Weekly Vulnerabilities Reports > June 15 to 21, 2020

Overview

474 new vulnerabilities reported during this period, including 58 critical vulnerabilities and 197 high severity vulnerabilities. This weekly summary report vulnerabilities in 1066 products from 111 vendors including Mattermost, Cisco, Debian, Intel, and Opensuse. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Improper Input Validation", "Incorrect Permission Assignment for Critical Resource", and "Out-of-bounds Read".

  • 400 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 124 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 307 reported vulnerabilities are exploitable by an anonymous user.
  • Mattermost has the most reported vulnerabilities, with 158 reported vulnerabilities.
  • Mattermost has the most reported critical vulnerabilities, with 15 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

58 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-06-17 CVE-2020-11897 Treck Out-of-bounds Write vulnerability in Treck Tcp/Ip 4.7.1.27

The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets.

10.0
2020-06-17 CVE-2020-11896 Treck Out-of-bounds Write vulnerability in Treck Tcp/Ip

The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.

10.0
2020-06-21 CVE-2020-14942 Tendenci Deserialization of Untrusted Data vulnerability in Tendenci 12.0.10

Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.

9.8
2020-06-20 CVE-2020-14932 Squirrelmail Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22

compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request.

9.8
2020-06-19 CVE-2020-14931 Dmitry Project Out-of-bounds Write vulnerability in Dmitry Project Dmitry 1.3A

A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_format_buff.

9.8
2020-06-19 CVE-2017-18920 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.6.2.

9.8
2020-06-19 CVE-2017-18915 Mattermost Incorrect Default Permissions vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.

9.8
2020-06-19 CVE-2017-18908 Mattermost Improper Authentication vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2.

9.8
2020-06-19 CVE-2016-11074 Mattermost Improper Authentication vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.0.0.

9.8
2020-06-19 CVE-2016-11064 Mattermost Code Injection vulnerability in Mattermost Desktop

An issue was discovered in Mattermost Desktop App before 3.4.0.

9.8
2020-06-19 CVE-2017-18912 Mattermost Path Traversal vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.

9.8
2020-06-19 CVE-2017-18900 Mattermost Injection vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3.

9.8
2020-06-19 CVE-2017-18888 Mattermost SQL Injection vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

9.8
2020-06-19 CVE-2017-18885 Mattermost Improper Privilege Management vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

9.8
2020-06-19 CVE-2020-8165 Rubyonrails
Debian
Opensuse
Deserialization of Untrusted Data vulnerability in multiple products

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

9.8
2020-06-19 CVE-2018-21251 Mattermost Missing Authorization vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.2 and 5.1.1.

9.8
2020-06-19 CVE-2019-20856 Mattermost Uncontrolled Search Path Element vulnerability in Mattermost Desktop 3.4.0/4.0.0/4.2.2

An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS.

9.8
2020-06-19 CVE-2019-20853 Mattermost Exposure of Resource to Wrong Sphere vulnerability in Mattermost Packages

An issue was discovered in Mattermost Packages before 5.16.3.

9.8
2020-06-19 CVE-2020-7679 Casperjs Unspecified vulnerability in Casperjs

In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution.

9.8
2020-06-18 CVE-2020-11503 Sophos Out-of-bounds Write vulnerability in Sophos Sfos

A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely.

9.8
2020-06-18 CVE-2020-13640 Gvectors SQL Injection vulnerability in Gvectors Wpdiscuz

A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request.

9.8
2020-06-18 CVE-2017-9104 GNU
Opensuse
Fedoraproject
Resource Exhaustion vulnerability in multiple products

An issue was discovered in adns before 1.5.2.

9.8
2020-06-18 CVE-2017-9103 GNU
Opensuse
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An issue was discovered in adns before 1.5.2.

9.8
2020-06-18 CVE-2017-9109 GNU
Opensuse
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An issue was discovered in adns before 1.5.2.

9.8
2020-06-18 CVE-2020-3361 Cisco Improper Authentication vulnerability in Cisco Webex Meetings Server

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site.

9.8
2020-06-16 CVE-2020-7512 Schneider Electric Unspecified vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2

A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component.

9.8
2020-06-16 CVE-2020-7508 Schneider Electric Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2

A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force.

9.8
2020-06-16 CVE-2020-7500 Schneider Electric SQL Injection vulnerability in Schneider-Electric products

A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.

9.8
2020-06-16 CVE-2020-7498 Schneider Electric Use of Hard-coded Credentials vulnerability in Schneider-Electric OS Loader and Unity Loader

A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions).

9.8
2020-06-16 CVE-2020-7497 Schneider Electric Path Traversal vulnerability in Schneider-Electric Ecostruxure Operator Terminal Expert 3.0/3.1

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application execution when the computer starts.

9.8
2020-06-16 CVE-2020-9296 Netflix Expression Language Injection vulnerability in Netflix Conductor

Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators.

9.8
2020-06-16 CVE-2020-0235 Google Out-of-bounds Write vulnerability in Google Android

In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size" variable, and then use that variable as the size parameter for "copy_from_user", ending up overwriting memory following "crus_sp_hdr".

9.8
2020-06-16 CVE-2020-0232 Google Use After Free vulnerability in Google Android

Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds it to the session object then continues to work with it.

9.8
2020-06-16 CVE-2020-0223 Google Out-of-bounds Write vulnerability in Google Android

This is an unbounded write into kernel global memory, via a user-controlled buffer size.Product: AndroidVersions: Android kernelAndroid ID: A-135130450

9.8
2020-06-15 CVE-2020-12019 Advantech Out-of-bounds Write vulnerability in Advantech Webaccess

WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.

9.8
2020-06-15 CVE-2020-12001 Rockwellautomation Improper Input Validation vulnerability in Rockwellautomation Factorytalk Linx and Rslinx Classic

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable.

9.8
2020-06-15 CVE-2020-11969 Apache Missing Authentication for Critical Function vulnerability in Apache Tomee

If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication.

9.8
2020-06-15 CVE-2020-14034 Meetecho Classic Buffer Overflow vulnerability in Meetecho Janus

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0.

9.8
2020-06-15 CVE-2020-14033 Meetecho Classic Buffer Overflow vulnerability in Meetecho Janus

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0.

9.8
2020-06-15 CVE-2018-21246 Caddyserver Improper Authentication vulnerability in Caddyserver Caddy

Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.

9.8
2020-06-15 CVE-2020-14054 Sokkia SQL Injection vulnerability in Sokkia Gnr5 Vanguard Firmware 1.2

SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3) and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that uses the User Name or Password field on the login page.

9.8
2020-06-15 CVE-2020-14011 Lansweeper Insecure Default Initialization of Resource vulnerability in Lansweeper

Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked.

9.8
2020-06-15 CVE-2020-4469 IBM OS Command Injection vulnerability in IBM Spectrum Protect Plus

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system.

9.8
2020-06-15 CVE-2020-4216 IBM Use of Hard-coded Credentials vulnerability in IBM Spectrum Protect Plus

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

9.8
2020-06-15 CVE-2020-0595 Intel Use After Free vulnerability in Intel products

Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

9.8
2020-06-15 CVE-2020-0594 Intel Out-of-bounds Read vulnerability in Intel products

Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

9.8
2020-06-15 CVE-2020-14080 Trendnet Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.

9.8
2020-06-15 CVE-2020-14067 Naviwebs Unrestricted Upload of File with Dangerous Type vulnerability in Naviwebs Navigatecms 2.9

The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php.

9.8
2020-06-19 CVE-2017-18911 Mattermost Improper Certificate Validation vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.

9.1
2020-06-19 CVE-2017-18883 Mattermost Insufficient Entropy vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider.

9.1
2020-06-19 CVE-2019-20851 Mattermost Path Traversal vulnerability in Mattermost

An issue was discovered in Mattermost Mobile Apps before 1.26.0.

9.1
2020-06-18 CVE-2020-12886 ARM Out-of-bounds Read vulnerability in ARM Mbed OS 5.15.3

A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3.

9.1
2020-06-18 CVE-2020-12884 ARM Out-of-bounds Read vulnerability in ARM Mbed OS 5.15.3

A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3.

9.1
2020-06-18 CVE-2020-12883 ARM Out-of-bounds Read vulnerability in ARM Mbed OS 5.15.3

Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3.

9.1
2020-06-17 CVE-2020-11898 Treck Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Treck Tcp/Ip

The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.

9.1
2020-06-15 CVE-2020-5754 Webroot Type Confusion vulnerability in Webroot Endpoint Agents

Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulnerability over its listening TCP port, resulting in crashing or reading memory contents of the Webroot endpoint agent.

9.1
2020-06-15 CVE-2018-21245 Apsis HTTP Request Smuggling vulnerability in Apsis Pound

Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.

9.1
2020-06-17 CVE-2020-11901 Treck Incorrect Calculation of Buffer Size vulnerability in Treck Tcp/Ip

The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response.

9.0

197 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-06-21 CVE-2020-14950 Aapanel OS Command Injection vulnerability in Aapanel

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store.

8.8
2020-06-20 CVE-2020-14933 Squirrelmail Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22

compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request.

8.8
2020-06-19 CVE-2020-13263 Gitlab Incorrect Authorization vulnerability in Gitlab

An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.

8.8
2020-06-19 CVE-2020-13272 Gitlab Insufficient Verification of Data Authenticity vulnerability in Gitlab

OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow

8.8
2020-06-19 CVE-2019-20891 Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce

WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.

8.8
2020-06-19 CVE-2017-18903 Mattermost Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2.

8.8
2020-06-19 CVE-2017-18886 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

8.8
2020-06-19 CVE-2018-21264 Mattermost Improper Input Validation vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2.

8.8
2020-06-19 CVE-2018-21263 Mattermost Improper Authentication vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2.

8.8
2020-06-19 CVE-2019-20865 Mattermost Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10.

8.8
2020-06-19 CVE-2019-20861 Mattermost Unspecified vulnerability in Mattermost Desktop 3.4.0/4.0.0

An issue was discovered in Mattermost Desktop App before 4.2.2.

8.8
2020-06-19 CVE-2019-20841 Mattermost Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7.

8.8
2020-06-18 CVE-2020-14443 Dolibarr SQL Injection vulnerability in Dolibarr

A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.

8.8
2020-06-18 CVE-2020-14442 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

8.8
2020-06-18 CVE-2020-14441 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

8.8
2020-06-18 CVE-2020-14440 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

8.8
2020-06-18 CVE-2020-14439 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

8.8
2020-06-18 CVE-2020-14438 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

8.8
2020-06-18 CVE-2020-14437 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

8.8
2020-06-18 CVE-2020-14436 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

8.8
2020-06-18 CVE-2020-14435 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

8.8
2020-06-18 CVE-2020-14432 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

Certain NETGEAR devices are affected by CSRF.

8.8
2020-06-18 CVE-2020-14431 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of administrative credentials.

8.8
2020-06-18 CVE-2020-14430 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of administrative credentials.

8.8
2020-06-18 CVE-2020-14429 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of administrative credentials.

8.8
2020-06-18 CVE-2020-14428 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of administrative credentials.

8.8
2020-06-18 CVE-2020-14427 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of administrative credentials.

8.8
2020-06-18 CVE-2020-14426 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of administrative credentials.

8.8
2020-06-18 CVE-2017-9105 GNU
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in adns before 1.5.2.

8.8
2020-06-18 CVE-2020-3342 Cisco Improper Certificate Validation vulnerability in Cisco Webex Meetings

A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system.

8.8
2020-06-17 CVE-2020-13224 TP Link Classic Buffer Overflow vulnerability in Tp-Link products

TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow

8.8
2020-06-16 CVE-2020-14212 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 4.3

FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.

8.8
2020-06-16 CVE-2020-7503 Schneider Electric Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted.

8.8
2020-06-16 CVE-2020-7501 Schneider Electric Use of Hard-coded Credentials vulnerability in Schneider-Electric Vijeo Designer

A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer.

8.8
2020-06-15 CVE-2020-5742 Plex Unspecified vulnerability in Plex Media Server

Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests.

8.8
2020-06-15 CVE-2020-14159 Connectwise SQL Injection vulnerability in Connectwise Automate API

By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL injection vulnerability in /LabTech/agent.aspx.

8.8
2020-06-15 CVE-2020-14156 Openbmc Project Incorrect Default Permissions vulnerability in Openbmc-Project Openbmc

user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions.

8.8
2020-06-15 CVE-2019-19109 Gvectors Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpforo 1.6.5

The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF.

8.8
2020-06-15 CVE-2020-14076 Trendnet Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.

8.8
2020-06-15 CVE-2020-14081 Trendnet OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware

TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device.

8.8
2020-06-15 CVE-2020-14079 Trendnet Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.

8.8
2020-06-15 CVE-2020-14078 Trendnet Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.

8.8
2020-06-15 CVE-2020-14077 Trendnet Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.

8.8
2020-06-15 CVE-2020-14075 Trendnet OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware

TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device.

8.8
2020-06-15 CVE-2020-14074 Trendnet Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.

8.8
2020-06-17 CVE-2020-11900 Treck Double Free vulnerability in Treck Tcp/Ip 4.7.1.27/5.0.1.35/6.0.1.28

The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free.

8.2
2020-06-19 CVE-2020-13275 Gitlab Unspecified vulnerability in Gitlab

A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1

8.1
2020-06-19 CVE-2020-14930 BT Ctroms Terminal Project Insufficiently Protected Credentials vulnerability in BT Ctroms Terminal Project BT Ctroms Terminal

An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464.

8.1
2020-06-19 CVE-2017-18906 Mattermost Improper Authentication vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used.

8.1
2020-06-19 CVE-2017-18894 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider.

8.1
2020-06-19 CVE-2017-18884 Mattermost Improper Privilege Management vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

8.1
2020-06-19 CVE-2020-5590 EC Cube Path Traversal vulnerability in Ec-Cube

Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.

8.1
2020-06-17 CVE-2020-14157 Abus Cleartext Transmission of Sensitive Information vulnerability in Abus Secvest Wireless Control Fube50001 Firmware

The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens).

8.1
2020-06-17 CVE-2020-6869 ZTE Unspecified vulnerability in ZTE Ztemarket APK 10.06

All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability.

8.1
2020-06-16 CVE-2020-14195 Fasterxml
Netapp
Debian
Oracle
Deserialization of Untrusted Data vulnerability in multiple products

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).

8.1
2020-06-15 CVE-2020-11999 Rockwellautomation Improper Input Validation vulnerability in Rockwellautomation Factorytalk Linx and Rslinx Classic

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable.

8.1
2020-06-15 CVE-2020-4470 IBM Unrestricted Upload of File with Dangerous Type vulnerability in IBM Spectrum Protect Plus

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server.

8.0
2020-06-19 CVE-2020-14019 Rtslib FB Project Incorrect Default Permissions vulnerability in Rtslib-Fb Project Rtslib-Fb

Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.

7.8
2020-06-18 CVE-2020-9225 Huawei Improper Privilege Management vulnerability in Huawei Fusionsphere Openstack 6.5.1

FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability.

7.8
2020-06-17 CVE-2020-9332 Fabulatech Unspecified vulnerability in Fabulatech USB for Remote Desktop 20200219/6.1.0.0

ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 allows privilege escalation via crafted IoCtl code related to a USB HID device.

7.8
2020-06-16 CVE-2020-7496 SE Argument Injection or Modification vulnerability in SE Ecostruxure Operator Terminal Expert 3.1

A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause unauthorized write access when opening the project file.

7.8
2020-06-16 CVE-2020-7494 Schneider Electric Path Traversal vulnerability in Schneider-Electric Ecostruxure Operator Terminal Expert 3.0/3.1

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file.

7.8
2020-06-16 CVE-2020-7493 Schneider Electric SQL Injection vulnerability in Schneider-Electric Ecostruxure Operator Terminal Expert 3.0/3.1

A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file.

7.8
2020-06-16 CVE-2020-0234 Google Out-of-bounds Write vulnerability in Google Android

In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check.

7.8
2020-06-16 CVE-2019-18614 Cypress Out-of-bounds Write vulnerability in Cypress Cyw20735 Firmware

On the Cypress CYW20735 evaluation board, any data that exceeds 384 bytes is copied and causes an overflow.

7.8
2020-06-16 CVE-2020-13431 Geti2P Incorrect Permission Assignment for Critical Resource vulnerability in Geti2P I2P

I2P before 0.9.46 allows local users to gain privileges via a Trojan horse I2PSvc.exe file because of weak permissions on a certain %PROGRAMFILES% subdirectory.

7.8
2020-06-15 CVE-2020-5358 Dell Incorrect Permission Assignment for Critical Resource vulnerability in Dell Encryption and Endpoint Security Suite Enterprise

Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions.

7.8
2020-06-15 CVE-2020-5755 Webroot Incorrect Permission Assignment for Critical Resource vulnerability in Webroot Endpoint Agents

Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming.

7.8
2020-06-15 CVE-2020-13651 Digdash Inclusion of Functionality from Untrusted Control Sphere vulnerability in Digdash 2018R2/2019R1/2019R2

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430.

7.8
2020-06-15 CVE-2020-3961 Vmware Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Horizon Client

VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries.

7.8
2020-06-15 CVE-2020-13150 Dlink Missing Authentication for Critical Function vulnerability in Dlink Dsl-2750U Firmware Me1.03

D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active.

7.8
2020-06-15 CVE-2020-0586 Intel Improper Initialization vulnerability in Intel Server Platform Services

Improper initialization in subsystem for Intel(R) SPS versions before SPS_E3_04.01.04.109.0 and SPS_E3_04.08.04.070.0 may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.

7.8
2020-06-15 CVE-2020-0542 Intel Unspecified vulnerability in Intel Converged Security Management Engine Firmware

Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.

7.8
2020-06-15 CVE-2020-0529 Intel Improper Initialization vulnerability in Intel products

Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access.

7.8
2020-06-15 CVE-2020-0528 Intel Unspecified vulnerability in Intel products

Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.

7.8
2020-06-15 CVE-2020-14147 Redislabs
Oracle
Suse
Debian
Integer Overflow or Wraparound vulnerability in multiple products

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.

7.7
2020-06-19 CVE-2020-13274 Gitlab Unspecified vulnerability in Gitlab

A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1

7.5
2020-06-19 CVE-2020-13273 Gitlab Unspecified vulnerability in Gitlab

A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1

7.5
2020-06-19 CVE-2017-18917 Mattermost Use of Password Hash With Insufficient Computational Effort vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.

7.5
2020-06-19 CVE-2016-11069 Mattermost Weak Password Requirements vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.2.0.

7.5
2020-06-19 CVE-2016-11066 Mattermost Information Exposure vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.2.0.

7.5
2020-06-19 CVE-2015-9548 Mattermost Resource Exhaustion vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 1.2.0.

7.5
2020-06-19 CVE-2020-14929 Alpine Project
Fedoraproject
Debian
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do.
7.5
2020-06-19 CVE-2017-18909 Mattermost Improper Certificate Validation vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.9.0 when SAML is used.

7.5
2020-06-19 CVE-2020-8184 Rack Project
Debian
Canonical
Improper Input Validation vulnerability in multiple products

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

7.5
2020-06-19 CVE-2020-8164 Rubyonrails
Debian
Opensuse
Deserialization of Untrusted Data vulnerability in multiple products

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

7.5
2020-06-19 CVE-2020-8162 Rubyonrails
Debian
Unrestricted Upload of File with Dangerous Type vulnerability in multiple products

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

7.5
2020-06-19 CVE-2019-20888 Mattermost Memory Leak vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5.

7.5
2020-06-19 CVE-2019-20886 Mattermost Improper Privilege Management vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.8.0.

7.5
2020-06-19 CVE-2019-20885 Mattermost Missing Authorization vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.8.0.

7.5
2020-06-19 CVE-2019-20880 Mattermost Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7.

7.5
2020-06-19 CVE-2018-21262 Mattermost Improper Input Validation vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.7.3.

7.5
2020-06-19 CVE-2018-21258 Mattermost Injection vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.1.

7.5
2020-06-19 CVE-2018-21248 Mattermost Insufficiently Protected Credentials vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.4.0.

7.5
2020-06-19 CVE-2017-18871 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2.

7.5
2020-06-19 CVE-2019-20874 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8.

7.5
2020-06-19 CVE-2019-20871 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8.

7.5
2020-06-19 CVE-2019-20868 Mattermost Improper Input Validation vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.11.0.

7.5
2020-06-19 CVE-2019-20864 Mattermost Unspecified vulnerability in Mattermost Plugins

An issue was discovered in Mattermost Plugins before 5.13.0.

7.5
2020-06-19 CVE-2019-20863 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.13.0.

7.5
2020-06-19 CVE-2019-20862 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.13.0.

7.5
2020-06-19 CVE-2019-20859 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.15.0.

7.5
2020-06-19 CVE-2019-20858 Mattermost Resource Exhaustion vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.15.0.

7.5
2020-06-19 CVE-2019-20857 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.16.0.

7.5
2020-06-19 CVE-2019-20855 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6.

7.5
2020-06-19 CVE-2019-20854 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.17.0.

7.5
2020-06-19 CVE-2019-20852 Mattermost Information Exposure Through Log Files vulnerability in Mattermost Mobile

An issue was discovered in Mattermost Mobile Apps before 1.26.0.

7.5
2020-06-19 CVE-2020-14459 Mattermost Improper Input Validation vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.19.0.

7.5
2020-06-19 CVE-2020-14458 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.19.0.

7.5
2020-06-19 CVE-2020-14453 Mattermost Insufficient Verification of Data Authenticity vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.21.0.

7.5
2020-06-19 CVE-2020-14451 Mattermost Incomplete Cleanup vulnerability in Mattermost Mobile 1.26.0

An issue was discovered in Mattermost Mobile Apps before 1.29.0.

7.5
2020-06-19 CVE-2020-14450 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.22.0.

7.5
2020-06-19 CVE-2020-14449 Mattermost Unspecified vulnerability in Mattermost Mobile 1.26.0/1.29.0

An issue was discovered in Mattermost Mobile Apps before 1.30.0.

7.5
2020-06-19 CVE-2020-14448 Mattermost Infinite Loop vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.23.0.

7.5
2020-06-19 CVE-2020-14447 Mattermost Infinite Loop vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.23.0.

7.5
2020-06-19 CVE-2019-20848 Mattermost Improper Input Validation vulnerability in Mattermost Mobile

An issue was discovered in Mattermost Mobile Apps before 1.26.0.

7.5
2020-06-19 CVE-2019-20846 Mattermost Improper Preservation of Permissions vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.18.0.

7.5
2020-06-19 CVE-2019-20845 Mattermost Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.18.0.

7.5
2020-06-19 CVE-2019-20843 Mattermost Improper Preservation of Permissions vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7.

7.5
2020-06-18 CVE-2020-12887 ARM Memory Leak vulnerability in ARM Mbed-Coap 5.1.5

Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5.

7.5
2020-06-18 CVE-2020-12885 ARM Infinite Loop vulnerability in ARM Mbed OS 5.15.3

An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3.

7.5
2020-06-18 CVE-2017-9108 GNU
Opensuse
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An issue was discovered in adns before 1.5.2.

7.5
2020-06-18 CVE-2017-9107 GNU
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An issue was discovered in adns before 1.5.2.

7.5
2020-06-18 CVE-2017-9106 GNU
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An issue was discovered in adns before 1.5.2.

7.5
2020-06-18 CVE-2020-3263 Cisco Improper Input Validation vulnerability in Cisco Webex Meetings 33.6.6/39.5.11

A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system.

7.5
2020-06-17 CVE-2020-14040 Golang
Fedoraproject
Infinite Loop vulnerability in multiple products

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory.

7.5
2020-06-17 CVE-2020-13637 Heinekingmedia Cleartext Storage of Sensitive Information vulnerability in Heinekingmedia Stashcat

An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms.

7.5
2020-06-17 CVE-2019-9944 Openmicroscopy Unspecified vulnerability in Openmicroscopy Omero.Server 5.0.0/5.6.0

In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions.

7.5
2020-06-17 CVE-2019-9943 Openmicroscopy Incorrect Default Permissions vulnerability in Openmicroscopy Omero.Server 5.6.0

In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled.

7.5
2020-06-17 CVE-2020-14400 Libvncserver Project
Debian
Opensuse
Canonical
An issue was discovered in LibVNCServer before 0.9.13.
7.5
2020-06-17 CVE-2020-14399 Libvncserver Project
Debian
Opensuse
Canonical
An issue was discovered in LibVNCServer before 0.9.13.
7.5
2020-06-17 CVE-2020-14398 Libvnc Project
Canonical
Debian
Siemens
Opensuse
Infinite Loop vulnerability in multiple products

An issue was discovered in LibVNCServer before 0.9.13.

7.5
2020-06-17 CVE-2020-14397 Libvnc Project
Canonical
Debian
Siemens
Opensuse
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in LibVNCServer before 0.9.13.

7.5
2020-06-17 CVE-2020-14396 Libvnc Project
Canonical
Debian
Siemens
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in LibVNCServer before 0.9.13.

7.5
2020-06-17 CVE-2019-20840 Libvnc Project
Canonical
Debian
Siemens
Opensuse
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in LibVNCServer before 0.9.13.

7.5
2020-06-17 CVE-2019-20839 Libvnc Project
Canonical
Debian
Siemens
Opensuse
Classic Buffer Overflow vulnerability in multiple products

libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.

7.5
2020-06-17 CVE-2018-21247 Libvnc Project
Canonical
Debian
Siemens
Opensuse
Missing Initialization of Resource vulnerability in multiple products

An issue was discovered in LibVNCServer before 0.9.13.

7.5
2020-06-16 CVE-2020-9289 Fortinet Use of Hard-coded Credentials vulnerability in Fortinet Fortimanager

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.

7.5
2020-06-16 CVE-2019-17655 Fortinet Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortios

A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.

7.5
2020-06-16 CVE-2020-7513 Schneider Electric Cleartext Storage of Sensitive Information vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2

A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data.

7.5
2020-06-16 CVE-2020-7511 Schneider Electric Use of a Broken or Risky Cryptographic Algorithm vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force.

7.5
2020-06-16 CVE-2020-7510 Schneider Electric Information Exposure vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2

A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys.

7.5
2020-06-16 CVE-2020-7507 Schneider Electric Resource Exhaustion vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2

A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service.

7.5
2020-06-16 CVE-2020-7506 Schneider Electric Unspecified vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2

A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure.

7.5
2020-06-16 CVE-2020-7502 Schneider Electric Out-of-bounds Write vulnerability in Schneider-Electric Modicon M218 Firmware 4.3

A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (Firmware version 4.3 and prior), which may cause a Denial of Service when specific TCP/IP crafted packets are sent to the Modicon M218 Logic Controller.

7.5
2020-06-16 CVE-2020-8543 Open Xchange Improper Input Validation vulnerability in Open-Xchange Appsuite

OX App Suite through 7.10.3 has Improper Input Validation.

7.5
2020-06-16 CVE-2020-4310 IBM Unspecified vulnerability in IBM MQ and Websphere MQ

IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic.

7.5
2020-06-15 CVE-2020-14163 Jerryscript Out-of-bounds Read vulnerability in Jerryscript 2.2.0

An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0.

7.5
2020-06-15 CVE-2020-12005 Rockwellautomation Unrestricted Upload of File with Dangerous Type vulnerability in Rockwellautomation Factorytalk Linx and Rslinx Classic

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable.

7.5
2020-06-15 CVE-2020-12003 Rockwellautomation Path Traversal vulnerability in Rockwellautomation Factorytalk Linx and Rslinx Classic

FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable.

7.5
2020-06-15 CVE-2020-13650 Digdash Server-Side Request Forgery (SSRF) vulnerability in Digdash 2018R2/2019R1/2019R2

An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210.

7.5
2020-06-15 CVE-2020-14149 Troglobit NULL Pointer Dereference vulnerability in Troglobit Uftpd

In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /..

7.5
2020-06-15 CVE-2020-14148 Barton
Debian
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.

7.5
2020-06-15 CVE-2019-20838 Pcre
Apple
Splunk
Out-of-bounds Read vulnerability in multiple products

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

7.5
2020-06-15 CVE-2020-4494 IBM Improper Authentication vulnerability in IBM products

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources.

7.5
2020-06-15 CVE-2020-0597 Intel Out-of-bounds Read vulnerability in Intel products

Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.

7.5
2020-06-15 CVE-2020-0596 Intel Improper Input Validation vulnerability in Intel products

Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.

7.5
2020-06-15 CVE-2020-0540 Intel Insufficiently Protected Credentials vulnerability in Intel Active Management Technology Firmware

Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.

7.5
2020-06-15 CVE-2020-0538 Intel Improper Input Validation vulnerability in Intel Active Management Technology Firmware

Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access.

7.5
2020-06-15 CVE-2020-0536 Intel Improper Input Validation vulnerability in Intel products

Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access.

7.5
2020-06-15 CVE-2020-0534 Intel Improper Input Validation vulnerability in Intel Converged Security Management Engine Firmware

Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access.

7.5
2020-06-19 CVE-2019-20881 Mattermost Improper Restriction of Excessive Authentication Attempts vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.8.0.

7.3
2020-06-19 CVE-2020-14456 Mattermost Origin Validation Error vulnerability in Mattermost Desktop

An issue was discovered in Mattermost Desktop App before 4.4.0.

7.3
2020-06-18 CVE-2020-4059 Mversion Project Unspecified vulnerability in Mversion Project Mversion

In mversion before 2.0.0, there is a command injection vulnerability.

7.3
2020-06-17 CVE-2020-11904 Treck Integer Overflow or Wraparound vulnerability in Treck Tcp/Ip

The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write.

7.3
2020-06-17 CVE-2020-11902 Treck Out-of-bounds Read vulnerability in Treck Tcp/Ip

The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read.

7.3
2020-06-16 CVE-2020-4054 Sanitize Project Unspecified vulnerability in Sanitize Project Sanitize

In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability.

7.3
2020-06-19 CVE-2019-20842 Mattermost SQL Injection vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7.

7.2
2020-06-18 CVE-2020-14421 Aapanel Argument Injection or Modification vulnerability in Aapanel

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.

7.2
2020-06-18 CVE-2020-3336 Cisco OS Command Injection vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint

A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service (DoS) or gain privileged access to the root filesystem.

7.2
2020-06-18 CVE-2020-3296 Cisco Out-of-bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device.

7.2
2020-06-18 CVE-2020-3295 Cisco Out-of-bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device.

7.2
2020-06-18 CVE-2020-3294 Cisco Out-of-bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device.

7.2
2020-06-18 CVE-2020-3293 Cisco Out-of-bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device.

7.2
2020-06-18 CVE-2020-3292 Cisco Out-of-bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device.

7.2
2020-06-18 CVE-2020-3291 Cisco Out-of-bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device.

7.2
2020-06-18 CVE-2020-3290 Cisco Out-of-bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device.

7.2
2020-06-18 CVE-2020-3289 Cisco Out-of-bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device.

7.2
2020-06-18 CVE-2020-3288 Cisco Out-of-bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device.

7.2
2020-06-18 CVE-2020-3287 Cisco Out-of-bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device.

7.2
2020-06-18 CVE-2020-3286 Cisco Out-of-bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device.

7.2
2020-06-18 CVE-2020-3279 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device.

7.2
2020-06-18 CVE-2020-3278 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device.

7.2
2020-06-18 CVE-2020-3277 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device.

7.2
2020-06-18 CVE-2020-3276 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device.

7.2
2020-06-18 CVE-2020-3275 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device.

7.2
2020-06-18 CVE-2020-3274 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device.

7.2
2020-06-18 CVE-2020-3269 Cisco Out-of-bounds Write vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands.

7.2
2020-06-18 CVE-2020-3268 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands.

7.2
2020-06-17 CVE-2020-14295 Cacti
Fedoraproject
SQL Injection vulnerability in multiple products

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter.

7.2
2020-06-17 CVE-2020-12827 Mjml Path Traversal vulnerability in Mjml

MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document.

7.2
2020-06-16 CVE-2020-7509 Schneider Electric Improper Privilege Management vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2

A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files.

7.2
2020-06-16 CVE-2020-7505 Schneider Electric Download of Code Without Integrity Check vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2

A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system.

7.2
2020-06-15 CVE-2020-14153 IJG Out-of-bounds Read vulnerability in IJG Libjpeg

In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers.

7.1
2020-06-15 CVE-2020-14152 IJG
Debian
Resource Exhaustion vulnerability in multiple products

In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.

7.1
2020-06-15 CVE-2020-0532 Intel Improper Input Validation vulnerability in Intel Active Management Technology Firmware

Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.

7.1
2020-06-16 CVE-2020-13162 Pulsesecure Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Pulsesecure products

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.

7.0

211 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-06-18 CVE-2020-14434 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

6.8
2020-06-18 CVE-2020-14433 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

6.8
2020-06-16 CVE-2020-4053 Helm Unspecified vulnerability in Helm

In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP.

6.8
2020-06-15 CVE-2020-9076 Huawei Improper Authentication vulnerability in Huawei P30 Firmware, P30 PRO Firmware and Tony-Al00B Firmware

HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability.

6.8
2020-06-15 CVE-2020-1813 Huawei Missing Authentication for Critical Function vulnerability in Huawei P30 Firmware

HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability.

6.8
2020-06-15 CVE-2020-8675 Intel Unspecified vulnerability in Intel Innovation Engine Firmware

Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

6.8
2020-06-15 CVE-2020-0566 Intel Unspecified vulnerability in Intel Trusted Execution Engine Firmware

Improper Access Control in subsystem for Intel(R) TXE versions before 3.175 and 4.0.25 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

6.8
2020-06-18 CVE-2020-3236 Cisco Path Traversal vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files.

6.7
2020-06-15 CVE-2020-0541 Intel Out-of-bounds Write vulnerability in Intel Converged Security Management Engine Firmware

Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2020-06-15 CVE-2020-0533 Intel Inadequate Encryption Strength vulnerability in Intel Converged Security Management Engine Firmware

Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.

6.7
2020-06-21 CVE-2020-14958 Gogs Improper Preservation of Permissions vulnerability in Gogs 0.11.91

In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check.

6.5
2020-06-19 CVE-2016-11078 Mattermost Information Exposure vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.0.0.

6.5
2020-06-19 CVE-2016-11072 Mattermost Improper Authentication vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.0.2.

6.5
2020-06-19 CVE-2017-18874 Mattermost Path Traversal vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used.

6.5
2020-06-19 CVE-2020-8167 Rubyonrails
Debian
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

6.5
2020-06-19 CVE-2020-13277 Gitlab Incorrect Authorization vulnerability in Gitlab

An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5

6.5
2020-06-19 CVE-2020-13961 Strapi Improper Input Validation vulnerability in Strapi

Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation.

6.5
2020-06-19 CVE-2018-21250 Mattermost Resource Exhaustion vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4.

6.5
2020-06-19 CVE-2020-14470 Octopus Information Exposure Through Log Files vulnerability in Octopus Deploy

In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password.

6.5
2020-06-19 CVE-2019-20873 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8.

6.5
2020-06-19 CVE-2020-14460 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8.

6.5
2020-06-19 CVE-2020-14455 Mattermost Improper Authentication vulnerability in Mattermost Desktop

An issue was discovered in Mattermost Desktop App before 4.4.0.

6.5
2020-06-19 CVE-2019-20844 Mattermost Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7.

6.5
2020-06-18 CVE-2020-1835 Huawei Unspecified vulnerability in Huawei Mate 30 Firmware

HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability.

6.5
2020-06-18 CVE-2020-10782 Redhat Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Ansible Tower 3.7.0

An exposure of sensitive information flaw was found in Ansible version 3.7.0.

6.5
2020-06-18 CVE-2020-3241 Cisco Path Traversal vulnerability in Cisco UCS Director

A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device.

6.5
2020-06-17 CVE-2020-14405 Libvnc Project
Canonical
Debian
Siemens
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

An issue was discovered in LibVNCServer before 0.9.13.

6.5
2020-06-17 CVE-2020-14401 Libvncserver Project
Debian
Opensuse
Siemens
Integer Overflow or Wraparound vulnerability in multiple products

An issue was discovered in LibVNCServer before 0.9.13.

6.5
2020-06-17 CVE-2020-11905 Treck Out-of-bounds Read vulnerability in Treck Tcp/Ip

The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read.

6.5
2020-06-17 CVE-2020-11903 Treck Out-of-bounds Read vulnerability in Treck Tcp/Ip 4.7.1.27/5.0.1.35

The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read.

6.5
2020-06-16 CVE-2020-14214 Zammad Incorrect Authorization vulnerability in Zammad

Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions.

6.5
2020-06-16 CVE-2020-7499 Schneider Electric Incorrect Authorization vulnerability in Schneider-Electric products

A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes.

6.5
2020-06-16 CVE-2020-7492 Schneider Electric Weak Password Requirements vulnerability in Schneider-Electric Gp-Pro EX Firmware 1.00/4.08.200/4.09.120

A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded.

6.5
2020-06-16 CVE-2020-14199 Satoshilabs Improper Verification of Cryptographic Signature vulnerability in Satoshilabs Trezor Model T Firmware and Trezor ONE Firmware

BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee.

6.5
2020-06-16 CVE-2020-8544 Open Xchange Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite

OX App Suite through 7.10.3 allows SSRF.

6.5
2020-06-16 CVE-2020-8541 Open Xchange XXE vulnerability in Open-Xchange Appsuite 7.10.1/7.10.2/7.10.3

OX App Suite through 7.10.3 allows XXE attacks.

6.5
2020-06-16 CVE-2020-4320 IBM Improper Certificate Validation vulnerability in IBM MQ

IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting.

6.5
2020-06-15 CVE-2020-9075 Huawei Improper Input Validation vulnerability in Huawei products

Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification.

6.5
2020-06-15 CVE-2020-1825 Huawei Improper Input Validation vulnerability in Huawei Fusionaccess 6.5.1

FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability.

6.5
2020-06-15 CVE-2018-16848 Redhat Resource Exhaustion vulnerability in Redhat Openstack-Mistral

A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3.

6.5
2020-06-15 CVE-2020-4477 IBM Information Exposure Through Log Files vulnerability in IBM Spectrum Protect Plus

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system.

6.5
2020-06-15 CVE-2020-4471 IBM Missing Authentication for Critical Function vulnerability in IBM Spectrum Protect Plus

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server.

6.5
2020-06-15 CVE-2020-0531 Intel Improper Input Validation vulnerability in Intel Active Management Technology Firmware

Improper input validation in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to potentially enable information disclosure via network access.

6.5
2020-06-18 CVE-2020-3350 Cisco
Fedoraproject
Debian
Canonical
Race Condition vulnerability in multiple products

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system.

6.3
2020-06-17 CVE-2020-11907 Treck Unspecified vulnerability in Treck Tcp/Ip

The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP.

6.3
2020-06-17 CVE-2020-11906 Treck Integer Underflow (Wrap or Wraparound) vulnerability in Treck Tcp/Ip

The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow.

6.3
2020-06-19 CVE-2020-13262 Gitlab Injection vulnerability in Gitlab

Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link

6.1
2020-06-19 CVE-2017-18921 Mattermost Cross-site Scripting vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2.

6.1
2020-06-19 CVE-2017-18913 Mattermost Cross-site Scripting vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.

6.1
2020-06-19 CVE-2017-18907 Mattermost Cross-site Scripting vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2.

6.1
2020-06-19 CVE-2016-11084 Mattermost Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 2.1.0.

6.1
2020-06-19 CVE-2016-11083 Mattermost Cross-site Scripting vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 2.2.0.

6.1
2020-06-19 CVE-2016-11082 Mattermost Cross-site Scripting vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 2.2.0.

6.1
2020-06-19 CVE-2016-11079 Mattermost Cross-site Scripting vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.0.0.

6.1
2020-06-19 CVE-2016-11073 Mattermost Cross-site Scripting vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.0.0.

6.1
2020-06-19 CVE-2016-11071 Mattermost Cross-site Scripting vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.1.0.

6.1
2020-06-19 CVE-2016-11063 Mattermost Cross-site Scripting vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.5.1.

6.1
2020-06-19 CVE-2017-18904 Mattermost Cross-site Scripting vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2.

6.1
2020-06-19 CVE-2017-18897 Mattermost Open Redirect vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider.

6.1
2020-06-19 CVE-2017-18893 Mattermost Cross-site Scripting vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5.

6.1
2020-06-19 CVE-2017-18892 Mattermost Improper Encoding or Escaping of Output vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5.

6.1
2020-06-19 CVE-2017-18891 Mattermost Open Redirect vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5.

6.1
2020-06-19 CVE-2017-18882 Mattermost Cross-site Scripting vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

6.1
2020-06-19 CVE-2017-18881 Mattermost Cross-site Scripting vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

6.1
2020-06-19 CVE-2017-18880 Mattermost Cross-site Scripting vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

6.1
2020-06-19 CVE-2017-18879 Mattermost Cross-site Scripting vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

6.1
2020-06-19 CVE-2020-14475 Dolibarr Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.3

A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey).

6.1
2020-06-19 CVE-2017-18877 Mattermost Cross-site Scripting vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

6.1
2020-06-19 CVE-2020-14454 Mattermost Open Redirect vulnerability in Mattermost Desktop

An issue was discovered in Mattermost Desktop App before 4.4.0.

6.1
2020-06-18 CVE-2020-14446 Wso2 Open Redirect vulnerability in Wso2 Identity Server and Identity Server AS KEY Manager

An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0.

6.1
2020-06-18 CVE-2020-3356 Cisco Cross-site Scripting vulnerability in Cisco Data Center Network Manager

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

6.1
2020-06-18 CVE-2020-3337 Cisco Open Redirect vulnerability in Cisco Umbrella

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page.

6.1
2020-06-17 CVE-2020-14408 Agentejo Cross-site Scripting vulnerability in Agentejo Cockpit 0.10.2

An issue was discovered in Agentejo Cockpit 0.10.2.

6.1
2020-06-16 CVE-2020-4052 Requarks Unspecified vulnerability in Requarks Wiki.Js

In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection.

6.1
2020-06-16 CVE-2020-14210 Monitorapp Cross-site Scripting vulnerability in Monitorapp products

Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information.

6.1
2020-06-16 CVE-2020-10268 Kuka Unspecified vulnerability in Kuka KR C4 Firmware

Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt.

6.1
2020-06-16 CVE-2020-9522 Microfocus Cross-site Scripting vulnerability in Microfocus Arcsight Enterprise Security Manager Express 7.0.0/7.2/7.2.1

Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 .

6.1
2020-06-15 CVE-2020-13652 Digdash Cross-site Scripting vulnerability in Digdash 2018R2/2019R1/2019R2

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200528, 2019R2 before p20200430, and 2020R1 before p20200507.

6.1
2020-06-15 CVE-2020-9426 Open Xchange Cross-site Scripting vulnerability in Open-Xchange OX Guard 2.10.3

OX Guard 2.10.3 and earlier allows XSS.

6.1
2020-06-15 CVE-2019-19112 Gvectors Cross-site Scripting vulnerability in Gvectors Wpforo 1.6.5

The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php.

6.1
2020-06-15 CVE-2019-19111 Gvectors Cross-site Scripting vulnerability in Gvectors Wpforo 1.6.5

The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter.

6.1
2020-06-21 CVE-2020-14954 Mutt
Debian
Neomutt
Fedoraproject
Canonical
Opensuse
Injection vulnerability in multiple products

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3.

5.9
2020-06-18 CVE-2020-14422 Opensuse
Python
Fedoraproject
Oracle
Use of Insufficiently Random Values vulnerability in multiple products

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created.

5.9
2020-06-15 CVE-2020-14093 Mutt
Canonical
Debian
Opensuse
Cleartext Transmission of Sensitive Information vulnerability in multiple products

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.

5.9
2020-06-18 CVE-2020-3368 Cisco Improper Input Validation vulnerability in Cisco Asyncos

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device.

5.8
2020-06-17 CVE-2020-7932 Openmicroscopy Information Exposure vulnerability in Openmicroscopy Omero.Web

OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters.

5.7
2020-06-19 CVE-2020-10750 Linuxfoundation Information Exposure Through Log Files vulnerability in Linuxfoundation Jaeger

Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used.

5.5
2020-06-19 CVE-2019-20872 Mattermost Server-Side Request Forgery (SSRF) vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8.

5.5
2020-06-19 CVE-2019-20860 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4.

5.5
2020-06-18 CVE-2020-3347 Cisco Information Exposure vulnerability in Cisco Webex Meetings 39.5.25/39.5.26/40.6.0

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system.

5.5
2020-06-16 CVE-2020-7495 Schneider Electric Path Traversal vulnerability in Schneider-Electric Ecostruxure Operator Terminal Expert 3.0/3.1

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file.

5.5
2020-06-15 CVE-2020-14150 GNU Unspecified vulnerability in GNU Bison

GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash).

5.5
2020-06-15 CVE-2020-13999 Libemf Project
Fedoraproject
Integer Overflow or Wraparound vulnerability in multiple products

ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file.

5.5
2020-06-15 CVE-2020-0543 Intel
Opensuse
Canonical
Fedoraproject
Siemens
Mcafee
Incomplete Cleanup vulnerability in multiple products

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2020-06-15 CVE-2020-0539 Intel Path Traversal vulnerability in Intel products

Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access.

5.5
2020-06-19 CVE-2016-11070 Mattermost Cross-site Scripting vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.1.0.

5.4
2020-06-19 CVE-2020-14926 Cmsmadesimple Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14

CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page.

5.4
2020-06-19 CVE-2019-20876 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8.

5.4
2020-06-19 CVE-2020-4297 IBM Cross-site Scripting vulnerability in IBM Doors Next and Rational Doors Next Generation

IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting.

5.4
2020-06-19 CVE-2020-4295 IBM Cross-site Scripting vulnerability in IBM Doors Next and Rational Doors Next Generation

IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting.

5.4
2020-06-19 CVE-2020-4281 IBM Cross-site Scripting vulnerability in IBM Doors Next and Rational Doors Next Generation

IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting.

5.4
2020-06-19 CVE-2020-14462 Mitre Cross-site Scripting vulnerability in Mitre Caldera 2.7.0

CALDERA 2.7.0 allows XSS via the Operation Name box.

5.4
2020-06-18 CVE-2020-14445 Wso2 Cross-site Scripting vulnerability in Wso2 Identity Server and Identity Server AS KEY Manager

An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0.

5.4
2020-06-18 CVE-2020-14444 Wso2 Cross-site Scripting vulnerability in Wso2 Identity Server and Identity Server AS KEY Manager

An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0.

5.4
2020-06-17 CVE-2020-14404 Libvnc Project
Canonical
Debian
Siemens
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in LibVNCServer before 0.9.13.

5.4
2020-06-17 CVE-2020-14403 Libvnc Project
Canonical
Debian
Siemens
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in LibVNCServer before 0.9.13.

5.4
2020-06-17 CVE-2020-14402 Libvnc Project
Canonical
Debian
Siemens
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in LibVNCServer before 0.9.13.

5.4
2020-06-17 CVE-2020-11899 Treck
Dell
Out-of-bounds Read vulnerability in multiple products

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

5.4
2020-06-16 CVE-2020-14213 Zammad Missing Authorization vulnerability in Zammad

In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).

5.4
2020-06-16 CVE-2020-8542 Open Xchange Cross-site Scripting vulnerability in Open-Xchange Appsuite 7.10.1/7.10.2/7.10.3

OX App Suite through 7.10.3 allows XSS.

5.4
2020-06-16 CVE-2020-11838 Microfocus Cross-site Scripting vulnerability in Microfocus Arcsight Management Center

Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4.

5.4
2020-06-15 CVE-2020-4051 Openjsf
Debian
Netapp
In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin.
5.4
2020-06-15 CVE-2020-4406 IBM Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM products

IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim.

5.4
2020-06-15 CVE-2020-14146 Kumbiaphp Cross-site Scripting vulnerability in Kumbiaphp 1.1.1

KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATH_INFO.

5.4
2020-06-19 CVE-2020-13264 Gitlab Information Exposure vulnerability in Gitlab

Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token

5.3
2020-06-19 CVE-2020-13265 Gitlab Insufficient Verification of Data Authenticity vulnerability in Gitlab

User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification

5.3
2020-06-19 CVE-2017-18919 Mattermost Improper Authentication vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3.

5.3
2020-06-19 CVE-2017-18916 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.

5.3
2020-06-19 CVE-2017-18914 Mattermost Improper Check for Unusual or Exceptional Conditions vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.

5.3
2020-06-19 CVE-2017-18905 Mattermost Insufficient Session Expiration vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.

5.3
2020-06-19 CVE-2016-11076 Mattermost Improper Certificate Validation vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.0.0.

5.3
2020-06-19 CVE-2016-11075 Mattermost Information Exposure vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.0.0.

5.3
2020-06-19 CVE-2016-11068 Mattermost Injection vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.2.0.

5.3
2020-06-19 CVE-2016-11067 Mattermost Improper Input Validation vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.2.0.

5.3
2020-06-19 CVE-2016-11062 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.5.1.

5.3
2020-06-19 CVE-2020-9495 Apache Injection vulnerability in Apache Archiva

Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection.

5.3
2020-06-19 CVE-2017-18902 Mattermost Information Exposure vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3.

5.3
2020-06-19 CVE-2017-18901 Mattermost Information Exposure vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3.

5.3
2020-06-19 CVE-2017-18899 Mattermost Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5.

5.3
2020-06-19 CVE-2017-18898 Mattermost Improper Resource Shutdown or Release vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5.

5.3
2020-06-19 CVE-2017-18896 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5.

5.3
2020-06-19 CVE-2017-18895 Mattermost Information Exposure vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5.

5.3
2020-06-19 CVE-2017-18887 Mattermost Information Exposure vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

5.3
2020-06-19 CVE-2017-18873 Mattermost Improper Input Validation vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

5.3
2020-06-19 CVE-2019-20889 Mattermost Incorrect Default Permissions vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5.

5.3
2020-06-19 CVE-2019-20884 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.8.0.

5.3
2020-06-19 CVE-2019-20882 Mattermost Incorrect Default Permissions vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.8.0.

5.3
2020-06-19 CVE-2019-20877 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8.

5.3
2020-06-19 CVE-2019-20875 Mattermost Improper Authentication vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8.

5.3
2020-06-19 CVE-2018-21265 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Desktop 3.4.0

An issue was discovered in Mattermost Desktop App before 4.0.0.

5.3
2020-06-19 CVE-2018-21259 Mattermost Improper Input Validation vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and 4.8.2.

5.3
2020-06-19 CVE-2018-21257 Mattermost Missing Authorization vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.1.

5.3
2020-06-19 CVE-2019-20869 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9.

5.3
2020-06-19 CVE-2019-20867 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.11.0.

5.3
2020-06-19 CVE-2019-20866 Mattermost HTTP Request Smuggling vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.12.0.

5.3
2020-06-19 CVE-2020-14457 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.20.0.

5.3
2020-06-19 CVE-2020-14452 Mattermost Path Traversal vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.21.0.

5.3
2020-06-19 CVE-2019-20850 Mattermost Incomplete Cleanup vulnerability in Mattermost Mobile

An issue was discovered in Mattermost Mobile Apps before 1.26.0.

5.3
2020-06-19 CVE-2019-20849 Mattermost Incomplete Cleanup vulnerability in Mattermost Mobile

An issue was discovered in Mattermost Mobile Apps before 1.26.0.

5.3
2020-06-19 CVE-2019-20847 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.18.0.

5.3
2020-06-18 CVE-2020-14423 Convos Use of Insufficiently Random Values vulnerability in Convos

Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm.

5.3
2020-06-18 CVE-2020-3364 Cisco Incorrect Authorization vulnerability in Cisco IOS XR

A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit Ethernet Management interface.

5.3
2020-06-18 CVE-2020-3360 Cisco Incorrect Authorization vulnerability in Cisco products

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device.

5.3
2020-06-18 CVE-2020-3245 Cisco Missing Authorization vulnerability in Cisco Smart Software Manager On-Prem

A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts.

5.3
2020-06-18 CVE-2020-3244 Cisco Improper Input Validation vulnerability in Cisco Staros

A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device.

5.3
2020-06-17 CVE-2020-4532 IBM Information Exposure Through an Error Message vulnerability in IBM products

IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

5.3
2020-06-17 CVE-2019-16245 Openmicroscopy Unspecified vulnerability in Openmicroscopy Omero

OMERO before 5.6.1 makes the details of each user available to all users.

5.3
2020-06-17 CVE-2020-11913 Treck Out-of-bounds Read vulnerability in Treck Tcp/Ip

The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.

5.3
2020-06-17 CVE-2020-11912 Treck Out-of-bounds Read vulnerability in Treck Tcp/Ip

The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read.

5.3
2020-06-17 CVE-2020-11911 Treck Incorrect Permission Assignment for Critical Resource vulnerability in Treck Tcp/Ip

The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control.

5.3
2020-06-17 CVE-2020-11910 Treck Out-of-bounds Read vulnerability in Treck Tcp/Ip

The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read.

5.3
2020-06-17 CVE-2020-11909 Treck Integer Underflow (Wrap or Wraparound) vulnerability in Treck Tcp/Ip

The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.

5.3
2020-06-16 CVE-2020-7504 Schneider Electric Improper Input Validation vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2

A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent.

5.3
2020-06-15 CVE-2020-14155 Pcre
Apple
Gitlab
Oracle
Netapp
Splunk
Integer Overflow or Wraparound vulnerability in multiple products

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

5.3
2020-06-15 CVE-2020-8674 Intel Out-of-bounds Read vulnerability in Intel products

Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.

5.3
2020-06-15 CVE-2020-0535 Intel Improper Input Validation vulnerability in Intel Active Management Technology Firmware

Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.

5.3
2020-06-15 CVE-2020-9427 Open Xchange Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange OX Guard 2.10.3

OX Guard 2.10.3 and earlier allows SSRF.

5.0
2020-06-19 CVE-2017-18918 Mattermost Improper Certificate Validation vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5.

4.9
2020-06-19 CVE-2017-18876 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used.

4.9
2020-06-19 CVE-2017-18875 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used.

4.9
2020-06-18 CVE-2020-3242 Cisco Information Exposure vulnerability in Cisco UCS Director

A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device.

4.9
2020-06-17 CVE-2020-8619 ISC
Fedoraproject
Opensuse
Debian
Canonical
Netapp
Improper Resource Shutdown or Release vulnerability in multiple products

In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered.

4.9
2020-06-17 CVE-2020-8618 ISC
Opensuse
Netapp
Canonical
Reachable Assertion vulnerability in multiple products

An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.

4.9
2020-06-15 CVE-2020-0537 Intel Improper Input Validation vulnerability in Intel Active Management Technology Firmware

Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access.

4.9
2020-06-19 CVE-2020-14927 Naviwebs Cross-site Scripting vulnerability in Naviwebs Navigate CMS 2.9

Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen.

4.8
2020-06-18 CVE-2020-3355 Cisco Cross-site Scripting vulnerability in Cisco Data Center Network Manager

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface.

4.8
2020-06-18 CVE-2020-3354 Cisco Cross-site Scripting vulnerability in Cisco Data Center Network Manager

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface.

4.8
2020-06-15 CVE-2020-14154 Mutt
Canonical
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.
4.8
2020-06-15 CVE-2019-19110 Gvectors Cross-site Scripting vulnerability in Gvectors Wpforo 1.6.5

The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter.

4.8
2020-06-18 CVE-2020-3362 Cisco Unspecified vulnerability in Cisco Network Services Orchestrator

A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device.

4.7
2020-06-18 CVE-2020-1834 Huawei Improper Validation of Integrity Check Value vulnerability in Huawei P30 Firmware and P30 PRO Firmware

HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C00E135R2P11) and versions earlier than 10.1.0.135(C00E135R2P8) have an insufficient integrity check vulnerability.

4.6
2020-06-15 CVE-2020-0545 Intel Integer Overflow or Wraparound vulnerability in Intel products

Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access.

4.4
2020-06-15 CVE-2020-0527 Intel Unspecified vulnerability in Intel products

Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access.

4.4
2020-06-19 CVE-2020-13276 Gitlab Missing Authorization vulnerability in Gitlab

User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1

4.3
2020-06-19 CVE-2016-11081 Mattermost Information Exposure vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 2.2.0.

4.3
2020-06-19 CVE-2016-11080 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.0.0.

4.3
2020-06-19 CVE-2016-11065 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.3.0.

4.3
2020-06-19 CVE-2017-18910 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7.

4.3
2020-06-19 CVE-2017-18890 Mattermost Improper Input Validation vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

4.3
2020-06-19 CVE-2017-18889 Mattermost Improper Input Validation vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

4.3
2020-06-19 CVE-2017-18878 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2.

4.3
2020-06-19 CVE-2018-21256 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.1.

4.3
2020-06-19 CVE-2018-21252 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3.

4.3
2020-06-19 CVE-2017-18872 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3.

4.3
2020-06-19 CVE-2019-20890 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.7.

4.3
2020-06-19 CVE-2019-20887 Mattermost Missing Authorization vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6.

4.3
2020-06-19 CVE-2019-20883 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only.

4.3
2020-06-19 CVE-2019-20879 Mattermost Improper Authentication vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7.

4.3
2020-06-19 CVE-2019-20878 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8.

4.3
2020-06-19 CVE-2018-21261 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3.

4.3
2020-06-19 CVE-2018-21255 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.1.

4.3
2020-06-19 CVE-2018-21254 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.1.

4.3
2020-06-19 CVE-2018-21253 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2.

4.3
2020-06-19 CVE-2017-18870 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4.

4.3
2020-06-19 CVE-2019-20870 Mattermost Improper Input Validation vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.10.0.

4.3
2020-06-17 CVE-2020-11914 Treck Out-of-bounds Read vulnerability in Treck Tcp/Ip

The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read.

4.3
2020-06-17 CVE-2020-11908 Treck Unspecified vulnerability in Treck Tcp/Ip

The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP.

4.3
2020-06-16 CVE-2020-11841 Microfocus Unspecified vulnerability in Microfocus Arcsight Management Center

Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4.

4.3
2020-06-16 CVE-2020-11840 Microfocus Unspecified vulnerability in Microfocus Arcsight Management Center

Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4.

4.3
2020-06-18 CVE-2020-13882 Cisofy
Fedoraproject
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products

CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition.

4.2
2020-06-18 CVE-2020-14416 Linux
Opensuse
Use After Free vulnerability in multiple products

In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824.

4.2

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-06-17 CVE-2020-6752 Openmicroscopy Incorrect Authorization vulnerability in Openmicroscopy Omero

In OMERO before 5.6.1, group owners can access members' data in other groups.

3.8
2020-06-19 CVE-2018-21249 Mattermost Unspecified vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 5.3.0.

3.7
2020-06-19 CVE-2020-3972 Vmware Unspecified vulnerability in VMWare Tools

VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation.

3.3
2020-06-18 CVE-2019-13033 Cisofy
Debian
Fedoraproject
Information Exposure vulnerability in multiple products

In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed.

3.3
2020-06-19 CVE-2020-13261 Gitlab Information Exposure vulnerability in Gitlab

Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code

2.7
2020-06-19 CVE-2016-11077 Mattermost Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 3.0.0.

2.7
2020-06-19 CVE-2018-21260 Mattermost Information Exposure vulnerability in Mattermost Server

An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3.

2.7
2020-06-15 CVE-2017-18869 Chownr Project Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Chownr Project Chownr

A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.

2.5