-06-16 | CVE-2020-8542 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange Appsuite 7.10.1/7.10.2/7.10.3 OX App Suite through 7.10.3 allows XSS. | 5.4 |
2020-06-16 | CVE-2020-11838 | Microfocus | Cross-site Scripting vulnerability in Microfocus Arcsight Management Center Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. | 5.4 |
2020-06-15 | CVE-2020-4051 | Openjsf Debian Netapp | In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. | 5.4 |
2020-06-15 | CVE-2020-4406 | IBM | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM products IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. | 5.4 |
2020-06-15 | CVE-2020-14146 | Kumbiaphp | Cross-site Scripting vulnerability in Kumbiaphp 1.1.1 KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATH_INFO. | 5.4 |
2020-06-19 | CVE-2020-13264 | Gitlab | Information Exposure vulnerability in Gitlab Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token | 5.3 |
2020-06-19 | CVE-2020-13265 | Gitlab | Insufficient Verification of Data Authenticity vulnerability in Gitlab User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification | 5.3 |
2020-06-19 | CVE-2017-18919 | Mattermost | Improper Authentication vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. | 5.3 |
2020-06-19 | CVE-2017-18916 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 5.3 |
2020-06-19 | CVE-2017-18914 | Mattermost | Improper Check for Unusual or Exceptional Conditions vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 5.3 |
2020-06-19 | CVE-2017-18905 | Mattermost | Insufficient Session Expiration vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. | 5.3 |
2020-06-19 | CVE-2016-11076 | Mattermost | Improper Certificate Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.0. | 5.3 |
2020-06-19 | CVE-2016-11075 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.0. | 5.3 |
2020-06-19 | CVE-2016-11068 | Mattermost | Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.2.0. | 5.3 |
2020-06-19 | CVE-2016-11067 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.2.0. | 5.3 |
2020-06-19 | CVE-2016-11062 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.5.1. | 5.3 |
2020-06-19 | CVE-2020-9495 | Apache | Injection vulnerability in Apache Archiva Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. | 5.3 |
2020-06-19 | CVE-2017-18902 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. | 5.3 |
2020-06-19 | CVE-2017-18901 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. | 5.3 |
2020-06-19 | CVE-2017-18899 | Mattermost | Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. | 5.3 |
2020-06-19 | CVE-2017-18898 | Mattermost | Improper Resource Shutdown or Release vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. | 5.3 |
2020-06-19 | CVE-2017-18896 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. | 5.3 |
2020-06-19 | CVE-2017-18895 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. | 5.3 |
2020-06-19 | CVE-2017-18887 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 5.3 |
2020-06-19 | CVE-2017-18873 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 5.3 |
2020-06-19 | CVE-2019-20889 | Mattermost | Incorrect Default Permissions vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. | 5.3 |
2020-06-19 | CVE-2019-20884 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.8.0. | 5.3 |
2020-06-19 | CVE-2019-20882 | Mattermost | Incorrect Default Permissions vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.8.0. | 5.3 |
2020-06-19 | CVE-2019-20877 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. | 5.3 |
2020-06-19 | CVE-2019-20875 | Mattermost | Improper Authentication vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. | 5.3 |
2020-06-19 | CVE-2018-21265 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Desktop 3.4.0 An issue was discovered in Mattermost Desktop App before 4.0.0. | 5.3 |
2020-06-19 | CVE-2018-21259 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and 4.8.2. | 5.3 |
2020-06-19 | CVE-2018-21257 | Mattermost | Missing Authorization vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.1. | 5.3 |
2020-06-19 | CVE-2019-20869 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. | 5.3 |
2020-06-19 | CVE-2019-20867 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.11.0. | 5.3 |
2020-06-19 | CVE-2019-20866 | Mattermost | HTTP Request Smuggling vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.12.0. | 5.3 |
2020-06-19 | CVE-2020-14457 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.20.0. | 5.3 |
2020-06-19 | CVE-2020-14452 | Mattermost | Path Traversal vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.21.0. | 5.3 |
2020-06-19 | CVE-2019-20850 | Mattermost | Incomplete Cleanup vulnerability in Mattermost Mobile An issue was discovered in Mattermost Mobile Apps before 1.26.0. | 5.3 |
2020-06-19 | CVE-2019-20849 | Mattermost | Incomplete Cleanup vulnerability in Mattermost Mobile An issue was discovered in Mattermost Mobile Apps before 1.26.0. | 5.3 |
2020-06-19 | CVE-2019-20847 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.18.0. | 5.3 |
2020-06-18 | CVE-2020-14423 | Convos | Use of Insufficiently Random Values vulnerability in Convos Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. | 5.3 |
2020-06-18 | CVE-2020-3364 | Cisco | Incorrect Authorization vulnerability in Cisco IOS XR A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit Ethernet Management interface. | 5.3 |
2020-06-18 | CVE-2020-3360 | Cisco | Incorrect Authorization vulnerability in Cisco products A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. | 5.3 |
2020-06-18 | CVE-2020-3245 | Cisco | Missing Authorization vulnerability in Cisco Smart Software Manager On-Prem A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. | 5.3 |
2020-06-18 | CVE-2020-3244 | Cisco | Improper Input Validation vulnerability in Cisco Staros A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. | 5.3 |
2020-06-17 | CVE-2020-4532 | IBM | Information Exposure Through an Error Message vulnerability in IBM products IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
2020-06-17 | CVE-2019-16245 | Openmicroscopy | Unspecified vulnerability in Openmicroscopy Omero OMERO before 5.6.1 makes the details of each user available to all users. | 5.3 |
2020-06-17 | CVE-2020-11913 | Treck | Out-of-bounds Read vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. | 5.3 |
2020-06-17 | CVE-2020-11912 | Treck | Out-of-bounds Read vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read. | 5.3 |
2020-06-17 | CVE-2020-11911 | Treck | Incorrect Permission Assignment for Critical Resource vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control. | 5.3 |
2020-06-17 | CVE-2020-11910 | Treck | Out-of-bounds Read vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read. | 5.3 |
2020-06-17 | CVE-2020-11909 | Treck | Integer Underflow (Wrap or Wraparound) vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. | 5.3 |
2020-06-16 | CVE-2020-7504 | Schneider Electric | Improper Input Validation vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent. | 5.3 |
2020-06-15 | CVE-2020-14155 | Pcre Apple Gitlab Oracle Netapp Splunk | Integer Overflow or Wraparound vulnerability in multiple products libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | 5.3 |
2020-06-15 | CVE-2020-8674 | Intel | Out-of-bounds Read vulnerability in Intel products Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access. | 5.3 |
2020-06-15 | CVE-2020-0535 | Intel | Improper Input Validation vulnerability in Intel Active Management Technology Firmware Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. | 5.3 |
2020-06-15 | CVE-2020-9427 | Open Xchange | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange OX Guard 2.10.3 OX Guard 2.10.3 and earlier allows SSRF. | 5.0 |
2020-06-19 | CVE-2017-18918 | Mattermost | Improper Certificate Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. | 4.9 |
2020-06-19 | CVE-2017-18876 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. | 4.9 |
2020-06-19 | CVE-2017-18875 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. | 4.9 |
2020-06-18 | CVE-2020-3242 | Cisco | Information Exposure vulnerability in Cisco UCS Director A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. | 4.9 |
2020-06-17 | CVE-2020-8619 | ISC Fedoraproject Opensuse Debian Canonical Netapp | Improper Resource Shutdown or Release vulnerability in multiple products In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. | 4.9 |
2020-06-17 | CVE-2020-8618 | ISC Opensuse Netapp Canonical | Reachable Assertion vulnerability in multiple products An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients. | 4.9 |
2020-06-15 | CVE-2020-0537 | Intel | Improper Input Validation vulnerability in Intel Active Management Technology Firmware Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access. | 4.9 |
2020-06-19 | CVE-2020-14927 | Naviwebs | Cross-site Scripting vulnerability in Naviwebs Navigate CMS 2.9 Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen. | 4.8 |
2020-06-18 | CVE-2020-3355 | Cisco | Cross-site Scripting vulnerability in Cisco Data Center Network Manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.8 |
2020-06-18 | CVE-2020-3354 | Cisco | Cross-site Scripting vulnerability in Cisco Data Center Network Manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.8 |
2020-06-15 | CVE-2020-14154 | Mutt Canonical | Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. | 4.8 |
2020-06-15 | CVE-2019-19110 | Gvectors | Cross-site Scripting vulnerability in Gvectors Wpforo 1.6.5 The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter. | 4.8 |
2020-06-18 | CVE-2020-3362 | Cisco | Unspecified vulnerability in Cisco Network Services Orchestrator A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. | 4.7 |
2020-06-18 | CVE-2020-1834 | Huawei | Improper Validation of Integrity Check Value vulnerability in Huawei P30 Firmware and P30 PRO Firmware HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C00E135R2P11) and versions earlier than 10.1.0.135(C00E135R2P8) have an insufficient integrity check vulnerability. | 4.6 |
2020-06-15 | CVE-2020-0545 | Intel | Integer Overflow or Wraparound vulnerability in Intel products Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2020-06-15 | CVE-2020-0527 | Intel | Unspecified vulnerability in Intel products Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2020-06-19 | CVE-2020-13276 | Gitlab | Missing Authorization vulnerability in Gitlab User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 | 4.3 |
2020-06-19 | CVE-2016-11081 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 2.2.0. | 4.3 |
2020-06-19 | CVE-2016-11080 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.0. | 4.3 |
2020-06-19 | CVE-2016-11065 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.3.0. | 4.3 |
2020-06-19 | CVE-2017-18910 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 4.3 |
2020-06-19 | CVE-2017-18890 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 4.3 |
2020-06-19 | CVE-2017-18889 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 4.3 |
2020-06-19 | CVE-2017-18878 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 4.3 |
2020-06-19 | CVE-2018-21256 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.1. | 4.3 |
2020-06-19 | CVE-2018-21252 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. | 4.3 |
2020-06-19 | CVE-2017-18872 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. | 4.3 |
2020-06-19 | CVE-2019-20890 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.7. | 4.3 |
2020-06-19 | CVE-2019-20887 | Mattermost | Missing Authorization vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. | 4.3 |
2020-06-19 | CVE-2019-20883 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. | 4.3 |
2020-06-19 | CVE-2019-20879 | Mattermost | Improper Authentication vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. | 4.3 |
2020-06-19 | CVE-2019-20878 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. | 4.3 |
2020-06-19 | CVE-2018-21261 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. | 4.3 |
2020-06-19 | CVE-2018-21255 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.1. | 4.3 |
2020-06-19 | CVE-2018-21254 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.1. | 4.3 |
2020-06-19 | CVE-2018-21253 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. | 4.3 |
2020-06-19 | CVE-2017-18870 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. | 4.3 |
2020-06-19 | CVE-2019-20870 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.10.0. | 4.3 |
2020-06-17 | CVE-2020-11914 | Treck | Out-of-bounds Read vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read. | 4.3 |
2020-06-17 | CVE-2020-11908 | Treck | Unspecified vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP. | 4.3 |
2020-06-16 | CVE-2020-11841 | Microfocus | Unspecified vulnerability in Microfocus Arcsight Management Center Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. | 4.3 |
2020-06-16 | CVE-2020-11840 | Microfocus | Unspecified vulnerability in Microfocus Arcsight Management Center Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. | 4.3 |
2020-06-18 | CVE-2020-13882 | Cisofy Fedoraproject | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. | 4.2 |
2020-06-18 | CVE-2020-14416 | Linux Opensuse | Use After Free vulnerability in multiple products In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. | 4.2 |
8 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-06-17 | CVE-2020-6752 | Openmicroscopy | Incorrect Authorization vulnerability in Openmicroscopy Omero In OMERO before 5.6.1, group owners can access members' data in other groups. | 3.8 |
2020-06-19 | CVE-2018-21249 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.3.0. | 3.7 |
2020-06-19 | CVE-2020-3972 | Vmware | Unspecified vulnerability in VMWare Tools VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. | 3.3 |
2020-06-18 | CVE-2019-13033 | Cisofy Debian Fedoraproject | Information Exposure vulnerability in multiple products In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. | 3.3 |
2020-06-19 | CVE-2020-13261 | Gitlab | Information Exposure vulnerability in Gitlab Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code | 2.7 |
2020-06-19 | CVE-2016-11077 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.0. | 2.7 |
2020-06-19 | CVE-2018-21260 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. | 2.7 |
2020-06-15 | CVE-2017-18869 | Chownr Project | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Chownr Project Chownr A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks. | 2.5 |