Weekly Vulnerabilities Reports > June 15 to 21, 2020
Overview
475 new vulnerabilities reported during this period, including 37 critical vulnerabilities and 73 high severity vulnerabilities. This weekly summary report vulnerabilities in 1069 products from 112 vendors including Mattermost, Cisco, Debian, Intel, and Schneider Electric. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "Improper Input Validation", "Out-of-bounds Write", and "Incorrect Permission Assignment for Critical Resource".
- 287 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 129 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 239 reported vulnerabilities are exploitable by an anonymous user.
- Mattermost has the most reported vulnerabilities, with 158 reported vulnerabilities.
- Cisco has the most reported critical vulnerabilities, with 22 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
37 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-06-17 | CVE-2020-11897 | Treck | Out-of-bounds Write vulnerability in Treck Tcp/Ip 4.7.1.27 The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets. | 10.0 |
2020-06-15 | CVE-2020-4469 | IBM | OS Command Injection vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. | 10.0 |
2020-06-19 | CVE-2020-7679 | Casperjs | Unspecified vulnerability in Casperjs In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution. | 9.8 |
2020-06-18 | CVE-2020-13640 | Gvectors | SQL Injection vulnerability in Gvectors Wpdiscuz A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. | 9.8 |
2020-06-18 | CVE-2017-9104 | GNU Opensuse Fedoraproject | Resource Exhaustion vulnerability in multiple products An issue was discovered in adns before 1.5.2. | 9.8 |
2020-06-18 | CVE-2017-9103 | GNU Opensuse Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in adns before 1.5.2. | 9.8 |
2020-06-18 | CVE-2017-9109 | GNU Opensuse Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in adns before 1.5.2. | 9.8 |
2020-06-18 | CVE-2020-3361 | Cisco | Improper Authentication vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. | 9.8 |
2020-06-16 | CVE-2020-9296 | Netflix | Expression Language Injection vulnerability in Netflix Conductor Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. | 9.8 |
2020-06-15 | CVE-2020-11969 | Apache | Missing Authentication for Critical Function vulnerability in Apache Tomee If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. | 9.8 |
2020-06-18 | CVE-2020-3342 | Cisco | Improper Certificate Validation vulnerability in Cisco Webex Meetings A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. | 9.3 |
2020-06-17 | CVE-2020-11901 | Treck | Improper Input Validation vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response. | 9.3 |
2020-06-17 | CVE-2020-11896 | Treck | Improper Input Validation vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling. | 9.3 |
2020-06-18 | CVE-2020-3336 | Cisco | OS Command Injection vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service (DoS) or gain privileged access to the root filesystem. | 9.0 |
2020-06-18 | CVE-2020-3296 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 9.0 |
2020-06-18 | CVE-2020-3295 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 9.0 |
2020-06-18 | CVE-2020-3294 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 9.0 |
2020-06-18 | CVE-2020-3293 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 9.0 |
2020-06-18 | CVE-2020-3292 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 9.0 |
2020-06-18 | CVE-2020-3291 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 9.0 |
2020-06-18 | CVE-2020-3290 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 9.0 |
2020-06-18 | CVE-2020-3289 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 9.0 |
2020-06-18 | CVE-2020-3288 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 9.0 |
2020-06-18 | CVE-2020-3287 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 9.0 |
2020-06-18 | CVE-2020-3286 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. | 9.0 |
2020-06-18 | CVE-2020-3279 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. | 9.0 |
2020-06-18 | CVE-2020-3278 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. | 9.0 |
2020-06-18 | CVE-2020-3277 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. | 9.0 |
2020-06-18 | CVE-2020-3276 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. | 9.0 |
2020-06-18 | CVE-2020-3275 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. | 9.0 |
2020-06-18 | CVE-2020-3274 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. | 9.0 |
2020-06-18 | CVE-2020-3269 | Cisco | Out-of-bounds Write vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. | 9.0 |
2020-06-18 | CVE-2020-3268 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. | 9.0 |
2020-06-17 | CVE-2020-13224 | TP Link | Classic Buffer Overflow vulnerability in Tp-Link products TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow | 9.0 |
2020-06-16 | CVE-2020-7505 | Schneider Electric | Download of Code Without Integrity Check vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system. | 9.0 |
2020-06-15 | CVE-2020-14081 | Trendnet | OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 2.06B04 TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device. | 9.0 |
2020-06-15 | CVE-2020-14075 | Trendnet | OS Command Injection vulnerability in Trendnet Tew-827Dru Firmware 2.06B04 TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device. | 9.0 |
73 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-06-20 | CVE-2020-14933 | Squirrelmail | Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22 compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. | 8.8 |
2020-06-18 | CVE-2017-9105 | GNU Fedoraproject | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in adns before 1.5.2. | 8.8 |
2020-06-18 | CVE-2020-3241 | Cisco | Path Traversal vulnerability in Cisco UCS Director A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. | 8.5 |
2020-06-19 | CVE-2020-13273 | Gitlab | Resource Exhaustion vulnerability in Gitlab A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.1 | 7.8 |
2020-06-19 | CVE-2020-14019 | Rtslib FB Project | Incorrect Default Permissions vulnerability in Rtslib-Fb Project Rtslib-Fb Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. | 7.8 |
2020-06-18 | CVE-2020-12885 | ARM | Infinite Loop vulnerability in ARM Mbed OS 5.15.3 An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. | 7.8 |
2020-06-15 | CVE-2020-12005 | Rockwellautomation | Unrestricted Upload of File with Dangerous Type vulnerability in Rockwellautomation Factorytalk Linx and Rslinx Classic FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. | 7.8 |
2020-06-18 | CVE-2020-14434 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 7.7 |
2020-06-18 | CVE-2020-3263 | Cisco | Improper Input Validation vulnerability in Cisco Webex Meetings 33.6.6/39.5.11 A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. | 7.6 |
2020-06-21 | CVE-2020-14942 | Tendenci | Deserialization of Untrusted Data vulnerability in Tendenci 12.0.10 Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py. | 7.5 |
2020-06-20 | CVE-2020-14932 | Squirrelmail | Deserialization of Untrusted Data vulnerability in Squirrelmail 1.4.22 compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. | 7.5 |
2020-06-19 | CVE-2020-14931 | Dmitry Project | Out-of-bounds Write vulnerability in Dmitry Project Dmitry 1.3A A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_format_buff. | 7.5 |
2020-06-19 | CVE-2017-18920 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.6.2. | 7.5 |
2020-06-19 | CVE-2017-18915 | Mattermost | Incorrect Default Permissions vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 7.5 |
2020-06-19 | CVE-2017-18908 | Mattermost | Improper Authentication vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. | 7.5 |
2020-06-19 | CVE-2016-11074 | Mattermost | Improper Authentication vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.0. | 7.5 |
2020-06-19 | CVE-2016-11064 | Mattermost | Code Injection vulnerability in Mattermost Desktop An issue was discovered in Mattermost Desktop App before 3.4.0. | 7.5 |
2020-06-19 | CVE-2020-14929 | Alpine Project Fedoraproject Debian | Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. | 7.5 |
2020-06-19 | CVE-2017-18912 | Mattermost | Path Traversal vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 7.5 |
2020-06-19 | CVE-2017-18900 | Mattermost | Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. | 7.5 |
2020-06-19 | CVE-2017-18888 | Mattermost | SQL Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 7.5 |
2020-06-19 | CVE-2017-18885 | Mattermost | Improper Privilege Management vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 7.5 |
2020-06-19 | CVE-2020-8165 | Rubyonrails Debian Opensuse | Deserialization of Untrusted Data vulnerability in multiple products A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. | 7.5 |
2020-06-19 | CVE-2020-8184 | Rack Project Debian Canonical | Improper Input Validation vulnerability in multiple products A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. | 7.5 |
2020-06-19 | CVE-2019-20881 | Mattermost | Insufficiently Protected Credentials vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.8.0. | 7.5 |
2020-06-19 | CVE-2018-21251 | Mattermost | Missing Authorization vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.2 and 5.1.1. | 7.5 |
2020-06-19 | CVE-2019-20856 | Mattermost | Uncontrolled Search Path Element vulnerability in Mattermost Desktop 3.4.0/4.0.0/4.2.2 An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. | 7.5 |
2020-06-19 | CVE-2019-20853 | Mattermost | Exposure of Resource to Wrong Sphere vulnerability in Mattermost Packages An issue was discovered in Mattermost Packages before 5.16.3. | 7.5 |
2020-06-19 | CVE-2020-14456 | Mattermost | Origin Validation Error vulnerability in Mattermost Desktop An issue was discovered in Mattermost Desktop App before 4.4.0. | 7.5 |
2020-06-18 | CVE-2020-4059 | Mversion Project | Command Injection vulnerability in Mversion Project Mversion In mversion before 2.0.0, there is a command injection vulnerability. | 7.5 |
2020-06-18 | CVE-2020-11503 | Sophos | Out-of-bounds Write vulnerability in Sophos Sfos 17.0/17.1/17.5 A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely. | 7.5 |
2020-06-18 | CVE-2017-9108 | GNU Opensuse Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in adns before 1.5.2. | 7.5 |
2020-06-18 | CVE-2017-9107 | GNU Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in adns before 1.5.2. | 7.5 |
2020-06-18 | CVE-2017-9106 | GNU Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in adns before 1.5.2. | 7.5 |
2020-06-17 | CVE-2020-14040 | Golang Fedoraproject | Infinite Loop vulnerability in multiple products The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. | 7.5 |
2020-06-17 | CVE-2020-14400 | Libvncserver Project Debian Opensuse Canonical | An issue was discovered in LibVNCServer before 0.9.13. | 7.5 |
2020-06-17 | CVE-2020-14399 | Libvncserver Project Debian Opensuse Canonical | An issue was discovered in LibVNCServer before 0.9.13. | 7.5 |
2020-06-17 | CVE-2019-20840 | Libvnc Project Canonical Debian Siemens Opensuse | Out-of-bounds Write vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 7.5 |
2020-06-17 | CVE-2019-20839 | Libvnc Project Canonical Debian Siemens Opensuse | Classic Buffer Overflow vulnerability in multiple products libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. | 7.5 |
2020-06-17 | CVE-2018-21247 | Libvnc Project Canonical Debian Siemens Opensuse | Missing Initialization of Resource vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 7.5 |
2020-06-17 | CVE-2020-11904 | Treck | Integer Overflow or Wraparound vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write. | 7.5 |
2020-06-17 | CVE-2020-11902 | Treck | Out-of-bounds Read vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read. | 7.5 |
2020-06-16 | CVE-2020-9289 | Fortinet | Use of Hard-coded Credentials vulnerability in Fortinet Fortimanager Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key. | 7.5 |
2020-06-16 | CVE-2020-7512 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component. | 7.5 |
2020-06-16 | CVE-2020-7500 | Schneider Electric | SQL Injection vulnerability in Schneider-Electric products A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered. | 7.5 |
2020-06-16 | CVE-2020-7498 | Schneider Electric | Use of Hard-coded Credentials vulnerability in Schneider-Electric OS Loader and Unity Loader A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions). | 7.5 |
2020-06-16 | CVE-2020-7497 | Schneider Electric | Path Traversal vulnerability in Schneider-Electric Ecostruxure Operator Terminal Expert 3.0/3.1 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application execution when the computer starts. | 7.5 |
2020-06-16 | CVE-2020-0235 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size" variable, and then use that variable as the size parameter for "copy_from_user", ending up overwriting memory following "crus_sp_hdr". | 7.5 | |
2020-06-16 | CVE-2020-0232 | Use After Free vulnerability in Google Android Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds it to the session object then continues to work with it. | 7.5 | |
2020-06-16 | CVE-2020-0223 | Improper Privilege Management vulnerability in Google Android This is an unbounded write into kernel global memory, via a user-controlled buffer size.Product: AndroidVersions: Android kernelAndroid ID: A-135130450 | 7.5 | |
2020-06-15 | CVE-2020-12019 | Advantech | Out-of-bounds Write vulnerability in Advantech Webaccess WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | 7.5 |
2020-06-15 | CVE-2020-12001 | Rockwellautomation | Improper Input Validation vulnerability in Rockwellautomation Factorytalk Linx and Rslinx Classic FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. | 7.5 |
2020-06-15 | CVE-2020-14148 | Barton Debian Fedoraproject | Out-of-bounds Read vulnerability in multiple products The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. | 7.5 |
2020-06-15 | CVE-2020-14034 | Meetecho | Classic Buffer Overflow vulnerability in Meetecho Janus An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. | 7.5 |
2020-06-15 | CVE-2020-14033 | Meetecho | Classic Buffer Overflow vulnerability in Meetecho Janus An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. | 7.5 |
2020-06-15 | CVE-2019-20838 | Pcre Apple Splunk | Out-of-bounds Read vulnerability in multiple products libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454. | 7.5 |
2020-06-15 | CVE-2018-21246 | Caddyserver | Improper Authentication vulnerability in Caddyserver Caddy Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode. | 7.5 |
2020-06-15 | CVE-2020-14054 | Sokkia | SQL Injection vulnerability in Sokkia Gnr5 Vanguard Firmware 1.2 SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3) and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that uses the User Name or Password field on the login page. | 7.5 |
2020-06-15 | CVE-2020-14011 | Lansweeper | Insecure Default Initialization of Resource vulnerability in Lansweeper Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. | 7.5 |
2020-06-15 | CVE-2020-4216 | IBM | Use of Hard-coded Credentials vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
2020-06-15 | CVE-2020-0597 | Intel | Out-of-bounds Read vulnerability in Intel products Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 |
2020-06-15 | CVE-2020-0595 | Intel | Use After Free vulnerability in Intel products Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 7.5 |
2020-06-15 | CVE-2020-0594 | Intel | Out-of-bounds Read vulnerability in Intel products Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 7.5 |
2020-06-15 | CVE-2020-14080 | Trendnet | Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware 2.06B04 TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. | 7.5 |
2020-06-15 | CVE-2020-14067 | Naviwebs | Unrestricted Upload of File with Dangerous Type vulnerability in Naviwebs Navigatecms 2.9 The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php. | 7.5 |
2020-06-18 | CVE-2020-14421 | Aapanel | Argument Injection or Modification vulnerability in Aapanel aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen. | 7.2 |
2020-06-18 | CVE-2020-3236 | Cisco | Path Traversal vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. | 7.2 |
2020-06-17 | CVE-2020-14295 | Cacti Fedoraproject | SQL Injection vulnerability in multiple products A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. | 7.2 |
2020-06-16 | CVE-2020-13431 | Geti2P | Incorrect Default Permissions vulnerability in Geti2P I2P I2P before 0.9.46 allows local users to gain privileges via a Trojan horse I2PSvc.exe file because of weak permissions on a certain %PROGRAMFILES% subdirectory. | 7.2 |
2020-06-15 | CVE-2020-5358 | Dell | Incorrect Permission Assignment for Critical Resource vulnerability in Dell Encryption and Endpoint Security Suite Enterprise Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. | 7.2 |
2020-06-15 | CVE-2020-14153 | IJG | Out-of-bounds Read vulnerability in IJG Libjpeg In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers. | 7.1 |
2020-06-15 | CVE-2020-14152 | IJG Debian | Resource Exhaustion vulnerability in multiple products In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption. | 7.1 |
2020-06-16 | CVE-2020-13162 | Pulsesecure | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Pulsesecure products A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges. | 7.0 |
328 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-06-15 | CVE-2020-5755 | Webroot | Improper Privilege Management vulnerability in Webroot Endpoint Agents Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming. | 6.9 |
2020-06-19 | CVE-2019-20891 | Woocommerce | Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. | 6.8 |
2020-06-19 | CVE-2019-20865 | Mattermost | Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. | 6.8 |
2020-06-19 | CVE-2019-20861 | Mattermost | Unspecified vulnerability in Mattermost Desktop 3.4.0/4.0.0 An issue was discovered in Mattermost Desktop App before 4.2.2. | 6.8 |
2020-06-19 | CVE-2019-20841 | Mattermost | Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. | 6.8 |
2020-06-18 | CVE-2020-14432 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF. | 6.8 |
2020-06-16 | CVE-2020-4054 | Sanitize Project | Cross-site Scripting vulnerability in Sanitize Project Sanitize In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. | 6.8 |
2020-06-16 | CVE-2020-4053 | Helm | Path Traversal vulnerability in Helm In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. | 6.8 |
2020-06-16 | CVE-2020-14212 | Ffmpeg | Out-of-bounds Write vulnerability in Ffmpeg 4.3 FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted. | 6.8 |
2020-06-16 | CVE-2020-7503 | Schneider Electric | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted. | 6.8 |
2020-06-16 | CVE-2020-7496 | SE | Argument Injection or Modification vulnerability in SE Ecostruxure Operator Terminal Expert 3.1 A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause unauthorized write access when opening the project file. | 6.8 |
2020-06-16 | CVE-2020-7494 | Schneider Electric | Path Traversal vulnerability in Schneider-Electric Ecostruxure Operator Terminal Expert 3.0/3.1 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file. | 6.8 |
2020-06-16 | CVE-2020-7493 | Schneider Electric | SQL Injection vulnerability in Schneider-Electric Ecostruxure Operator Terminal Expert 3.0/3.1 A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file. | 6.8 |
2020-06-16 | CVE-2020-14195 | Fasterxml Netapp Debian Oracle | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). | 6.8 |
2020-06-15 | CVE-2020-5742 | Plex | Exposure of Resource to Wrong Sphere vulnerability in Plex Media Server 1.13.2.5154/1.18.2.2029 Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests. | 6.8 |
2020-06-15 | CVE-2020-13651 | Digdash | Injection vulnerability in Digdash 2018R2/2019R1/2019R2 An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. | 6.8 |
2020-06-15 | CVE-2019-19109 | Gvectors | Cross-Site Request Forgery (CSRF) vulnerability in Gvectors Wpforo 1.6.5 The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF. | 6.8 |
2020-06-21 | CVE-2020-14950 | Aapanel | Improper Input Validation vulnerability in Aapanel aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store. | 6.5 |
2020-06-19 | CVE-2020-13263 | Gitlab | Incorrect Authorization vulnerability in Gitlab An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. | 6.5 |
2020-06-19 | CVE-2020-13272 | Gitlab | Incorrect Authorization vulnerability in Gitlab OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow | 6.5 |
2020-06-19 | CVE-2017-18886 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 6.5 |
2020-06-19 | CVE-2018-21264 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. | 6.5 |
2020-06-19 | CVE-2018-21263 | Mattermost | Improper Authentication vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. | 6.5 |
2020-06-19 | CVE-2019-20842 | Mattermost | SQL Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. | 6.5 |
2020-06-18 | CVE-2020-14443 | Dolibarr | SQL Injection vulnerability in Dolibarr A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | 6.5 |
2020-06-18 | CVE-2020-10782 | Redhat | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Ansible Tower 3.7.0 An exposure of sensitive information flaw was found in Ansible version 3.7.0. | 6.5 |
2020-06-16 | CVE-2020-7509 | Schneider Electric | Improper Privilege Management vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files. | 6.5 |
2020-06-16 | CVE-2020-7501 | Schneider Electric | Use of Hard-coded Credentials vulnerability in Schneider-Electric Vijeo Designer A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer. | 6.5 |
2020-06-15 | CVE-2020-14159 | Connectwise | SQL Injection vulnerability in Connectwise Automate API By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL injection vulnerability in /LabTech/agent.aspx. | 6.5 |
2020-06-15 | CVE-2020-14156 | Openbmc Project | Incorrect Default Permissions vulnerability in Openbmc-Project Openbmc user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions. | 6.5 |
2020-06-15 | CVE-2020-14076 | Trendnet | Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware 2.06B04 TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. | 6.5 |
2020-06-15 | CVE-2020-14079 | Trendnet | Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware 2.06B04 TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. | 6.5 |
2020-06-15 | CVE-2020-14078 | Trendnet | Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware 2.06B04 TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. | 6.5 |
2020-06-15 | CVE-2020-14077 | Trendnet | Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware 2.06B04 TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. | 6.5 |
2020-06-15 | CVE-2020-14074 | Trendnet | Out-of-bounds Write vulnerability in Trendnet Tew-827Dru Firmware 2.06B04 TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. | 6.5 |
2020-06-19 | CVE-2016-11072 | Mattermost | Improper Authentication vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.2. | 6.4 |
2020-06-19 | CVE-2017-18911 | Mattermost | Improper Certificate Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 6.4 |
2020-06-19 | CVE-2017-18883 | Mattermost | Insufficient Entropy vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. | 6.4 |
2020-06-19 | CVE-2019-20851 | Mattermost | Path Traversal vulnerability in Mattermost An issue was discovered in Mattermost Mobile Apps before 1.26.0. | 6.4 |
2020-06-18 | CVE-2020-12886 | ARM | Out-of-bounds Read vulnerability in ARM Mbed OS 5.15.3 A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. | 6.4 |
2020-06-18 | CVE-2020-12884 | ARM | Out-of-bounds Read vulnerability in ARM Mbed OS 5.15.3 A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. | 6.4 |
2020-06-18 | CVE-2020-12883 | ARM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in ARM Mbed OS 5.15.3 Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. | 6.4 |
2020-06-17 | CVE-2020-14401 | Libvncserver Project Debian Opensuse Siemens | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 6.4 |
2020-06-17 | CVE-2020-12827 | Mjml | Path Traversal vulnerability in Mjml MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document. | 6.4 |
2020-06-17 | CVE-2020-11900 | Treck | Double Free vulnerability in Treck Tcp/Ip 4.7.1.27/5.0.1.35/6.0.1.28 The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free. | 6.4 |
2020-06-17 | CVE-2020-11898 | Treck | Information Exposure vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak. | 6.4 |
2020-06-15 | CVE-2020-5754 | Webroot | Type Confusion vulnerability in Webroot Endpoint Agents Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulnerability over its listening TCP port, resulting in crashing or reading memory contents of the Webroot endpoint agent. | 6.4 |
2020-06-15 | CVE-2018-21245 | Apsis | HTTP Request Smuggling vulnerability in Apsis Pound Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711. | 6.4 |
2020-06-15 | CVE-2020-4471 | IBM | Improper Input Validation vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. | 6.4 |
2020-06-18 | CVE-2020-3350 | Cisco Fedoraproject Debian Canonical | Race Condition vulnerability in multiple products A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. | 6.3 |
2020-06-19 | CVE-2020-14475 | Dolibarr | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 11.0.3 A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey). | 6.1 |
2020-06-18 | CVE-2020-14446 | Wso2 | Open Redirect vulnerability in Wso2 Identity Server and Identity Server AS KEY Manager An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. | 6.1 |
2020-06-16 | CVE-2020-14210 | Monitorapp | Cross-site Scripting vulnerability in Monitorapp products Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. | 6.1 |
2020-06-16 | CVE-2020-10268 | Kuka | Unspecified vulnerability in Kuka KR C4 Firmware Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. | 6.1 |
2020-06-16 | CVE-2020-9522 | Microfocus | Cross-site Scripting vulnerability in Microfocus Arcsight Enterprise Security Manager Express 7.0.0/7.2/7.2.1 Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . | 6.1 |
2020-06-15 | CVE-2020-4470 | IBM | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. | 6.0 |
2020-06-21 | CVE-2020-14954 | Mutt Debian Neomutt Fedoraproject Canonical Opensuse | Injection vulnerability in multiple products Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. | 5.9 |
2020-06-18 | CVE-2020-14422 | Opensuse Python Fedoraproject Oracle | Use of Insufficiently Random Values vulnerability in multiple products Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. | 5.9 |
2020-06-19 | CVE-2017-18897 | Mattermost | Open Redirect vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. | 5.8 |
2020-06-19 | CVE-2017-18891 | Mattermost | Open Redirect vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. | 5.8 |
2020-06-19 | CVE-2020-14454 | Mattermost | Open Redirect vulnerability in Mattermost Desktop An issue was discovered in Mattermost Desktop App before 4.4.0. | 5.8 |
2020-06-18 | CVE-2020-14442 | Netgear | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 5.8 |
2020-06-18 | CVE-2020-14441 | Netgear | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 5.8 |
2020-06-18 | CVE-2020-14440 | Netgear | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 5.8 |
2020-06-18 | CVE-2020-14439 | Netgear | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 5.8 |
2020-06-18 | CVE-2020-14438 | Netgear | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 5.8 |
2020-06-18 | CVE-2020-14437 | Netgear | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 5.8 |
2020-06-18 | CVE-2020-14436 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 5.8 |
2020-06-18 | CVE-2020-14435 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 5.8 |
2020-06-18 | CVE-2020-14429 | Netgear | Insufficiently Protected Credentials vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of administrative credentials. | 5.8 |
2020-06-18 | CVE-2020-3337 | Cisco | Open Redirect vulnerability in Cisco Umbrella A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. | 5.8 |
2020-06-17 | CVE-2020-11907 | Treck | Unspecified vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP. | 5.8 |
2020-06-17 | CVE-2020-11906 | Treck | Integer Underflow (Wrap or Wraparound) vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow. | 5.8 |
2020-06-16 | CVE-2020-14214 | Zammad | Missing Authorization vulnerability in Zammad Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. | 5.8 |
2020-06-19 | CVE-2020-13275 | Gitlab | Incorrect Authorization vulnerability in Gitlab A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.1 | 5.5 |
2020-06-19 | CVE-2020-10750 | Linuxfoundation | Information Exposure Through Log Files vulnerability in Linuxfoundation Jaeger Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. | 5.5 |
2020-06-19 | CVE-2017-18894 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. | 5.5 |
2020-06-19 | CVE-2017-18884 | Mattermost | Improper Privilege Management vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 5.5 |
2020-06-19 | CVE-2017-18874 | Mattermost | Path Traversal vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. | 5.5 |
2020-06-19 | CVE-2019-20876 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. | 5.5 |
2020-06-19 | CVE-2020-5590 | EC Cube | Path Traversal vulnerability in Ec-Cube Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. | 5.5 |
2020-06-17 | CVE-2020-6869 | ZTE | Information Exposure vulnerability in ZTE Ztemarket APK 10.06 All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. | 5.5 |
2020-06-17 | CVE-2020-6752 | Openmicroscopy | Information Exposure vulnerability in Openmicroscopy Omero In OMERO before 5.6.1, group owners can access members' data in other groups. | 5.5 |
2020-06-17 | CVE-2020-14404 | Libvnc Project Canonical Debian Siemens | Out-of-bounds Write vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 5.5 |
2020-06-17 | CVE-2020-14403 | Libvnc Project Canonical Debian Siemens | Out-of-bounds Write vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 5.5 |
2020-06-17 | CVE-2020-14402 | Libvnc Project Canonical Debian Siemens | Out-of-bounds Write vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 5.5 |
2020-06-16 | CVE-2020-14213 | Zammad | Missing Authorization vulnerability in Zammad In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge). | 5.5 |
2020-06-15 | CVE-2020-11999 | Rockwellautomation | Improper Input Validation vulnerability in Rockwellautomation Factorytalk Linx and Rslinx Classic FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. | 5.5 |
2020-06-15 | CVE-2020-14150 | GNU | Unspecified vulnerability in GNU Bison GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). | 5.5 |
2020-06-15 | CVE-2020-13999 | Libemf Project Fedoraproject | Integer Overflow or Wraparound vulnerability in multiple products ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. | 5.5 |
2020-06-15 | CVE-2020-0543 | Intel Opensuse Canonical Fedoraproject Siemens Mcafee | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2020-06-18 | CVE-2020-14445 | Wso2 | Cross-site Scripting vulnerability in Wso2 Identity Server and Identity Server AS KEY Manager An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. | 5.4 |
2020-06-18 | CVE-2020-14444 | Wso2 | Cross-site Scripting vulnerability in Wso2 Identity Server and Identity Server AS KEY Manager An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. | 5.4 |
2020-06-17 | CVE-2020-11899 | Treck Dell | Out-of-bounds Read vulnerability in multiple products The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. | 5.4 |
2020-06-16 | CVE-2020-11838 | Microfocus | Cross-site Scripting vulnerability in Microfocus Arcsight Management Center Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. | 5.4 |
2020-06-15 | CVE-2020-4051 | Openjsf Debian Netapp | Cross-site Scripting vulnerability in multiple products In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. | 5.4 |
2020-06-19 | CVE-2020-9495 | Apache | Injection vulnerability in Apache Archiva Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. | 5.3 |
2020-06-15 | CVE-2020-14155 | Pcre Apple Gitlab Oracle Netapp Splunk | Integer Overflow or Wraparound vulnerability in multiple products libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. | 5.3 |
2020-06-18 | CVE-2020-14433 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 5.2 |
2020-06-19 | CVE-2017-18903 | Mattermost | Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. | 5.1 |
2020-06-19 | CVE-2020-13264 | Gitlab | Information Exposure vulnerability in Gitlab Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token | 5.0 |
2020-06-19 | CVE-2020-13274 | Gitlab | Resource Exhaustion vulnerability in Gitlab A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1 | 5.0 |
2020-06-19 | CVE-2020-13265 | Gitlab | Insufficient Verification of Data Authenticity vulnerability in Gitlab User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification | 5.0 |
2020-06-19 | CVE-2017-18919 | Mattermost | Improper Authentication vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. | 5.0 |
2020-06-19 | CVE-2017-18917 | Mattermost | Use of Password Hash With Insufficient Computational Effort vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 5.0 |
2020-06-19 | CVE-2017-18916 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 5.0 |
2020-06-19 | CVE-2017-18914 | Mattermost | Improper Check for Unusual or Exceptional Conditions vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 5.0 |
2020-06-19 | CVE-2017-18905 | Mattermost | Insufficient Session Expiration vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. | 5.0 |
2020-06-19 | CVE-2016-11076 | Mattermost | Improper Certificate Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.0. | 5.0 |
2020-06-19 | CVE-2016-11075 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.0. | 5.0 |
2020-06-19 | CVE-2016-11069 | Mattermost | Weak Password Requirements vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.2.0. | 5.0 |
2020-06-19 | CVE-2016-11068 | Mattermost | Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.2.0. | 5.0 |
2020-06-19 | CVE-2016-11067 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.2.0. | 5.0 |
2020-06-19 | CVE-2016-11066 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.2.0. | 5.0 |
2020-06-19 | CVE-2016-11062 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.5.1. | 5.0 |
2020-06-19 | CVE-2015-9548 | Mattermost | Resource Exhaustion vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 1.2.0. | 5.0 |
2020-06-19 | CVE-2017-18902 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. | 5.0 |
2020-06-19 | CVE-2017-18901 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. | 5.0 |
2020-06-19 | CVE-2017-18899 | Mattermost | Allocation of Resources Without Limits or Throttling vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. | 5.0 |
2020-06-19 | CVE-2017-18898 | Mattermost | Improper Resource Shutdown or Release vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. | 5.0 |
2020-06-19 | CVE-2017-18896 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. | 5.0 |
2020-06-19 | CVE-2017-18895 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. | 5.0 |
2020-06-19 | CVE-2017-18887 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 5.0 |
2020-06-19 | CVE-2017-18873 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 5.0 |
2020-06-19 | CVE-2020-8164 | Rubyonrails Debian Opensuse | Deserialization of Untrusted Data vulnerability in multiple products A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters. | 5.0 |
2020-06-19 | CVE-2020-8162 | Rubyonrails Debian | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits. | 5.0 |
2020-06-19 | CVE-2019-20889 | Mattermost | Incorrect Default Permissions vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. | 5.0 |
2020-06-19 | CVE-2019-20888 | Mattermost | Memory Leak vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. | 5.0 |
2020-06-19 | CVE-2019-20886 | Mattermost | Improper Privilege Management vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.8.0. | 5.0 |
2020-06-19 | CVE-2019-20885 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.8.0. | 5.0 |
2020-06-19 | CVE-2019-20884 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.8.0. | 5.0 |
2020-06-19 | CVE-2019-20882 | Mattermost | Incorrect Default Permissions vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.8.0. | 5.0 |
2020-06-19 | CVE-2019-20880 | Mattermost | Resource Exhaustion vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. | 5.0 |
2020-06-19 | CVE-2019-20877 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. | 5.0 |
2020-06-19 | CVE-2019-20875 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. | 5.0 |
2020-06-19 | CVE-2018-21265 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Desktop 3.4.0 An issue was discovered in Mattermost Desktop App before 4.0.0. | 5.0 |
2020-06-19 | CVE-2018-21262 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.7.3. | 5.0 |
2020-06-19 | CVE-2018-21259 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and 4.8.2. | 5.0 |
2020-06-19 | CVE-2018-21258 | Mattermost | Injection vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.1. | 5.0 |
2020-06-19 | CVE-2018-21257 | Mattermost | Missing Authorization vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.1. | 5.0 |
2020-06-19 | CVE-2018-21248 | Mattermost | Insufficiently Protected Credentials vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.4.0. | 5.0 |
2020-06-19 | CVE-2017-18871 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. | 5.0 |
2020-06-19 | CVE-2019-20874 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. | 5.0 |
2020-06-19 | CVE-2019-20871 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. | 5.0 |
2020-06-19 | CVE-2019-20869 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. | 5.0 |
2020-06-19 | CVE-2019-20868 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.11.0. | 5.0 |
2020-06-19 | CVE-2019-20867 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.11.0. | 5.0 |
2020-06-19 | CVE-2019-20866 | Mattermost | HTTP Request Smuggling vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.12.0. | 5.0 |
2020-06-19 | CVE-2019-20864 | Mattermost | Incorrect Authorization vulnerability in Mattermost Plugins An issue was discovered in Mattermost Plugins before 5.13.0. | 5.0 |
2020-06-19 | CVE-2019-20863 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.13.0. | 5.0 |
2020-06-19 | CVE-2019-20862 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.13.0. | 5.0 |
2020-06-19 | CVE-2019-20859 | Mattermost | Improper Privilege Management vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.15.0. | 5.0 |
2020-06-19 | CVE-2019-20858 | Mattermost | Resource Exhaustion vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.15.0. | 5.0 |
2020-06-19 | CVE-2019-20857 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.16.0. | 5.0 |
2020-06-19 | CVE-2019-20855 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. | 5.0 |
2020-06-19 | CVE-2019-20854 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.17.0. | 5.0 |
2020-06-19 | CVE-2019-20852 | Mattermost | Information Exposure vulnerability in Mattermost Mobile An issue was discovered in Mattermost Mobile Apps before 1.26.0. | 5.0 |
2020-06-19 | CVE-2020-14459 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.19.0. | 5.0 |
2020-06-19 | CVE-2020-14458 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.19.0. | 5.0 |
2020-06-19 | CVE-2020-14457 | Mattermost | Missing Authorization vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.20.0. | 5.0 |
2020-06-19 | CVE-2020-14453 | Mattermost | Insufficient Verification of Data Authenticity vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.21.0. | 5.0 |
2020-06-19 | CVE-2020-14452 | Mattermost | Path Traversal vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.21.0. | 5.0 |
2020-06-19 | CVE-2020-14451 | Mattermost | Information Exposure vulnerability in Mattermost Mobile 1.26.0 An issue was discovered in Mattermost Mobile Apps before 1.29.0. | 5.0 |
2020-06-19 | CVE-2020-14450 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.22.0. | 5.0 |
2020-06-19 | CVE-2020-14448 | Mattermost | Infinite Loop vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.23.0. | 5.0 |
2020-06-19 | CVE-2020-14447 | Mattermost | Infinite Loop vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.23.0. | 5.0 |
2020-06-19 | CVE-2019-20850 | Mattermost | Information Exposure vulnerability in Mattermost Mobile An issue was discovered in Mattermost Mobile Apps before 1.26.0. | 5.0 |
2020-06-19 | CVE-2019-20849 | Mattermost | Information Exposure vulnerability in Mattermost Mobile An issue was discovered in Mattermost Mobile Apps before 1.26.0. | 5.0 |
2020-06-19 | CVE-2019-20848 | Mattermost | Improper Input Validation vulnerability in Mattermost Mobile An issue was discovered in Mattermost Mobile Apps before 1.26.0. | 5.0 |
2020-06-19 | CVE-2019-20847 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.18.0. | 5.0 |
2020-06-19 | CVE-2019-20846 | Mattermost | Improper Preservation of Permissions vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.18.0. | 5.0 |
2020-06-19 | CVE-2019-20845 | Mattermost | Resource Exhaustion vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.18.0. | 5.0 |
2020-06-19 | CVE-2019-20843 | Mattermost | Improper Preservation of Permissions vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. | 5.0 |
2020-06-18 | CVE-2020-12887 | ARM | Memory Leak vulnerability in ARM Mbed-Coap 5.1.5 Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. | 5.0 |
2020-06-18 | CVE-2020-14423 | Convos | Use of Insufficiently Random Values vulnerability in Convos Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. | 5.0 |
2020-06-18 | CVE-2020-3368 | Cisco | Improper Input Validation vulnerability in Cisco Asyncos A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. | 5.0 |
2020-06-18 | CVE-2020-3364 | Cisco | Incorrect Authorization vulnerability in Cisco IOS XR A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit Ethernet Management interface. | 5.0 |
2020-06-18 | CVE-2020-3360 | Cisco | Incorrect Authorization vulnerability in Cisco products A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. | 5.0 |
2020-06-18 | CVE-2020-3245 | Cisco | Missing Authorization vulnerability in Cisco Smart Software Manager On-Prem 7201910/7202001 A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. | 5.0 |
2020-06-18 | CVE-2020-3244 | Cisco | Improper Input Validation vulnerability in Cisco Staros A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. | 5.0 |
2020-06-17 | CVE-2020-4532 | IBM | Information Exposure vulnerability in IBM products IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.0 |
2020-06-17 | CVE-2020-13637 | Heinekingmedia | Cleartext Storage of Sensitive Information vulnerability in Heinekingmedia Stashcat An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms. | 5.0 |
2020-06-17 | CVE-2019-9944 | Openmicroscopy | Information Exposure vulnerability in Openmicroscopy Omero.Server 5.0.0/5.6.0 In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. | 5.0 |
2020-06-17 | CVE-2019-9943 | Openmicroscopy | Incorrect Default Permissions vulnerability in Openmicroscopy Omero.Server 5.6.0 In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled. | 5.0 |
2020-06-17 | CVE-2019-16245 | Openmicroscopy | Information Exposure vulnerability in Openmicroscopy Omero OMERO before 5.6.1 makes the details of each user available to all users. | 5.0 |
2020-06-17 | CVE-2020-14398 | Libvnc Project Canonical Debian Siemens Opensuse | Infinite Loop vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 5.0 |
2020-06-17 | CVE-2020-14397 | Libvnc Project Canonical Debian Siemens Opensuse | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 5.0 |
2020-06-17 | CVE-2020-14396 | Libvnc Project Canonical Debian Siemens | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 5.0 |
2020-06-17 | CVE-2020-11913 | Treck | Out-of-bounds Read vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. | 5.0 |
2020-06-17 | CVE-2020-11911 | Treck | Missing Authorization vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control. | 5.0 |
2020-06-17 | CVE-2020-11910 | Treck | Out-of-bounds Read vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read. | 5.0 |
2020-06-17 | CVE-2020-11909 | Treck | Integer Underflow (Wrap or Wraparound) vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. | 5.0 |
2020-06-16 | CVE-2019-17655 | Fortinet | Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortios A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system. | 5.0 |
2020-06-16 | CVE-2020-7513 | Schneider Electric | Cleartext Storage of Sensitive Information vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data. | 5.0 |
2020-06-16 | CVE-2020-7511 | Schneider Electric | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force. | 5.0 |
2020-06-16 | CVE-2020-7510 | Schneider Electric | Information Exposure vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys. | 5.0 |
2020-06-16 | CVE-2020-7508 | Schneider Electric | Improper Restriction of Excessive Authentication Attempts vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force. | 5.0 |
2020-06-16 | CVE-2020-7507 | Schneider Electric | Resource Exhaustion vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service. | 5.0 |
2020-06-16 | CVE-2020-7506 | Schneider Electric | Information Exposure vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure. | 5.0 |
2020-06-16 | CVE-2020-7504 | Schneider Electric | Improper Input Validation vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2 A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent. | 5.0 |
2020-06-16 | CVE-2020-7502 | Schneider Electric | Out-of-bounds Write vulnerability in Schneider-Electric Modicon M218 Firmware 4.3 A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (Firmware version 4.3 and prior), which may cause a Denial of Service when specific TCP/IP crafted packets are sent to the Modicon M218 Logic Controller. | 5.0 |
2020-06-16 | CVE-2020-8543 | Open Xchange | Resource Exhaustion vulnerability in Open-Xchange Appsuite 7.10.1/7.8.4 OX App Suite through 7.10.3 has Improper Input Validation. | 5.0 |
2020-06-16 | CVE-2020-4310 | IBM | Unspecified vulnerability in IBM MQ and Websphere MQ IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. | 5.0 |
2020-06-16 | CVE-2020-12494 | Beckhoff | Incomplete Cleanup vulnerability in Beckhoff Twincat and Twincat Driver Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. | 5.0 |
2020-06-15 | CVE-2020-14163 | Jerryscript | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jerryscript 2.2.0 An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. | 5.0 |
2020-06-15 | CVE-2020-12003 | Rockwellautomation | Path Traversal vulnerability in Rockwellautomation Factorytalk Linx and Rslinx Classic FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. | 5.0 |
2020-06-15 | CVE-2020-13650 | Digdash | Server-Side Request Forgery (SSRF) vulnerability in Digdash 2018R2/2019R1/2019R2 An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. | 5.0 |
2020-06-15 | CVE-2020-14149 | Troglobit | NULL Pointer Dereference vulnerability in Troglobit Uftpd In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. | 5.0 |
2020-06-15 | CVE-2020-8674 | Intel | Out-of-bounds Read vulnerability in Intel products Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access. | 5.0 |
2020-06-15 | CVE-2020-4494 | IBM | Information Exposure vulnerability in IBM products IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. | 5.0 |
2020-06-15 | CVE-2020-0596 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. | 5.0 |
2020-06-15 | CVE-2020-0540 | Intel | Insufficiently Protected Credentials vulnerability in Intel Active Management Technology Firmware Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. | 5.0 |
2020-06-15 | CVE-2020-0538 | Intel | Improper Input Validation vulnerability in Intel Active Management Technology Firmware Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access. | 5.0 |
2020-06-15 | CVE-2020-0536 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access. | 5.0 |
2020-06-15 | CVE-2020-0535 | Intel | Improper Input Validation vulnerability in Intel Active Management Technology Firmware Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. | 5.0 |
2020-06-15 | CVE-2020-0534 | Intel | Improper Input Validation vulnerability in Intel Converged Security Management Engine Firmware Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access. | 5.0 |
2020-06-19 | CVE-2017-18906 | Mattermost | Improper Authentication vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. | 4.9 |
2020-06-17 | CVE-2020-8619 | ISC Fedoraproject Opensuse Debian Canonical Netapp | Improper Resource Shutdown or Release vulnerability in multiple products In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. | 4.9 |
2020-06-17 | CVE-2020-8618 | ISC Opensuse Netapp Canonical | Reachable Assertion vulnerability in multiple products An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients. | 4.9 |
2020-06-17 | CVE-2020-14157 | Abus | Information Exposure vulnerability in Abus Secvest Wireless Control Fube50001 Firmware The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). | 4.8 |
2020-06-15 | CVE-2020-14154 | Mutt Canonical | Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. | 4.8 |
2020-06-15 | CVE-2020-0532 | Intel | Improper Input Validation vulnerability in Intel Active Management Technology Firmware Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. | 4.8 |
2020-06-18 | CVE-2020-14416 | Linux Opensuse | Use After Free vulnerability in multiple products In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. | 4.7 |
2020-06-18 | CVE-2020-3362 | Cisco | Unspecified vulnerability in Cisco Network Services Orchestrator A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. | 4.7 |
2020-06-18 | CVE-2020-9225 | Huawei | Improper Privilege Management vulnerability in Huawei Fusionsphere Openstack 6.5.1 FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. | 4.6 |
2020-06-17 | CVE-2020-9332 | Fabulatech | Improper Privilege Management vulnerability in Fabulatech USB for Remote Desktop 20200219 ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 allows privilege escalation via crafted IoCtl code related to a USB HID device. | 4.6 |
2020-06-16 | CVE-2020-0234 | Out-of-bounds Write vulnerability in Google Android In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. | 4.6 | |
2020-06-16 | CVE-2019-18614 | Cypress | Out-of-bounds Write vulnerability in Cypress Cyw20735 Firmware On the Cypress CYW20735 evaluation board, any data that exceeds 384 bytes is copied and causes an overflow. | 4.6 |
2020-06-15 | CVE-2020-3961 | Vmware | Improper Privilege Management vulnerability in VMWare Horizon Client VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. | 4.6 |
2020-06-15 | CVE-2020-13150 | Dlink | Missing Authentication for Critical Function vulnerability in Dlink Dsl-2750U Firmware Me1.03 D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active. | 4.6 |
2020-06-15 | CVE-2020-1813 | Huawei | Improper Authentication vulnerability in Huawei P30 Firmware HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. | 4.6 |
2020-06-15 | CVE-2020-8675 | Intel | Improper Privilege Management vulnerability in Intel Innovation Engine Firmware Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 4.6 |
2020-06-15 | CVE-2020-0586 | Intel | Improper Initialization vulnerability in Intel Server Platform Services Improper initialization in subsystem for Intel(R) SPS versions before SPS_E3_04.01.04.109.0 and SPS_E3_04.08.04.070.0 may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. | 4.6 |
2020-06-15 | CVE-2020-0566 | Intel | Improper Privilege Management vulnerability in Intel Trusted Execution Engine Firmware Improper Access Control in subsystem for Intel(R) TXE versions before 3.175 and 4.0.25 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 4.6 |
2020-06-15 | CVE-2020-0542 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Converged Security Management Engine Firmware Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. | 4.6 |
2020-06-15 | CVE-2020-0541 | Intel | Out-of-bounds Write vulnerability in Intel Converged Security Management Engine Firmware Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access. | 4.6 |
2020-06-15 | CVE-2020-0533 | Intel | Use of Password Hash With Insufficient Computational Effort vulnerability in Intel Converged Security Management Engine Firmware Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access. | 4.6 |
2020-06-15 | CVE-2020-0529 | Intel | Improper Initialization vulnerability in Intel products Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access. | 4.6 |
2020-06-15 | CVE-2020-0528 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. | 4.6 |
2020-06-19 | CVE-2020-13262 | Gitlab | Cross-site Scripting vulnerability in Gitlab Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link | 4.3 |
2020-06-19 | CVE-2020-14930 | BT Ctroms Terminal Project | Improper Authentication vulnerability in BT Ctroms Terminal Project BT Ctroms Terminal An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. | 4.3 |
2020-06-19 | CVE-2017-18921 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. | 4.3 |
2020-06-19 | CVE-2017-18913 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 4.3 |
2020-06-19 | CVE-2017-18907 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. | 4.3 |
2020-06-19 | CVE-2016-11084 | Mattermost | Cross-Site Request Forgery (CSRF) vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 2.1.0. | 4.3 |
2020-06-19 | CVE-2016-11083 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 2.2.0. | 4.3 |
2020-06-19 | CVE-2016-11082 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 2.2.0. | 4.3 |
2020-06-19 | CVE-2016-11079 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.0. | 4.3 |
2020-06-19 | CVE-2016-11073 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.0. | 4.3 |
2020-06-19 | CVE-2016-11071 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.1.0. | 4.3 |
2020-06-19 | CVE-2016-11063 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.5.1. | 4.3 |
2020-06-19 | CVE-2017-18909 | Mattermost | Improper Certificate Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. | 4.3 |
2020-06-19 | CVE-2017-18904 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. | 4.3 |
2020-06-19 | CVE-2017-18893 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. | 4.3 |
2020-06-19 | CVE-2017-18892 | Mattermost | Improper Encoding or Escaping of Output vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. | 4.3 |
2020-06-19 | CVE-2017-18890 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 4.3 |
2020-06-19 | CVE-2017-18882 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 4.3 |
2020-06-19 | CVE-2017-18881 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 4.3 |
2020-06-19 | CVE-2017-18880 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 4.3 |
2020-06-19 | CVE-2017-18879 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 4.3 |
2020-06-19 | CVE-2020-8167 | Rubyonrails Debian | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. | 4.3 |
2020-06-19 | CVE-2018-21250 | Mattermost | Resource Exhaustion vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. | 4.3 |
2020-06-19 | CVE-2018-21249 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.3.0. | 4.3 |
2020-06-19 | CVE-2017-18877 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 4.3 |
2020-06-19 | CVE-2019-20860 | Mattermost | Unspecified vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. | 4.3 |
2020-06-19 | CVE-2020-14455 | Mattermost | Improper Authentication vulnerability in Mattermost Desktop An issue was discovered in Mattermost Desktop App before 4.4.0. | 4.3 |
2020-06-19 | CVE-2020-14449 | Mattermost | Information Exposure vulnerability in Mattermost Mobile 1.26.0/1.29.0 An issue was discovered in Mattermost Mobile Apps before 1.30.0. | 4.3 |
2020-06-19 | CVE-2019-20844 | Mattermost | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. | 4.3 |
2020-06-18 | CVE-2020-3356 | Cisco | Cross-site Scripting vulnerability in Cisco Data Center Network Manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 4.3 |
2020-06-17 | CVE-2020-14408 | Agentejo | Cross-site Scripting vulnerability in Agentejo Cockpit 0.10.2 An issue was discovered in Agentejo Cockpit 0.10.2. | 4.3 |
2020-06-16 | CVE-2020-4052 | Requarks | Cross-site Scripting vulnerability in Requarks Wiki.Js In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. | 4.3 |
2020-06-16 | CVE-2020-7495 | Schneider Electric | Path Traversal vulnerability in Schneider-Electric Ecostruxure Operator Terminal Expert 3.0/3.1 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file. | 4.3 |
2020-06-16 | CVE-2020-7492 | Schneider Electric | Weak Password Requirements vulnerability in Schneider-Electric Gp-Pro EX Firmware 1.00/4.08.200/4.09.120 A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded. | 4.3 |
2020-06-16 | CVE-2020-14199 | Satoshilabs | Improper Verification of Cryptographic Signature vulnerability in Satoshilabs Trezor Model T Firmware and Trezor ONE Firmware BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. | 4.3 |
2020-06-16 | CVE-2020-11841 | Microfocus | Unspecified vulnerability in Microfocus Arcsight Management Center Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. | 4.3 |
2020-06-16 | CVE-2020-11840 | Microfocus | Unspecified vulnerability in Microfocus Arcsight Management Center Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. | 4.3 |
2020-06-15 | CVE-2020-13652 | Digdash | Cross-site Scripting vulnerability in Digdash 2018R2/2019R1/2019R2 An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200528, 2019R2 before p20200430, and 2020R1 before p20200507. | 4.3 |
2020-06-15 | CVE-2020-9426 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange OX Guard 2.10.3 OX Guard 2.10.3 and earlier allows XSS. | 4.3 |
2020-06-15 | CVE-2019-19112 | Gvectors | Cross-site Scripting vulnerability in Gvectors Wpforo 1.6.5 The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php. | 4.3 |
2020-06-15 | CVE-2019-19111 | Gvectors | Cross-site Scripting vulnerability in Gvectors Wpforo 1.6.5 The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter. | 4.3 |
2020-06-15 | CVE-2020-14093 | Mutt Canonical Debian Opensuse | Cleartext Transmission of Sensitive Information vulnerability in multiple products Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. | 4.3 |
2020-06-18 | CVE-2020-13882 | Cisofy Fedoraproject | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. | 4.2 |
2020-06-21 | CVE-2020-14958 | Gogs | Improper Preservation of Permissions vulnerability in Gogs 0.11.91 In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check. | 4.0 |
2020-06-19 | CVE-2020-13261 | Gitlab | Insufficiently Protected Credentials vulnerability in Gitlab Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code | 4.0 |
2020-06-19 | CVE-2020-13276 | Gitlab | Incorrect Authorization vulnerability in Gitlab User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 | 4.0 |
2020-06-19 | CVE-2017-18918 | Mattermost | Improper Certificate Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. | 4.0 |
2020-06-19 | CVE-2016-11081 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 2.2.0. | 4.0 |
2020-06-19 | CVE-2016-11080 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.0. | 4.0 |
2020-06-19 | CVE-2016-11078 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.0. | 4.0 |
2020-06-19 | CVE-2016-11077 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.0.0. | 4.0 |
2020-06-19 | CVE-2016-11065 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.3.0. | 4.0 |
2020-06-19 | CVE-2017-18910 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. | 4.0 |
2020-06-19 | CVE-2017-18889 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 4.0 |
2020-06-19 | CVE-2017-18878 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. | 4.0 |
2020-06-19 | CVE-2020-13277 | Gitlab | Incorrect Authorization vulnerability in Gitlab An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 | 4.0 |
2020-06-19 | CVE-2018-21256 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.1. | 4.0 |
2020-06-19 | CVE-2018-21252 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. | 4.0 |
2020-06-19 | CVE-2020-13961 | Strapi | Improper Input Validation vulnerability in Strapi Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. | 4.0 |
2020-06-19 | CVE-2019-20890 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.7. | 4.0 |
2020-06-19 | CVE-2019-20887 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. | 4.0 |
2020-06-19 | CVE-2019-20879 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. | 4.0 |
2020-06-19 | CVE-2019-20878 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. | 4.0 |
2020-06-19 | CVE-2018-21261 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. | 4.0 |
2020-06-19 | CVE-2018-21260 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. | 4.0 |
2020-06-19 | CVE-2018-21255 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.1. | 4.0 |
2020-06-19 | CVE-2018-21254 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.1. | 4.0 |
2020-06-19 | CVE-2018-21253 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. | 4.0 |
2020-06-19 | CVE-2017-18876 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. | 4.0 |
2020-06-19 | CVE-2017-18875 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. | 4.0 |
2020-06-19 | CVE-2020-14470 | Octopus | Insufficiently Protected Credentials vulnerability in Octopus Deploy In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password. | 4.0 |
2020-06-19 | CVE-2019-20873 | Mattermost | Information Exposure vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. | 4.0 |
2020-06-19 | CVE-2019-20870 | Mattermost | Improper Input Validation vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.10.0. | 4.0 |
2020-06-19 | CVE-2020-14460 | Mattermost | Improper Privilege Management vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. | 4.0 |
2020-06-18 | CVE-2020-3242 | Cisco | Information Exposure vulnerability in Cisco UCS Director A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. | 4.0 |
2020-06-17 | CVE-2020-14405 | Libvnc Project Canonical Debian Siemens | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in LibVNCServer before 0.9.13. | 4.0 |
2020-06-16 | CVE-2020-7499 | Schneider Electric | Incorrect Authorization vulnerability in Schneider-Electric products A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes. | 4.0 |
2020-06-16 | CVE-2020-8544 | Open Xchange | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite 7.8.4 OX App Suite through 7.10.3 allows SSRF. | 4.0 |
2020-06-16 | CVE-2020-8541 | Open Xchange | XXE vulnerability in Open-Xchange Appsuite 7.10.1/7.10.2/7.10.3 OX App Suite through 7.10.3 allows XXE attacks. | 4.0 |
2020-06-16 | CVE-2020-4320 | IBM | Improper Certificate Validation vulnerability in IBM MQ IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. | 4.0 |
2020-06-15 | CVE-2020-14147 | Redislabs Oracle Suse Debian | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. | 4.0 |
2020-06-15 | CVE-2020-9076 | Huawei | Improper Authentication vulnerability in Huawei P30 Firmware, P30 PRO Firmware and Tony-Al00B Firmware HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. | 4.0 |
2020-06-15 | CVE-2020-9427 | Open Xchange | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange OX Guard 2.10.3 OX Guard 2.10.3 and earlier allows SSRF. | 4.0 |
2020-06-15 | CVE-2020-9075 | Huawei | Information Exposure vulnerability in Huawei products Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification. | 4.0 |
2020-06-15 | CVE-2020-1825 | Huawei | Improper Input Validation vulnerability in Huawei Fusionaccess 6.5.1 FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. | 4.0 |
2020-06-15 | CVE-2018-16848 | Redhat | Resource Exhaustion vulnerability in Redhat Openstack-Mistral A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. | 4.0 |
2020-06-15 | CVE-2020-4477 | IBM | Information Exposure vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. | 4.0 |
2020-06-15 | CVE-2020-0537 | Intel | Improper Input Validation vulnerability in Intel Active Management Technology Firmware Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access. | 4.0 |
2020-06-15 | CVE-2020-0531 | Intel | Improper Input Validation vulnerability in Intel Active Management Technology Firmware Improper input validation in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to potentially enable information disclosure via network access. | 4.0 |
37 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-06-19 | CVE-2016-11070 | Mattermost | Cross-site Scripting vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 3.1.0. | 3.5 |
2020-06-19 | CVE-2017-18872 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. | 3.5 |
2020-06-19 | CVE-2020-14927 | Naviwebs | Cross-site Scripting vulnerability in Naviwebs Navigate CMS 2.9 Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen. | 3.5 |
2020-06-19 | CVE-2020-14926 | Cmsmadesimple | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14 CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page. | 3.5 |
2020-06-19 | CVE-2019-20883 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. | 3.5 |
2020-06-19 | CVE-2017-18870 | Mattermost | Incorrect Permission Assignment for Critical Resource vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. | 3.5 |
2020-06-19 | CVE-2020-4297 | IBM | Cross-site Scripting vulnerability in IBM Doors Next and Rational Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. | 3.5 |
2020-06-19 | CVE-2020-4295 | IBM | Cross-site Scripting vulnerability in IBM Doors Next and Rational Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. | 3.5 |
2020-06-19 | CVE-2020-4281 | IBM | Cross-site Scripting vulnerability in IBM Doors Next and Rational Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. | 3.5 |
2020-06-19 | CVE-2020-14462 | Mitre | Cross-site Scripting vulnerability in Mitre Caldera 2.7.0 CALDERA 2.7.0 allows XSS via the Operation Name box. | 3.5 |
2020-06-18 | CVE-2020-3355 | Cisco | Cross-site Scripting vulnerability in Cisco Data Center Network Manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. | 3.5 |
2020-06-18 | CVE-2020-3354 | Cisco | Cross-site Scripting vulnerability in Cisco Data Center Network Manager A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. | 3.5 |
2020-06-17 | CVE-2020-7932 | Openmicroscopy | Information Exposure vulnerability in Openmicroscopy Omero.Web OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. | 3.5 |
2020-06-16 | CVE-2020-8542 | Open Xchange | Cross-site Scripting vulnerability in Open-Xchange Appsuite 7.10.1/7.10.2/7.10.3 OX App Suite through 7.10.3 allows XSS. | 3.5 |
2020-06-15 | CVE-2020-4406 | IBM | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM products IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. | 3.5 |
2020-06-15 | CVE-2020-14146 | Kumbiaphp | Cross-site Scripting vulnerability in Kumbiaphp 1.1.1 KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATH_INFO. | 3.5 |
2020-06-15 | CVE-2019-19110 | Gvectors | Cross-site Scripting vulnerability in Gvectors Wpforo 1.6.5 The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter. | 3.5 |
2020-06-18 | CVE-2019-13033 | Cisofy Debian Fedoraproject | Information Exposure vulnerability in multiple products In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. | 3.3 |
2020-06-18 | CVE-2020-14431 | Netgear | Insufficiently Protected Credentials vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of administrative credentials. | 3.3 |
2020-06-18 | CVE-2020-14430 | Netgear | Insufficiently Protected Credentials vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of administrative credentials. | 3.3 |
2020-06-18 | CVE-2020-14428 | Netgear | Insufficiently Protected Credentials vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of administrative credentials. | 3.3 |
2020-06-18 | CVE-2020-14427 | Netgear | Insufficiently Protected Credentials vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of administrative credentials. | 3.3 |
2020-06-18 | CVE-2020-14426 | Netgear | Insufficiently Protected Credentials vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of administrative credentials. | 3.3 |
2020-06-18 | CVE-2020-1835 | Huawei | Information Exposure vulnerability in Huawei Mate 30 Firmware 10.0.0.182(C00E180R6P2)/10.0.0.203(C00E201R7P2)/10.0.0.205(C00E201R7P2) HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. | 3.3 |
2020-06-17 | CVE-2020-11914 | Treck | Out-of-bounds Read vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read. | 3.3 |
2020-06-17 | CVE-2020-11912 | Treck | Out-of-bounds Read vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read. | 3.3 |
2020-06-17 | CVE-2020-11908 | Treck | Unspecified vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP. | 3.3 |
2020-06-17 | CVE-2020-11905 | Treck | Out-of-bounds Read vulnerability in Treck Tcp/Ip The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read. | 3.3 |
2020-06-17 | CVE-2020-11903 | Treck | Out-of-bounds Read vulnerability in Treck Tcp/Ip 4.7.1.27/5.0.1.35 The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read. | 3.3 |
2020-06-19 | CVE-2020-3972 | Vmware | Unspecified vulnerability in VMWare Tools VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. | 2.1 |
2020-06-19 | CVE-2019-20872 | Mattermost | Server-Side Request Forgery (SSRF) vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. | 2.1 |
2020-06-18 | CVE-2020-1834 | Huawei | Improper Validation of Integrity Check Value vulnerability in Huawei P30 Firmware and P30 PRO Firmware HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C00E135R2P11) and versions earlier than 10.1.0.135(C00E135R2P8) have an insufficient integrity check vulnerability. | 2.1 |
2020-06-18 | CVE-2020-3347 | Cisco | Information Exposure vulnerability in Cisco Webex Meetings 39.5.25/39.5.26/40.6.0 A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. | 2.1 |
2020-06-15 | CVE-2020-0545 | Intel | Integer Overflow or Wraparound vulnerability in Intel products Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access. | 2.1 |
2020-06-15 | CVE-2020-0539 | Intel | Path Traversal vulnerability in Intel products Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access. | 2.1 |
2020-06-15 | CVE-2020-0527 | Intel | Information Exposure vulnerability in Intel products Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access. | 2.1 |
2020-06-15 | CVE-2017-18869 | Chownr Project | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Chownr Project Chownr A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks. | 1.9 |