6-15 VB High and Medium Tables
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
google -- android | In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-151155194 | 2020-06-10 | 10 | CVE-2020-0117 MISC |
apache -- unomi | Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process. | 2020-06-05 | 10 | CVE-2020-11975 MISC |
lg -- multiple_mobile_devices | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020). | 2020-06-05 | 10 | CVE-2020-13839 CONFIRM |
lg -- multiple_mobile_devices | An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020). | 2020-06-05 | 10 | CVE-2020-13841 CONFIRM |
artica -- pandora_fms | Artica Pandora FMS 7.44 allows privilege escalation. | 2020-06-11 | 10 | CVE-2020-13854 MISC MISC |
ibm -- websphere_application_server | IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 181228. | 2020-06-05 | 10 | CVE-2020-4448 XF CONFIRM MISC |
ibm -- websphere_application_server | IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181231. | 2020-06-05 | 10 | CVE-2020-4450 XF CONFIRM MISC |
tibco -- managed_file_transfer_platform_server | The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0. | 2020-06-09 | 10 | CVE-2020-9412 CONFIRM CONFIRM |
microsoft -- chakracore | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | 2020-06-09 | 9.3 | CVE-2020-1073 MISC |
microsoft -- multiple_windows_products | A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1208. | 2020-06-09 | 9.3 | CVE-2020-1236 MISC |
microsoft -- multiple_windows_products | A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | 2020-06-09 | 9.3 | CVE-2020-1248 MISC |
tibco -- managed_file_transfer_platform_server | The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component. This vulnerability is exploitable when the configuration option 'Require Node Resp' is set to 'No'. In the event of a successful exploit, the attacker could theoretically read and write any file on the file system accessible to the affected component, thus fully affecting the confidentiality, integrity, and availability of the operating system hosting the deployment of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0. | 2020-06-09 | 9.3 | CVE-2020-9411 CONFIRM CONFIRM |
apple -- macos_catalina | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.5. A file may be incorrectly rendered to execute JavaScript. | 2020-06-09 | 9.3 | CVE-2020-9788 MISC |
apple -- multiple_products | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-06-09 | 9.3 | CVE-2020-9789 MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution. | 2020-06-09 | 9.3 | CVE-2020-9790 MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 2020-06-09 | 9.3 | CVE-2020-9791 MISC MISC MISC MISC |
apple -- multiple_products | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause arbitrary code execution. | 2020-06-09 | 9.3 | CVE-2020-9793 MISC MISC MISC MISC |
apple -- multiple_products | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to execute arbitrary code with kernel privileges. | 2020-06-09 | 9.3 | CVE-2020-9795 MISC MISC MISC MISC |
apple -- multiple_products | A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. | 2020-06-09 | 9.3 | CVE-2020-9813 MISC MISC MISC MISC |
apple -- multiple_products | A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. | 2020-06-09 | 9.3 | CVE-2020-9814 MISC MISC MISC MISC |
apple -- multiple_products | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 2020-06-09 | 9.3 | CVE-2020-9815 MISC MISC MISC MISC |
apple -- multiple_products | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. | 2020-06-09 | 9.3 | CVE-2020-9816 MISC MISC MISC MISC |
apple -- macos_catalina | A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges. | 2020-06-09 | 9.3 | CVE-2020-9817 MISC |
apple -- multiple_products | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. | 2020-06-09 | 9.3 | CVE-2020-9821 MISC MISC MISC MISC |
apple -- macos_catalina | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to execute arbitrary code with kernel privileges. | 2020-06-09 | 9.3 | CVE-2020-9822 MISC |
apple -- macos_catalina | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. | 2020-06-09 | 9.3 | CVE-2020-9830 MISC |
apple -- macos_catalina | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. | 2020-06-09 | 9.3 | CVE-2020-9834 MISC |
apple -- macos_catalina | An integer overflow was addressed through improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. | 2020-06-09 | 9.3 | CVE-2020-9841 MISC |
apple -- multiple_products | An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. | 2020-06-09 | 9.3 | CVE-2020-9852 MISC MISC MISC MISC |
artica -- pandora_fms | Artica Pandora FMS 7.44 allows remote command execution via the events feature. | 2020-06-11 | 9 | CVE-2020-13851 MISC MISC |
artica -- pandora_fms | Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. | 2020-06-11 | 9 | CVE-2020-13852 MISC MISC |
artica -- pandora_fms | Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. | 2020-06-11 | 9 | CVE-2020-13855 MISC MISC |
apple -- multiple_products | A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | 2020-06-09 | 7.8 | CVE-2020-9844 MISC MISC |
microsoft -- internet_explorer | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260. | 2020-06-09 | 7.6 | CVE-2020-1213 MISC |
microsoft -- internet_explorer | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1215, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260. | 2020-06-09 | 7.6 | CVE-2020-1214 MISC |
microsoft -- internet_explorer | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1216, CVE-2020-1230, CVE-2020-1260. | 2020-06-09 | 7.6 | CVE-2020-1215 MISC |
microsoft -- internet_explorer | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1230, CVE-2020-1260. | 2020-06-09 | 7.6 | CVE-2020-1216 MISC |
microsoft -- internet_explorer | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-2020-1260. | 2020-06-09 | 7.6 | CVE-2020-1230 MISC |
google -- android | In RW_T4tPresenceCheck of rw_t4t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141331405 | 2020-06-11 | 7.5 | CVE-2020-0217 MISC |
zephyrproject -- zephyr | An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. | 2020-06-05 | 7.5 | CVE-2020-10062 MISC MISC MISC MISC |
zephyrproject -- zephyr | In the Zephyr Project MQTT code, improper bounds checking can result in memory corruption and possibly remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. | 2020-06-05 | 7.5 | CVE-2020-10070 MISC MISC MISC MISC |
zephyrproject -- zephyr | The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. | 2020-06-05 | 7.5 | CVE-2020-10071 MISC MISC MISC MISC |
perl -- perl | Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. | 2020-06-05 | 7.5 | CVE-2020-10543 CONFIRM CONFIRM CONFIRM GENTOO CONFIRM |
perl -- perl | Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. | 2020-06-05 | 7.5 | CVE-2020-10878 CONFIRM CONFIRM CONFIRM CONFIRM GENTOO CONFIRM |
wordpress -- wordpress | The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file. | 2020-06-08 | 7.5 | CVE-2020-12800 MISC CONFIRM |
anydesk -- anydesk | AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. | 2020-06-09 | 7.5 | CVE-2020-13160 MISC MISC |
lg -- multiple_mobile_devices | An issue was disefscovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020). | 2020-06-05 | 7.5 | CVE-2020-13840 CONFIRM |
targetcli-fb -- targetcli-fb | Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files). | 2020-06-05 | 7.5 | CVE-2020-13867 MISC |
beyondco -- ignition | The Ignition page before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env. | 2020-06-07 | 7.5 | CVE-2020-13909 MISC MISC |
ibm -- worklight/mobilefoundation | IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate session cookies when a user logs out of a session, which could allow another user to gain unauthorized access to a user's session. IBM X-Force ID: 175211. | 2020-06-05 | 7.5 | CVE-2020-4229 XF CONFIRM |
zoom -- zoom_client | An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability. | 2020-06-08 | 7.5 | CVE-2020-6109 MISC |
huawei -- multiple_products | Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device. | 2020-06-08 | 7.5 | CVE-2020-9099 MISC |
apple -- ios_and_ipados | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to cause arbitrary code execution. | 2020-06-09 | 7.5 | CVE-2020-9838 MISC |
apple -- multiple_products | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. | 2020-06-09 | 7.5 | CVE-2020-9850 MISC MISC MISC MISC MISC MISC MISC |
google -- android | In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147606347 | 2020-06-10 | 7.2 | CVE-2020-0114 MISC |
google -- android | In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150038428 | 2020-06-10 | 7.2 | CVE-2020-0115 MISC |
google -- android | In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139532977 | 2020-06-11 | 7.2 | CVE-2020-0165 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0916. | 2020-06-09 | 7.2 | CVE-2020-0915 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0915. | 2020-06-09 | 7.2 | CVE-2020-0916 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 2020-06-09 | 7.2 | CVE-2020-0986 MISC |
docker -- desktop | An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges. | 2020-06-05 | 7.2 | CVE-2020-11492 MISC MISC |
microsoft -- windows_defender | An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1170. | 2020-06-09 | 7.2 | CVE-2020-1163 MISC |
microsoft -- windows_defender | An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1163. | 2020-06-09 | 7.2 | CVE-2020-1170 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. | 2020-06-09 | 7.2 | CVE-2020-1197 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1247, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310. | 2020-06-09 | 7.2 | CVE-2020-1207 MISC MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 2020-06-09 | 7.2 | CVE-2020-1246 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1251, CVE-2020-1253, CVE-2020-1310. | 2020-06-09 | 7.2 | CVE-2020-1247 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1253, CVE-2020-1310. | 2020-06-09 | 7.2 | CVE-2020-1251 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1251, CVE-2020-1310. | 2020-06-09 | 7.2 | CVE-2020-1253 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when Windows Modules Installer Service improperly handles class object members.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Modules Installer Service Elevation of Privilege Vulnerability'. | 2020-06-09 | 7.2 | CVE-2020-1254 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | 2020-06-09 | 7.2 | CVE-2020-1258 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 2020-06-09 | 7.2 | CVE-2020-1266 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1207, CVE-2020-1247, CVE-2020-1251, CVE-2020-1253. | 2020-06-09 | 7.2 | CVE-2020-1310 MISC |
qbik -- wingate | WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | 2020-06-08 | 7.2 | CVE-2020-13866 MISC MISC FULLDISC |
citrix -- workspace_app | Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application. | 2020-06-08 | 7.2 | CVE-2020-13884 MISC CONFIRM |
citrix -- workspace_app | Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application. | 2020-06-08 | 7.2 | CVE-2020-13885 MISC CONFIRM |
apple -- multiple_products | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges. | 2020-06-05 | 7.2 | CVE-2020-9859 MISC |
microsoft -- multiple_windows_products | A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | 2020-06-09 | 7.1 | CVE-2020-1283 MISC |
apple -- multiple_products | An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine kernel memory layout. | 2020-06-09 | 7.1 | CVE-2020-9809 MISC MISC MISC MISC |
apple -- multiple_products | An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory. | 2020-06-09 | 7.1 | CVE-2020-9812 MISC MISC MISC MISC |
Medium Vulnerabilities
Primary Vendor -- Produ-t4jra9i0r3OJI{ct | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
google -- android | In addListener of RegionSamplingThread.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150904694 | 2020-06-10 | 6.9 | CVE-2020-0118 MISC |
google -- android | In setSyncSampleParams of SampleTable.cpp, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124771364 | 2020-06-11 | 6.8 | CVE-2020-0160 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'. | 2020-06-09 | 6.8 | CVE-2020-1209 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists in the way that the Connected Devices Platform Service handles objects in memory, aka 'Connected Devices Platform Service Elevation of Privilege Vulnerability'. | 2020-06-09 | 6.8 | CVE-2020-1211 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when an OLE Automation component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'OLE Automation Elevation of Privilege Vulnerability'. | 2020-06-09 | 6.8 | CVE-2020-1212 MISC |
microsoft -- multiple_windows_products | An information disclosure vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Information Disclosure Vulnerability'. | 2020-06-09 | 6.8 | CVE-2020-1217 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1265, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334. | 2020-06-09 | 6.8 | CVE-2020-1235 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 2020-06-09 | 6.8 | CVE-2020-1237 MISC |
microsoft -- multiple_windows_products | A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1239. | 2020-06-09 | 6.8 | CVE-2020-1238 MISC MISC MISC |
microsoft -- multiple_windows_products | A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1238. | 2020-06-09 | 6.8 | CVE-2020-1239 MISC MISC |
microsoft -- multiple_windows_products | A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.The update addresses the vulnerability by correcting how Windows Kernel handles parameter sanitization., aka 'Windows Kernel Security Feature Bypass Vulnerability'. | 2020-06-09 | 6.8 | CVE-2020-1241 MISC |
videolan -- vlc_medi_plan | A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. | 2020-06-08 | 6.8 | CVE-2020-13428 MISC MISC CONFIRM |
dd-wrt -- dd-wrt | ** DISPUTED ** An issue was discovered in DD-WRT through 16214. The Diagnostic page allows remote attackers to execute arbitrary commands via shell metacharacters in the host field of the ping command. Exploitation through CSRF might be possible. NOTE: software maintainers consider the report invalid because it refers to an old software version, requires administrative privileges, and does not provide access beyond that already available to administrative users. | 2020-06-09 | 6.8 | CVE-2020-13976 MISC |
zoom -- zoom_client | An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to trigger this vulnerability. For the most severe effect, target user interaction is required. | 2020-06-08 | 6.8 | CVE-2020-6110 MISC |
couchbase -- couchbase_server | In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request. | 2020-06-08 | 6.8 | CVE-2020-9042 CONFIRM |
apple -- multiple_products | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-06-09 | 6.8 | CVE-2020-9800 MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-06-09 | 6.8 | CVE-2020-9802 MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-06-09 | 6.8 | CVE-2020-9803 MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-06-09 | 6.8 | CVE-2020-9806 MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | 2020-06-09 | 6.8 | CVE-2020-9807 MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination. | 2020-06-09 | 6.8 | CVE-2020-9818 MISC MISC MISC |
apple -- multiple_products | An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A malicious application may be able to bypass Privacy preferences. | 2020-06-09 | 6.8 | CVE-2020-9825 MISC MISC |
apple -- macos_catalina | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox. | 2020-06-09 | 6.8 | CVE-2020-9847 MISC |
microsoft -- sharepoint_server | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka 'Microsoft SharePoint Server Elevation of Privilege Vulnerability'. | 2020-06-09 | 6.5 | CVE-2020-1178 MISC |
microsoft -- sharepoint_server | A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'. | 2020-06-09 | 6.5 | CVE-2020-1181 MISC MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. | 2020-06-09 | 6.5 | CVE-2020-1255 MISC |
realtek -- adsl/pon_modern_soc | A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the build-in network monitoring tool. | 2020-06-08 | 6.5 | CVE-2020-12773 MISC |
ws02 -- multiple_products | In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle. | 2020-06-06 | 6.5 | CVE-2020-13883 MISC |
monstra -- cms | ** DISPUTED ** Monstra CMS 3.0.4 allows an attacker, who already has administrative access to modify .chunk.php files on the Edit Chunk screen, to execute arbitrary OS commands via the Theme Module by visiting the admin/index.php?id=themes&action=edit_chunk URI. NOTE: there is no indication that the Edit Chunk feature was intended to prevent an administrator from using PHP's exec feature. | 2020-06-09 | 6.5 | CVE-2020-13978 MISC |
ibm -- maximo_asset_management | IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 182713. | 2020-06-08 | 6.5 | CVE-2020-4529 XF CONFIRM |
nextcloud -- talk | A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator. | 2020-06-08 | 6.5 | CVE-2020-8180 MISC MISC |
pengutronix -- barebox | Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check. | 2020-06-07 | 6.4 | CVE-2020-13910 MISC |
ljinshan -- cheetah_free_wifi | In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL. | 2020-06-05 | 6.1 | CVE-2020-13646 MISC |
solarwinds -- advanced_monitoring_agent | SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file. | 2020-06-07 | 6 | CVE-2020-13912 MISC |
zephyrproject -- zephyr | Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. | 2020-06-05 | 5.8 | CVE-2020-10061 MISC MISC MISC MISC MISC MISC |
microsoft -- multiple_windows_products | A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1120. | 2020-06-09 | 5.8 | CVE-2020-1244 MISC |
pydio -- cells | In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous user that obtains a valid public link can get the associated hidden account username and password and proceed to login to the web application. Once logged into the web application with the hidden user account, some actions that were not available with the public share link can now be performed. | 2020-06-05 | 5.8 | CVE-2020-12848 MISC MISC MISC |
imagemagik -- imagemagik | ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding. | 2020-06-07 | 5.8 | CVE-2020-13902 MISC |
nodejs -- nodejs | TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0. | 2020-06-08 | 5.8 | CVE-2020-8172 MISC MISC |
opensearch -- opensearch_web_browser | OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link that opens another app in the browser can be manipulated] | 2020-06-08 | 5.8 | CVE-2020-8954 MISC MISC |
apple -- multiple_products | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents. | 2020-06-09 | 5.8 | CVE-2020-9794 MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to cause unexpected system termination or write kernel memory. | 2020-06-09 | 5.8 | CVE-2020-9808 MISC MISC MISC MISC |
apple -- multiple_products | A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges. | 2020-06-09 | 5.1 | CVE-2020-9839 MISC MISC MISC MISC |
google -- android | In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-123940919 | 2020-06-11 | 5 | CVE-2020-0128 MISC |
google -- android | In rw_i93_sm_detect_ndef of rw_i93.c, there is a possible information disclosure due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146053215 | 2020-06-11 | 5 | CVE-2020-0140 MISC |
google -- android | In rw_i93_sm_format of rw_i93.c, there is a possible information disclosure due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146435761 | 2020-06-11 | 5 | CVE-2020-0142 MISC |
google -- android | In avdt_msg_prs_rej of avdt_msg.cc, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-79702484 | 2020-06-11 | 5 | CVE-2020-0176 MISC |
google -- android | In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076 | 2020-06-11 | 5 | CVE-2020-0181 MISC |
google -- android | In ce_t4t_process_select_file_cmd of ce_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140292264 | 2020-06-11 | 5 | CVE-2020-0214 MISC |
zepthyr_project -- zephyr | A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. | 2020-06-05 | 5 | CVE-2020-10063 MISC MISC MISC MISC MISC MISC |
microsoft -- multiple_windows_products | An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'. | 2020-06-09 | 5 | CVE-2020-1206 MISC MISC |
perl -- perl | regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. | 2020-06-05 | 5 | CVE-2020-12723 CONFIRM CONFIRM CONFIRM MISC MISC GENTOO CONFIRM |
phpmailer -- phpmailer | PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. | 2020-06-08 | 5 | CVE-2020-13625 CONFIRM CONFIRM MLIST |
artica -- pandora_fms | Artica Pandora FMS 7.44 has inadequate access controls on a web folder. | 2020-06-11 | 5 | CVE-2020-13850 MISC MISC |
sqlite -- sqlite | SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. | 2020-06-06 | 5 | CVE-2020-13871 MISC MISC MISC |
dext5 -- dext5 | handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field. | 2020-06-07 | 5 | CVE-2020-13894 MISC |
d-link -- multiple_mobile_devices | D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name. | 2020-06-08 | 5 | CVE-2020-13960 MISC |
mumble -- mumble | Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) | 2020-06-09 | 5 | CVE-2020-13962 MISC MISC MISC |
ibm -- websphere_application_server | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 181230. | 2020-06-05 | 5 | CVE-2020-4449 XF CONFIRM MISC |
whitesource -- application_vulnerability_management | The dashboard in WhiteSource Application Vulnerability Management (AVM) before version 20.4.1 allows Log Injection via a %0A%0D substring in the idp parameter to the /saml/login URI. This closes the current log and creates a new log with one line of data. The attacker can also insert malicious data and false entries. | 2020-06-08 | 5 | CVE-2020-5304 MISC MISC |
xack -- xack_dns | XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to 1.7.18, and versions before 1.7.0 allow remote attackers to cause a denial of service condition resulting in degradation of the recursive resolver's performance or compromising the recursive resolver as a reflector in a reflection attack. | 2020-06-05 | 5 | CVE-2020-5591 MISC MISC |
couchbase -- couchbase_server_java_sdk | Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname verification. | 2020-06-08 | 5 | CVE-2020-9040 CONFIRM |
couchbase -- couchbase_server_and_couchbase_sync_gateway | In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections. | 2020-06-08 | 5 | CVE-2020-9041 CONFIRM |
huawei -- multiple_devices | Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones. | 2020-06-05 | 5 | CVE-2020-9074 MISC |
apple -- ios_and_ipados | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5. A remote attacker may be able to modify the file system. | 2020-06-09 | 5 | CVE-2020-9820 MISC |
apple -- ios_and_ipados | This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5. Users removed from an iMessage conversation may still be able to alter state. | 2020-06-09 | 5 | CVE-2020-9823 MISC |
apple -- macos_catalina | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A non-privileged user may be able to modify restricted network settings. | 2020-06-09 | 5 | CVE-2020-9824 MISC |
apple -- multiple_products | A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service. | 2020-06-09 | 5 | CVE-2020-9826 MISC MISC |
apple -- multiple_products | A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service. | 2020-06-09 | 5 | CVE-2020-9827 MISC MISC MISC MISC |
apple -- ios_and_ipados | An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 13.5 and iPadOS 13.5. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing. | 2020-06-09 | 5 | CVE-2020-9835 MISC |
apple -- multiple_products | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory. | 2020-06-09 | 5 | CVE-2020-9837 MISC MISC MISC |
google -- android | In sendCaptureResult of Camera3OutputUtils.cpp, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-150944913 | 2020-06-10 | 4.9 | CVE-2020-0113 MISC |
google -- android | In checkSystemLocationAccess of LocationAccessPolicy.java, there is a possible bypass of user profile isolation due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-151330809 | 2020-06-10 | 4.9 | CVE-2020-0116 MISC |
microsoft -- multiple_windows_products | A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1244. | 2020-06-09 | 4.9 | CVE-2020-1120 MISC |
microsoft -- multiple_windows_products | A denial of service vulnerability exists when Windows Registry improperly handles filesystem operations, aka 'Windows Registry Denial of Service Vulnerability'. | 2020-06-09 | 4.9 | CVE-2020-1194 MISC |
freedesktop -- dbus | An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. | 2020-06-08 | 4.9 | CVE-2020-12049 CONFIRM MISC MISC MISC MISC |
lg -- multiple_mobile_devices | An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020). | 2020-06-05 | 4.9 | CVE-2020-13843 CONFIRM |
apple -- macos_catalina | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. Inserting a USB device that sends invalid messages may cause a kernel panic. | 2020-06-09 | 4.9 | CVE-2020-9804 MISC |
apple -- macos_catalina | A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.5. A local user may be able to read kernel memory. | 2020-06-09 | 4.9 | CVE-2020-9833 MISC |
google -- android | In markBootComplete of InstalldNativeService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140237592 | 2020-06-11 | 4.6 | CVE-2020-0124 MISC |
google -- android | In SetData of btm_ble_multi_adv.cc, there is a possible out-of-bound write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-123292010 | 2020-06-11 | 4.6 | CVE-2020-0129 MISC |
google -- android | In multiple locations of Parcel.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-120078455 | 2020-06-11 | 4.6 | CVE-2020-0136 MISC |
google -- android | In setIPv6AddrGenMode of NetworkManagementService.java, there is a possible bypass of networking permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141920289 | 2020-06-11 | 4.6 | CVE-2020-0137 MISC |
google -- android | In rw_t3t_message_set_block_list of rw_t3t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142280329 | 2020-06-11 | 4.6 | CVE-2020-0150 MISC |
google -- android | In phNxpNciHal_write_ext of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139733543 | 2020-06-11 | 4.6 | CVE-2020-0153 MISC |
google -- android | In phNxpNciHal_send_ese_hal_cmd of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139736386 | 2020-06-11 | 4.6 | CVE-2020-0155 MISC |
google -- android | In multiple functions of URI.java, there is a possible escalation of privilege due to missing validation in the parceling of URI information. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124526860 | 2020-06-11 | 4.6 | CVE-2020-0166 MISC |
google -- android | In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145207098 | 2020-06-11 | 4.6 | CVE-2020-0208 MISC |
google -- android | In multiple functions of AccountManager.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145206842 | 2020-06-11 | 4.6 | CVE-2020-0209 MISC |
google -- android | In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145206763 | 2020-06-11 | 4.6 | CVE-2020-0210 MISC |
google -- android | In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. This could lead to local elevation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-122836081 | 2020-06-11 | 4.6 | CVE-2020-0219 MISC |
microsoft -- multiple_windows_products | An elevation of privilege (user to user) vulnerability exists in Windows Security Health Service when handling certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1324. | 2020-06-09 | 4.6 | CVE-2020-1162 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293. | 2020-06-09 | 4.6 | CVE-2020-1257 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 2020-06-09 | 4.6 | CVE-2020-1264 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1231, CVE-2020-1233, CVE-2020-1235, CVE-2020-1282, CVE-2020-1304, CVE-2020-1306, CVE-2020-1334. | 2020-06-09 | 4.6 | CVE-2020-1265 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 2020-06-09 | 4.6 | CVE-2020-1273 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 2020-06-09 | 4.6 | CVE-2020-1274 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316. | 2020-06-09 | 4.6 | CVE-2020-1275 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0986, CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1307, CVE-2020-1316. | 2020-06-09 | 4.6 | CVE-2020-1276 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293. | 2020-06-09 | 4.6 | CVE-2020-1278 MISC |
microsoft -- multiple_windows_products | An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278. | 2020-06-09 | 4.6 | CVE-2020-1293 MISC |
lg -- multiple_mobile_devices | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020). | 2020-06-05 | 4.6 | CVE-2020-13842 CONFIRM |
apple -- safari | A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A malicious process may cause Safari to launch an application. | 2020-06-09 | 4.6 | CVE-2020-9801 MISC |
apple -- macos_catalina | A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.5. A local attacker may be able to elevate their privileges. | 2020-06-09 | 4.6 | CVE-2020-9855 MISC |
apple -- macos_catalina | This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges. | 2020-06-09 | 4.6 | CVE-2020-9856 MISC |
google -- android | In parseChunk of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127973550 | 2020-06-11 | 4.3 | CVE-2020-0161 MISC |
google -- android | In parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124526959 | 2020-06-11 | 4.3 | CVE-2020-0162 MISC |
google -- android | In parseSampleAuxiliaryInformationSizes of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124525515 | 2020-06-11 | 4.3 | CVE-2020-0163 MISC |
google -- android | In load of ResourceTypes.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-129475100 | 2020-06-11 | 4.3 | CVE-2020-0167 MISC |
google -- android | In GetOpusHeaderBuffers() of OpusHeader.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142861738 | 2020-06-11 | 4.3 | CVE-2020-0180 MISC |
google -- android | In ih264d_update_default_index_list() of ih264d_dpb_mgr.c, there is a possible out of bounds read due to a logic error. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140561484 | 2020-06-11 | 4.3 | CVE-2020-0191 MISC |
google -- android | In ih264d_decode_slice_thread of ih264d_thread_parse_decode.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144687080 | 2020-06-11 | 4.3 | CVE-2020-0192 MISC |
google -- android | In ihevc_intra_pred_chroma_mode_3_to_9_av8 of ihevc_intra_pred_chroma_mode_3_to_9.s, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144595488 | 2020-06-11 | 4.3 | CVE-2020-0193 MISC |
google -- android | In ihevcd_iquant_itrans_recon_ctb of ihevcd_iquant_itrans_recon_ctb.c and related functions, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144686961 | 2020-06-11 | 4.3 | CVE-2020-0195 MISC |
google -- android | In next_marker of jdmarker.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-135532289 | 2020-06-11 | 4.3 | CVE-2020-0207 MISC |
combodo -- itop | In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4. | 2020-06-05 | 4.3 | CVE-2020-11696 CONFIRM CONFIRM |
combodo -- itop | In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4. | 2020-06-05 | 4.3 | CVE-2020-11697 CONFIRM CONFIRM |
microsoft -- multiple_windows_products | An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. | 2020-06-09 | 4.3 | CVE-2020-1232 MISC MISC |
libreoffice -- libreoffice | LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4. | 2020-06-08 | 4.3 | CVE-2020-12802 MISC |
libreoffice -- libreoffice | ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.4.4 LibreOffice allowed forms to be submitted to any URI, including file: URIs, enabling form submissions to overwrite local files. User-interaction is required to submit the form, but to avoid the possibility of malicious documents engineered to maximize the possibility of inadvertent user submission this feature has now been limited to http[s] URIs, removing the possibility to overwrite local files. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4. | 2020-06-08 | 4.3 | CVE-2020-12803 MISC |
microsoft -- multiple_windows_products | A denial of service vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Denial of Service Vulnerability'. | 2020-06-09 | 4.3 | CVE-2020-1284 MISC |
craft -- craft_cms | An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity. | 2020-06-05 | 4.3 | CVE-2020-13868 MISC |
debian -- debian_linux | In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. | 2020-06-06 | 4.3 | CVE-2020-13881 MLIST MISC MISC MLIST |
hesk -- hesk | HESK before 3.1.10 allows reflected XSS. | 2020-06-07 | 4.3 | CVE-2020-13897 MISC |
ffmpeg -- ffmpeg | FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. | 2020-06-07 | 4.3 | CVE-2020-13904 MISC MISC |
roundcube -- webmail | An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object. | 2020-06-09 | 4.3 | CVE-2020-13964 MISC MISC MISC CONFIRM DEBIAN |
roundcube -- webmail | An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview. | 2020-06-09 | 4.3 | CVE-2020-13965 MISC MISC MISC MISC CONFIRM DEBIAN |
owasp -- json-sanitizer | OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause non-script content to be interpreted as JavaScript. | 2020-06-09 | 4.3 | CVE-2020-13973 MISC |
wordpress -- wordpress | The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via the data/typeahead-generate.php q (aka name) parameter. | 2020-06-10 | 4.3 | CVE-2020-14010 MISC |
otrs -- otrs | BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions. | 2020-06-08 | 4.3 | CVE-2020-1775 MISC |
apple -- macos_catalina | This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. Importing a maliciously crafted calendar invitation may exfiltrate user information. | 2020-06-09 | 4.3 | CVE-2020-3882 MISC |
prisma -- graphql_playground | GraphQL Playground (graphql-playground-html NPM package) before version 1.6.22 have a severe XSS Reflection attack vulnerability. All unsanitized user input passed into renderPlaygroundPage() method could trigger this vulnerability. This has been patched in graphql-playground-html version 1.6.22. Note that some of the associated dependent middleware packages are also affected including but not limited to graphql-playground-middleware-express before version 1.7.16, graphql-playground-middleware-koa before version 1.6.15, graphql-playground-middleware-lambda before version 1.7.17, and graphql-playground-middleware-hapi before 1.6.13. | 2020-06-08 | 4.3 | CVE-2020-4038 MISC MISC CONFIRM |
bolt -- bolt | Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1 | 2020-06-08 | 4.3 | CVE-2020-4040 MISC MISC CONFIRM |
bolt -- bolt | In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented. This is fixed in Bolt 3.7.1. | 2020-06-08 | 4.3 | CVE-2020-4041 MISC MISC CONFIRM |
apple -- multiple_products | An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine another application's memory layout. | 2020-06-09 | 4.3 | CVE-2020-9797 MISC MISC MISC MISC |
apple -- multiple_products | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting. | 2020-06-09 | 4.3 | CVE-2020-9805 MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory. | 2020-06-09 | 4.3 | CVE-2020-9811 MISC MISC MISC MISC |
apple -- multiple_products | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, iOS 12.4.7, watchOS 6.2.5, watchOS 5.3.7. Processing a maliciously crafted mail message may lead to heap corruption. | 2020-06-09 | 4.3 | CVE-2020-9819 MISC MISC MISC MISC |
apple -- multiple_products | A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted text message may lead to application denial of service. | 2020-06-09 | 4.3 | CVE-2020-9829 MISC MISC MISC |
apple -- macos_catalina | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout. | 2020-06-09 | 4.3 | CVE-2020-9831 MISC |
apple -- macos_catalina | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to determine kernel memory layout. | 2020-06-09 | 4.3 | CVE-2020-9832 MISC |
apple -- multiple_products | This issue was addressed with improved checks. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to use arbitrary entitlements. | 2020-06-09 | 4.3 | CVE-2020-9842 MISC MISC MISC MISC |
apple -- multiple_products | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. | 2020-06-09 | 4.3 | CVE-2020-9843 MISC MISC MISC MISC MISC MISC MISC |
apple -- macos_catalina | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to modify protected parts of the file system. | 2020-06-09 | 4.3 | CVE-2020-9851 MISC |
goole -- android | In nfa_hci_conn_cback of nfa_hci_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139740814 | 2020-06-11 | 4 | CVE-2020-0157 MISC |
nagios -- nagios | Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. | 2020-06-09 | 4 | CVE-2020-13977 MISC MISC MISC |
huawei -- multiple_products | Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak vulnerability. An attacker with high privileges exploits this vulnerability by continuously performing specific operations. Successful exploitation of this vulnerability can cause service abnormal. | 2020-06-05 | 4 | CVE-2020-1883 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.