CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2020-11959 200 +Info 2020-06-24 2021-07-21
5.0
None Remote Low Not required Partial None None
An unsafe configuration of nginx lead to information leak in Xiaomi router R3600 ROM before 1.0.50.
502 CVE-2020-11957 331 2020-06-09 2020-06-22
5.4
None Local Network Medium Not required Partial Partial Partial
The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 128 bits during BLE pairing. This is the case for both authenticated and unauthenticated pairing with both LE Secure Connections as well as LE Legacy Pairing. A predictable or brute-forceable random number allows an attacker (in radio range) to perform a MITM attack during BLE pairing.
503 CVE-2020-11914 125 2020-06-17 2020-07-22
3.3
None Local Network Low Not required Partial None None
The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read.
504 CVE-2020-11913 125 2020-06-17 2020-07-22
5.0
None Remote Low Not required Partial None None
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
505 CVE-2020-11912 125 2020-06-17 2020-07-22
3.3
None Local Network Low Not required None None Partial
The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read.
506 CVE-2020-11911 862 2020-06-17 2021-07-21
5.0
None Remote Low Not required None Partial None
The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control.
507 CVE-2020-11910 125 2020-06-17 2020-07-22
5.0
None Remote Low Not required Partial None None
The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read.
508 CVE-2020-11909 191 2020-06-17 2020-07-22
5.0
None Remote Low Not required Partial None None
The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.
509 CVE-2020-11908 2020-06-17 2020-07-22
3.3
None Local Network Low Not required None None Partial
The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP.
510 CVE-2020-11907 2020-06-17 2020-07-22
5.8
None Local Network Low Not required Partial Partial Partial
The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP.
511 CVE-2020-11906 191 2020-06-17 2020-07-22
5.8
None Local Network Low Not required Partial Partial Partial
The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow.
512 CVE-2020-11905 125 2020-06-17 2020-07-22
3.3
None Local Network Low Not required Partial None None
The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read.
513 CVE-2020-11904 787 Overflow 2020-06-17 2020-07-22
7.5
None Remote Low Not required Partial Partial Partial
The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write.
514 CVE-2020-11903 125 2020-06-17 2020-07-22
3.3
None Local Network Low Not required Partial None None
The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read.
515 CVE-2020-11902 125 2020-06-17 2020-07-22
7.5
None Remote Low Not required Partial Partial Partial
The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read.
516 CVE-2020-11901 20 Exec Code 2020-06-17 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response.
517 CVE-2020-11900 415 2020-06-17 2020-07-22
6.4
None Remote Low Not required None Partial Partial
The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free.
518 CVE-2020-11899 125 2020-06-17 2020-07-22
4.8
None Local Network Low Not required None Partial Partial
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.
519 CVE-2020-11898 200 +Info 2020-06-17 2021-07-21
6.4
None Remote Low Not required Partial None Partial
The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.
520 CVE-2020-11897 787 2020-06-17 2020-07-22
10.0
None Remote Low Not required Complete Complete Complete
The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets.
521 CVE-2020-11896 20 Exec Code 2020-06-17 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.
522 CVE-2020-11841 200 +Info 2020-06-16 2021-07-21
4.0
None Remote Low ??? Partial None None
Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure.
523 CVE-2020-11840 200 +Info 2020-06-16 2021-07-21
4.0
None Remote Low ??? Partial None None
Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure.
524 CVE-2020-11839 79 XSS 2020-06-12 2020-06-17
4.3
None Remote Medium Not required None Partial None
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure.
525 CVE-2020-11838 79 XSS 2020-06-16 2020-06-19
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure.
526 CVE-2020-11798 22 Dir. Trav. 2020-06-10 2020-06-17
5.0
None Remote Low Not required Partial None None
A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.
527 CVE-2020-11735 326 2020-06-25 2021-07-21
5.0
None Remote Low Not required Partial None None
The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."
528 CVE-2020-11697 79 XSS 2020-06-05 2020-06-11
4.3
None Remote Medium Not required None Partial None
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
529 CVE-2020-11696 79 XSS 2020-06-05 2020-06-11
4.3
None Remote Medium Not required None Partial None
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
530 CVE-2020-11682 352 CSRF 2020-06-04 2020-06-10
4.3
None Remote Medium Not required None Partial None
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request will succeed.
531 CVE-2020-11681 522 2020-06-04 2020-06-10
4.0
None Remote Low ??? None Partial None
Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials.
532 CVE-2020-11680 863 Bypass 2020-06-04 2021-07-21
4.0
None Remote Low ??? None Partial None
Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying the file store, creating/modifying alerts, creating/modifying users, etc.
533 CVE-2020-11679 269 2020-06-04 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional roles to their account.
534 CVE-2020-11622 2020-06-10 2020-06-23
4.3
None Remote Medium Not required None None Partial
A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M and below releases in the 4.23.x train, 4.22.4M and below releases in the 4.22.x train, 4.21.3M to 4.21.9M releases in the 4.21.x train, 4.21.3FX-7368.*, 4.21.4-FCRFX.*, 4.21.4.1, 4.21.7.1, 4.22.2.0.1, 4.22.2.2.1, 4.22.3.1, and 4.23.2.1 Router code in a scenario where TCP MSS options are configured.
535 CVE-2020-11614 319 2020-06-11 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace executable files with malicious versions, which the operating system then executes under the context of the user running Hero Designer.
536 CVE-2020-11613 427 2020-06-11 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application.
537 CVE-2020-11538 125 2020-06-25 2020-07-27
6.8
None Remote Medium Not required Partial Partial Partial
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
538 CVE-2020-11520 269 Exec Code 2020-06-22 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Exploiting this vulnerability results in privileged code execution.
539 CVE-2020-11519 269 Exec Code 2020-06-22 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to read or write to physical disc sectors via a \\.\SecureDocDevice handle. Exploiting this vulnerability results in privileged code execution.
540 CVE-2020-11503 787 Overflow 2020-06-18 2020-06-23
7.5
None Remote Low Not required Partial Partial Partial
A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely.
541 CVE-2020-11492 269 2020-06-05 2020-06-10
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges.
542 CVE-2020-11099 125 2020-06-22 2020-09-08
6.4
None Remote Low Not required Partial None Partial
In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2.
543 CVE-2020-11098 125 2020-06-22 2020-09-08
5.8
None Remote Medium Not required Partial None Partial
In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2.
544 CVE-2020-11097 125 2020-06-22 2020-09-08
5.5
None Remote Low ??? Partial None Partial
In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.
545 CVE-2020-11096 125 2020-06-22 2020-09-08
6.4
None Remote Low Not required Partial None Partial
In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2.
546 CVE-2020-11095 125 2020-06-22 2020-09-08
5.5
None Remote Low ??? Partial None Partial
In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.
547 CVE-2020-11094 532 +Info 2020-06-04 2020-06-10
6.8
None Remote Medium Not required Partial Partial Partial
The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests (and all information pertaining to each request including session data) whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to untrusted users as the potential exists for them to use this feature to view all requests being made to the application and obtain sensitive information from those requests. There even exists the potential for account takeovers of authenticated users by non-authenticated public users, which would then lead to a number of other potential issues as an attacker could theoretically get full access to the system if the required conditions existed. Issue has been patched in v3.1.0 by locking down access to the debugbar to all users; it now requires an authenticated backend user with a specifically enabled permission before it is even usable, and the feature that allows access to stored request information is restricted behind a different permission that's more restrictive.
548 CVE-2020-11091 350 2020-06-03 2020-06-09
3.5
None Remote Medium ??? None Partial None
In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host (via ipv6.disable=1 on the kernel cmdline), it will be either unconfigured or configured on some interfaces, but it's pretty likely that ipv6 forwarding is disabled, ie /proc/sys/net/ipv6/conf//forwarding == 0. Also by default, /proc/sys/net/ipv6/conf//accept_ra == 1. The combination of these 2 sysctls means that the host accepts router advertisements and configure the IPv6 stack using them. By sending rogue router advertisements, an attacker can reconfigure the host to redirect part or all of the IPv6 traffic of the host to the attacker controlled container. Even if there was no IPv6 traffic before, if the DNS returns A (IPv4) and AAAA (IPv6) records, many HTTP libraries will try to connect via IPv6 first then fallback to IPv4, giving an opportunity to the attacker to respond. If by chance you also have on the host a vulnerability like last year's RCE in apt (CVE-2019-3462), you can now escalate to the host. Weave Net version 2.6.3 disables the accept_ra option on the veth devices that it creates.
549 CVE-2020-11090 400 2020-06-11 2020-06-22
5.0
None Remote Low Not required None None Partial
In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3.
550 CVE-2020-11080 707 DoS 2020-06-03 2021-10-17
5.0
None Remote Low Not required None None Partial
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.
Total number of vulnerabilities : 1786   Page : 1 2 3 4 5 6 7 8 9 10 11 (This Page)12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.