CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1351 CVE-2020-1178 269 2020-06-09 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka 'Microsoft SharePoint Server Elevation of Privilege Vulnerability'.
1352 CVE-2020-1177 79 XSS 2020-06-09 2020-06-12
3.5
None Remote Medium ??? None Partial None
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1183, CVE-2020-1297, CVE-2020-1298, CVE-2020-1318, CVE-2020-1320.
1353 CVE-2020-1170 269 2020-06-09 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1163.
1354 CVE-2020-1163 269 2020-06-09 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1170.
1355 CVE-2020-1162 269 2020-06-09 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege (user to user) vulnerability exists in Windows Security Health Service when handling certain objects in memory.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1324.
1356 CVE-2020-1160 200 +Info 2020-06-09 2021-07-21
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'.
1357 CVE-2020-1148 79 XSS 2020-06-09 2020-06-12
3.5
None Remote Medium ??? None Partial None
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1289.
1358 CVE-2020-1120 20 DoS 2020-06-09 2021-07-21
4.9
None Local Low Not required None None Complete
A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1244.
1359 CVE-2020-1073 119 Exec Code Overflow Mem. Corr. 2020-06-09 2021-07-21
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.
1360 CVE-2020-0986 269 2020-06-09 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.
1361 CVE-2020-0916 269 2020-06-09 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0915.
1362 CVE-2020-0915 269 2020-06-09 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0916.
1363 CVE-2020-0597 125 DoS 2020-06-15 2021-03-18
5.0
None Remote Low Not required None None Partial
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.
1364 CVE-2020-0596 20 2020-06-15 2020-07-22
5.0
None Remote Low Not required Partial None None
Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.
1365 CVE-2020-0595 416 2020-06-15 2021-03-18
7.5
None Remote Low Not required Partial Partial Partial
Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
1366 CVE-2020-0594 125 2020-06-15 2021-03-18
7.5
None Remote Low Not required Partial Partial Partial
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
1367 CVE-2020-0586 665 DoS 2020-06-15 2020-07-22
4.6
None Local Low Not required Partial Partial Partial
Improper initialization in subsystem for Intel(R) SPS versions before SPS_E3_04.01.04.109.0 and SPS_E3_04.08.04.070.0 may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.
1368 CVE-2020-0566 269 2020-06-15 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Improper Access Control in subsystem for Intel(R) TXE versions before 3.175 and 4.0.25 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
1369 CVE-2020-0545 190 DoS Overflow 2020-06-15 2020-07-22
2.1
None Local Low Not required None None Partial
Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access.
1370 CVE-2020-0543 200 +Info 2020-06-15 2021-07-21
2.1
None Local Low Not required Partial None None
Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
1371 CVE-2020-0542 119 DoS Overflow 2020-06-15 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.
1372 CVE-2020-0541 787 2020-06-15 2020-07-22
4.6
None Local Low Not required Partial Partial Partial
Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access.
1373 CVE-2020-0540 522 2020-06-15 2020-07-22
5.0
None Remote Low Not required Partial None None
Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.
1374 CVE-2020-0539 22 DoS Dir. Trav. 2020-06-15 2020-07-22
2.1
None Local Low Not required None None Partial
Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access.
1375 CVE-2020-0538 20 DoS 2020-06-15 2020-07-22
5.0
None Remote Low Not required None None Partial
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access.
1376 CVE-2020-0537 20 DoS 2020-06-15 2020-07-22
4.0
None Remote Low ??? None None Partial
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access.
1377 CVE-2020-0536 20 2020-06-15 2020-07-22
5.0
None Remote Low Not required Partial None None
Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access.
1378 CVE-2020-0535 20 2020-06-15 2020-07-22
5.0
None Remote Low Not required Partial None None
Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.
1379 CVE-2020-0534 20 DoS 2020-06-15 2020-07-22
5.0
None Remote Low Not required None None Partial
Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access.
1380 CVE-2020-0533 916 DoS 2020-06-15 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.
1381 CVE-2020-0532 20 DoS 2020-06-15 2020-07-22
4.8
None Local Network Low Not required Partial None Partial
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.
1382 CVE-2020-0531 20 2020-06-15 2020-07-22
4.0
None Remote Low ??? Partial None None
Improper input validation in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to potentially enable information disclosure via network access.
1383 CVE-2020-0529 665 2020-06-15 2020-06-30
4.6
None Local Low Not required Partial Partial Partial
Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access.
1384 CVE-2020-0528 119 DoS Overflow 2020-06-15 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.
1385 CVE-2020-0527 200 +Info 2020-06-15 2021-07-21
2.1
None Local Low Not required Partial None None
Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access.
1386 CVE-2020-0235 119 Overflow 2020-06-16 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size" variable, and then use that variable as the size parameter for "copy_from_user", ending up overwriting memory following "crus_sp_hdr". "crus_sp_hdr" is a static variable, of type "struct crus_sp_ioctl_header".Product: AndroidVersions: Android kernelAndroid ID: A-135129430
1387 CVE-2020-0234 787 2020-06-16 2020-06-22
4.6
None Local Low Not required Partial Partial Partial
In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148189280
1388 CVE-2020-0233 416 Mem. Corr. 2020-06-11 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In main of main.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150225255
1389 CVE-2020-0232 416 2020-06-16 2020-06-22
7.5
None Remote Low Not required Partial Partial Partial
Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds it to the session object then continues to work with it. A concurrent thread could retrieve created transfer object from the session object and delete it using abc_pcie_dma_user_xfer_clean. If this happens, abc_pcie_start_dma_xfer and abc_pcie_wait_dma_xfer in the original thread will trigger UAF when working with the transfer object.Product: AndroidVersions: Android kernelAndroid ID: A-151453714
1390 CVE-2020-0223 269 2020-06-16 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
This is an unbounded write into kernel global memory, via a user-controlled buffer size.Product: AndroidVersions: Android kernelAndroid ID: A-135130450
1391 CVE-2020-0219 269 2020-06-11 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
In onCreate of SliceDeepLinkSpringBoard.java there is a possible insecure Intent. This could lead to local elevation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-122836081
1392 CVE-2020-0218 787 2020-06-11 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
In loadSoundModel and related functions of SoundTriggerHwService.cpp, there is possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-136005905
1393 CVE-2020-0217 787 Exec Code 2020-06-11 2020-06-12
7.5
None Remote Low Not required Partial Partial Partial
In RW_T4tPresenceCheck of rw_t4t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141331405
1394 CVE-2020-0216 190 Overflow 2020-06-11 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-126204073
1395 CVE-2020-0215 276 Bypass +Info 2020-06-11 2020-10-14
4.4
None Local Medium Not required Partial Partial Partial
In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1 Android ID: A-140417248
1396 CVE-2020-0214 125 2020-06-11 2020-06-12
5.0
None Remote Low Not required Partial None None
In ce_t4t_process_select_file_cmd of ce_t4t.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140292264
1397 CVE-2020-0213 787 Overflow 2020-06-11 2020-10-14
6.8
None Remote Medium Not required Partial Partial Partial
In hevcd_fmt_conv_420sp_to_420sp_av8 of ihevcd_fmt_conv_420sp_to_420sp.s, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10 Android-11 Android ID: A-143464314
1398 CVE-2020-0212 416 2020-06-11 2021-07-21
4.3
None Remote Medium Not required Partial None None
In _onBufferDestroyed of InputBufferManager.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-135140854
1399 CVE-2020-0211 125 2020-06-11 2020-06-15
4.3
None Remote Medium Not required Partial None None
In SumCompoundHorizontalTaps of convolve_neon.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147491773
1400 CVE-2020-0210 610 Bypass 2020-06-11 2020-06-12
4.6
None Local Low Not required Partial Partial Partial
In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145206763
Total number of vulnerabilities : 1786   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 (This Page)29 30 31 32 33 34 35 36
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.