CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
751 CVE-2020-9573 119 Exec Code Overflow Mem. Corr. 2020-06-26 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
752 CVE-2020-9572 119 Exec Code Overflow Mem. Corr. 2020-06-26 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
753 CVE-2020-9571 119 Exec Code Overflow Mem. Corr. 2020-06-26 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
754 CVE-2020-9570 119 Exec Code Overflow Mem. Corr. 2020-06-26 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Illustrator versions 24.0.2 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .
755 CVE-2020-9569 787 Exec Code 2020-06-26 2020-06-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
756 CVE-2020-9568 119 Exec Code Overflow Mem. Corr. 2020-06-26 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge versions 10.0.1 and earlier version have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution .
757 CVE-2020-9567 416 Exec Code 2020-06-26 2020-06-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
758 CVE-2020-9566 416 Exec Code 2020-06-26 2020-06-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
759 CVE-2020-9565 787 Exec Code 2020-06-26 2020-06-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
760 CVE-2020-9564 787 Exec Code 2020-06-26 2020-06-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
761 CVE-2020-9563 787 Exec Code Overflow 2020-06-26 2020-06-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
762 CVE-2020-9562 787 Exec Code Overflow 2020-06-26 2020-06-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge versions 10.0.1 and earlier version have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
763 CVE-2020-9561 787 Exec Code 2020-06-26 2020-06-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
764 CVE-2020-9560 787 Exec Code 2020-06-26 2020-06-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
765 CVE-2020-9559 787 Exec Code 2020-06-26 2020-06-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
766 CVE-2020-9558 125 2020-06-26 2020-06-29
4.3
None Remote Medium Not required Partial None None
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
767 CVE-2020-9557 125 2020-06-26 2020-06-29
4.3
None Remote Medium Not required Partial None None
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
768 CVE-2020-9556 787 Exec Code 2020-06-26 2020-06-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
769 CVE-2020-9555 787 Exec Code Overflow 2020-06-26 2020-06-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge versions 10.0.1 and earlier version have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
770 CVE-2020-9554 787 Exec Code 2020-06-26 2020-06-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
771 CVE-2020-9553 200 +Info 2020-06-26 2021-07-21
4.3
None Remote Medium Not required Partial None None
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
772 CVE-2020-9522 79 XSS 2020-06-16 2020-06-19
4.3
None Remote Medium Not required None Partial None
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure.
773 CVE-2020-9495 74 2020-06-19 2020-06-24
5.0
None Remote Low Not required Partial None None
Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects.
774 CVE-2020-9494 119 Overflow 2020-06-24 2021-07-21
5.0
None Remote Low Not required None None Partial
Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread.
775 CVE-2020-9483 89 Sql 2020-06-30 2020-07-10
5.0
None Remote Low Not required Partial None None
**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters.
776 CVE-2020-9480 287 Exec Code 2020-06-23 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even without the shared key. This can be leveraged to execute shell commands on the host machine. This does not affect Spark clusters using other resource managers (YARN, Mesos, etc).
777 CVE-2020-9462 312 2020-06-04 2020-06-10
3.3
None Local Network Low Not required Partial None None
An issue was discovered in all Athom Homey and Homey Pro devices up to the current version 4.2.0. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks.
778 CVE-2020-9438 294 2020-06-23 2020-07-01
4.3
None Remote Medium Not required None Partial None
Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocation is mishandled.
779 CVE-2020-9437 79 XSS 2020-06-25 2020-07-06
3.5
None Remote Medium ??? None Partial None
SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS.
780 CVE-2020-9427 918 2020-06-15 2020-06-18
4.0
None Remote Low ??? Partial None None
OX Guard 2.10.3 and earlier allows SSRF.
781 CVE-2020-9426 79 XSS 2020-06-15 2020-06-17
4.3
None Remote Medium Not required None Partial None
OX Guard 2.10.3 and earlier allows XSS.
782 CVE-2020-9414 79 XSS 2020-06-30 2020-07-10
9.0
None Remote Low ??? Complete Complete Complete
The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user. The session identifier when replayed could provide administrative rights or file transfer permissions to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below.
783 CVE-2020-9413 79 Exec Code XSS 2020-06-30 2020-07-10
9.3
None Remote Medium Not required Complete Complete Complete
The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrary commands on the affected system. If the attacker convinces an authenticated user with a currently active session to enter or click on the URL the commands will be executed on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below.
784 CVE-2020-9412 20 Exec Code 2020-06-09 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.
785 CVE-2020-9411 862 2020-06-09 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component. This vulnerability is exploitable when the configuration option 'Require Node Resp' is set to 'No'. In the event of a successful exploit, the attacker could theoretically read and write any file on the file system accessible to the affected component, thus fully affecting the confidentiality, integrity, and availability of the operating system hosting the deployment of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.
786 CVE-2020-9332 269 2020-06-17 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 allows privilege escalation via crafted IoCtl code related to a USB HID device.
787 CVE-2020-9296 74 2020-06-16 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code.
788 CVE-2020-9292 428 +Priv 2020-06-04 2020-06-09
7.5
None Remote Low Not required Partial Partial Partial
An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path.
789 CVE-2020-9291 668 +Priv 2020-06-01 2021-04-20
4.6
None Local Low Not required Partial Partial Partial
An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack.
790 CVE-2020-9289 798 2020-06-16 2020-07-24
5.0
None Remote Low Not required Partial None None
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.
791 CVE-2020-9288 79 XSS 2020-06-22 2020-06-26
3.5
None Remote Medium ??? None Partial None
An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile.
792 CVE-2020-9225 269 2020-06-18 2020-06-22
4.6
None Local Low Not required Partial Partial Partial
FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege.
793 CVE-2020-9099 287 2020-06-08 2020-06-11
7.5
None Remote Low Not required Partial Partial Partial
Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10; V500R002C20; V500R002C30 have an improper authentication vulnerability. Attackers need to perform some operations to exploit the vulnerability. Successful exploit may obtain certain permissions on the device.
794 CVE-2020-9076 287 2020-06-15 2020-06-20
4.0
None Remote High Not required Partial Partial None
HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL.
795 CVE-2020-9075 200 +Info 2020-06-15 2021-07-21
4.0
None Remote Low ??? Partial None None
Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification. An attacker with limited privilege can exploit this vulnerability to access a specific directory. Successful exploitation of this vulnerability may lead to information leakage.
796 CVE-2020-9074 755 2020-06-05 2020-06-10
5.0
None Remote Low Not required None None Partial
Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones.
797 CVE-2020-9071 125 2020-06-01 2020-06-03
4.0
None Remote Low ??? None None Partial
There is a few bytes out-of-bounds read vulnerability in some Huawei products. The software reads data past the end of the intended buffer when parsing certain message, an authenticated attacker could exploit this vulnerability by sending crafted messages to the device. Successful exploit may cause service abnormal in specific scenario.Affected product versions include:AR120-S versions V200R007C00SPC900,V200R007C00SPCa00
798 CVE-2020-9047 347 Exec Code 2020-06-26 2021-05-26
9.0
None Remote Low ??? Complete Complete Complete
A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentially download and run a malicious executable that could allow OS command injection on the system.
799 CVE-2020-9042 352 CSRF 2020-06-08 2020-06-11
6.8
None Remote Medium Not required Partial Partial Partial
In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request.
800 CVE-2020-9041 404 2020-06-08 2020-06-11
5.0
None Remote Low Not required None None Partial
In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections.
Total number of vulnerabilities : 1786   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (This Page)17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.