CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2020 (CVSS score >= 8)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-15348 74 2020-06-26 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code.
2 CVE-2020-15046 352 CSRF 2020-06-24 2020-07-13
9.3
None Remote Medium Not required Complete Complete Complete
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.
3 CVE-2020-14978 862 Exec Code 2020-06-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine.
4 CVE-2020-14977 20 Exec Code 2020-06-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC services use the PID to identify the connecting client, which allows an attacker to perform a PID reuse attack and connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine.
5 CVE-2020-14421 88 Exec Code 2020-06-18 2020-10-16
9.0
None Remote Low ??? Complete Complete Complete
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.
6 CVE-2020-14414 78 Exec Code CSRF 2020-06-29 2020-07-06
9.0
None Remote Low ??? Complete Complete Complete
NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.)
7 CVE-2020-14412 78 Exec Code CSRF 2020-06-29 2020-07-06
9.0
None Remote Low ??? Complete Complete Complete
NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a psw parameter. (This can also be exploited via CSRF.)
8 CVE-2020-14081 78 2020-06-15 2020-06-17
9.0
None Remote Low ??? Complete Complete Complete
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device.
9 CVE-2020-14075 78 2020-06-15 2020-06-17
9.0
None Remote Low ??? Complete Complete Complete
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device.
10 CVE-2020-14072 Exec Code 2020-06-29 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in MK-AUTH 19.01. It allows command execution as root via shell metacharacters to /auth admin scripts.
11 CVE-2020-14070 798 Bypass 2020-06-29 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login functionality because guessable credentials to admin/executar_login.php result in admin access.
12 CVE-2020-14005 Exec Code 2020-06-24 2021-01-14
9.0
None Remote Low ??? Complete Complete Complete
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event.
13 CVE-2020-13855 434 Exec Code 2020-06-11 2020-06-11
9.0
None Remote Low ??? Complete Complete Complete
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.
14 CVE-2020-13854 269 2020-06-11 2020-06-11
10.0
None Remote Low Not required Complete Complete Complete
Artica Pandora FMS 7.44 allows privilege escalation.
15 CVE-2020-13852 434 Exec Code 2020-06-11 2020-06-11
9.0
None Remote Low ??? Complete Complete Complete
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.
16 CVE-2020-13851 74 Exec Code 2020-06-11 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
Artica Pandora FMS 7.44 allows remote command execution via the events feature.
17 CVE-2020-13841 269 Bypass 2020-06-05 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020).
18 CVE-2020-13839 120 Exec Code Overflow 2020-06-05 2020-06-11
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020).
19 CVE-2020-13695 269 +Info 2020-06-01 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file.
20 CVE-2020-13694 78 Exec Code 2020-06-01 2020-06-02
9.0
None Remote Low ??? Complete Complete Complete
In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option.
21 CVE-2020-13448 78 Exec Code 2020-06-01 2021-12-13
9.0
None Remote Low ??? Complete Complete Complete
QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter.
22 CVE-2020-13247 74 2020-06-24 2021-07-21
8.5
None Remote Medium ??? Complete Complete Complete
BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area.
23 CVE-2020-13224 120 Overflow 2020-06-17 2020-06-24
9.0
None Remote Low ??? Complete Complete Complete
TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow
24 CVE-2020-13159 78 2020-06-22 2020-07-01
10.0
None Remote Low Not required Complete Complete Complete
Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818.
25 CVE-2020-13095 59 Exec Code 2020-06-30 2020-07-08
9.0
None Remote Low ??? Complete Complete Complete
Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root.
26 CVE-2020-12852 20 Exec Code 2020-06-04 2020-06-12
8.5
None Remote Medium ??? Complete Complete Complete
The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. The update process involves downloading the updated binary file from a URL indicated in the update server response, validating its checksum and signature with the provided public key and finally replacing the current application binary. To complete the update process, the application’s service or appliance needs to be restarted. An attacker with administrator access can leverage the software update feature to force the application to download a custom binary that will replace current Pydio Cells binary. When the server or service is eventually restarted the attacker will be able to execute code under the privileges of the user running the application. In the Pydio Cells enterprise appliance this is with the privileges of the user named “pydio”.
27 CVE-2020-12713 269 2020-06-11 2020-06-22
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in CipherMail Community Gateway and Professional/Enterprise Gateway 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger 1.1.1 through 3.1.1-0. Attackers with administrative access to the web interface have multiple options to escalate their privileges to the Unix root account.
28 CVE-2020-12017 306 Exec Code Bypass 2020-06-02 2020-06-08
9.0
None Remote Low Not required Partial Partial Complete
GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. The vulnerability may allow an unauthenticated attacker to execute arbitrary commands and send a request to a specific URL that could cause the device to become unresponsive. The unauthenticated attacker may change the password of the 'configuration' user account, allowing the attacker to modify the configuration of the device via the web interface using the new password. This vulnerability may also allow an unauthenticated attacker to bypass the authentication required to configure the device and reboot the system.
29 CVE-2020-12016 798 Exec Code 2020-06-29 2020-07-08
10.0
None Remote Low Not required Complete Complete Complete
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account credentials for the ExactaMix operating system. Successful exploitation of this vulnerability may allow an attacker who has gained unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration. This could allow an attacker with network access to view sensitive data including PHI.
30 CVE-2020-11975 20 Exec Code 2020-06-05 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.
31 CVE-2020-11901 20 Exec Code 2020-06-17 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response.
32 CVE-2020-11897 787 2020-06-17 2020-07-22
10.0
None Remote Low Not required Complete Complete Complete
The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets.
33 CVE-2020-11896 20 Exec Code 2020-06-17 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.
34 CVE-2020-10272 306 2020-06-24 2020-07-06
10.0
None Remote Low Not required Complete Complete Complete
MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire.
35 CVE-2020-9852 190 Exec Code Overflow 2020-06-09 2020-06-09
9.3
None Remote Medium Not required Complete Complete Complete
An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.
36 CVE-2020-9841 190 Exec Code Overflow 2020-06-09 2020-06-09
9.3
None Remote Medium Not required Complete Complete Complete
An integer overflow was addressed through improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.
37 CVE-2020-9834 119 Exec Code Overflow Mem. Corr. 2020-06-09 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.
38 CVE-2020-9830 787 Exec Code Mem. Corr. 2020-06-09 2020-10-16
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges.
39 CVE-2020-9822 787 Exec Code 2020-06-09 2020-06-11
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to execute arbitrary code with kernel privileges.
40 CVE-2020-9821 119 Exec Code Overflow Mem. Corr. 2020-06-09 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.
41 CVE-2020-9817 276 +Priv 2020-06-09 2020-06-11
9.3
None Remote Medium Not required Complete Complete Complete
A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges.
42 CVE-2020-9816 787 Exec Code 2020-06-09 2020-06-11
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.
43 CVE-2020-9815 125 Exec Code 2020-06-09 2020-10-16
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.
44 CVE-2020-9814 119 Exec Code Overflow Mem. Corr. 2020-06-09 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.
45 CVE-2020-9813 119 Exec Code Overflow Mem. Corr. 2020-06-09 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.
46 CVE-2020-9795 416 Exec Code 2020-06-09 2020-06-11
9.3
None Remote Medium Not required Complete Complete Complete
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to execute arbitrary code with kernel privileges.
47 CVE-2020-9793 119 Exec Code Overflow Mem. Corr. 2020-06-09 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause arbitrary code execution.
48 CVE-2020-9791 125 Exec Code 2020-06-09 2020-06-11
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted audio file may lead to arbitrary code execution.
49 CVE-2020-9790 787 Exec Code 2020-06-09 2020-06-11
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.
50 CVE-2020-9789 787 Exec Code 2020-06-09 2020-06-11
9.3
None Remote Medium Not required Complete Complete Complete
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.
Total number of vulnerabilities : 175   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.