CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1451 CVE-2020-0159 125 2020-06-11 2020-06-11
3.5
None Remote Medium ??? Partial None None
In rw_mfc_writeBlock of rw_mfc.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140768035
1452 CVE-2020-0158 125 2020-06-11 2020-06-11
2.1
None Local Low Not required Partial None None
In nfc_ncif_proc_t3t_polling_ntf of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141547128
1453 CVE-2020-0157 125 2020-06-11 2020-06-12
4.0
None Remote Low ??? Partial None None
In nfa_hci_conn_cback of nfa_hci_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139740814
1454 CVE-2020-0156 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In NxpNfc::ioctl of NxpNfc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139736127
1455 CVE-2020-0155 787 2020-06-11 2020-06-11
4.6
None Local Low Not required Partial Partial Partial
In phNxpNciHal_send_ese_hal_cmd of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139736386
1456 CVE-2020-0154 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In nci_proc_core_rsp of nci_hrcv.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141550919
1457 CVE-2020-0153 787 2020-06-11 2020-06-12
4.6
None Local Low Not required Partial Partial Partial
In phNxpNciHal_write_ext of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139733543
1458 CVE-2020-0152 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In avb_vbmeta_image_verify of avb_vbmeta_image.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145992159
1459 CVE-2020-0151 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In avb_vbmeta_image_verify of avb_vbmeta_image.c there is a possible out of bounds read due to a missing bounds check. This could lead to a local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-133164384
1460 CVE-2020-0150 787 2020-06-11 2020-06-12
4.6
None Local Low Not required Partial Partial Partial
In rw_t3t_message_set_block_list of rw_t3t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142280329
1461 CVE-2020-0149 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In btu_hcif_mode_change_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544089
1462 CVE-2020-0148 125 Exec Code 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In btu_hcif_pin_code_request_evt, btu_hcif_link_key_request_evt, and btu_hcif_link_key_notification_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142638492
1463 CVE-2020-0147 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In btu_hcif_esco_connection_chg_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142638392
1464 CVE-2020-0146 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In btu_hcif_hardware_error_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546561
1465 CVE-2020-0145 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In btm_simple_pair_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544079
1466 CVE-2020-0144 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In btm_proc_sp_req_evt of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142543497
1467 CVE-2020-0143 125 2020-06-11 2020-06-12
2.1
None Local Low Not required Partial None None
In nfa_dm_ndef_find_next_handler of nfa_dm_ndef.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of heap data via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145597277
1468 CVE-2020-0142 200 +Info 2020-06-11 2021-07-21
5.0
None Remote Low Not required Partial None None
In rw_i93_sm_format of rw_i93.c, there is a possible information disclosure due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146435761
1469 CVE-2020-0141 200 Exec Code +Info 2020-06-11 2021-07-21
2.1
None Remote High ??? Partial None None
In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possible heap disclosure due to a race condition. This could lead to remote information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142544793
1470 CVE-2020-0140 200 +Info 2020-06-11 2021-07-21
5.0
None Remote Low Not required Partial None None
In rw_i93_sm_detect_ndef of rw_i93.c, there is a possible information disclosure due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146053215
1471 CVE-2020-0139 190 Overflow 2020-06-11 2021-07-21
2.1
None Local Low Not required Partial None None
In NDEF_MsgValidate of ndef_utils.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malformed NFC tag is provided by the firmware. System execution privileges are needed and user interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145520471
1472 CVE-2020-0138 787 Exec Code 2020-06-11 2020-06-15
6.8
None Remote Medium Not required Partial Partial Partial
In get_element_attr_rsp of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if bluetoothtbd were used, which it isn't in typical Android platforms, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142878416
1473 CVE-2020-0137 276 Bypass 2020-06-11 2020-06-12
4.6
None Local Low Not required Partial Partial Partial
In setIPv6AddrGenMode of NetworkManagementService.java, there is a possible bypass of networking permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141920289
1474 CVE-2020-0136 190 Overflow 2020-06-11 2021-07-21
4.6
None Local Low Not required Partial Partial Partial
In multiple locations of Parcel.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-120078455
1475 CVE-2020-0135 276 2020-06-11 2021-07-21
2.1
None Local Low Not required Partial None None
In dump of RollbackManagerServiceImpl.java, there is a possible backup metadata exposure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150949837
1476 CVE-2020-0134 200 +Info 2020-06-11 2021-07-21
2.1
None Local Low Not required Partial None None
In BnDrm::onTransact of IDrm.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146052771
1477 CVE-2020-0133 276 Bypass 2020-06-11 2020-06-17
4.4
None Local Medium Not required Partial Partial Partial
In MockLocationAppPreferenceController.java, it is possible to mock the GPS location of the device due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145136060
1478 CVE-2020-0132 502 2020-06-11 2021-07-21
2.1
None Local Low Not required Partial None None
In BnAAudioService::onTransact of IAAudioService.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139473816
1479 CVE-2020-0131 787 Exec Code 2020-06-11 2020-06-15
6.8
None Remote Medium Not required Partial Partial Partial
In parseChunk of MPEG4Extractor.cpp, there is a possible out of bounds write due to incompletely initialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-151159638
1480 CVE-2020-0129 787 2020-06-11 2020-06-12
4.6
None Local Low Not required Partial Partial Partial
In SetData of btm_ble_multi_adv.cc, there is a possible out-of-bound write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-123292010
1481 CVE-2020-0128 190 Overflow 2020-06-11 2021-07-21
5.0
None Remote Low Not required Partial None None
In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-123940919
1482 CVE-2020-0127 125 Exec Code 2020-06-11 2020-06-15
4.3
None Remote Medium Not required Partial None None
In AudioStream::decode of AudioGroup.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the phone process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140054506
1483 CVE-2020-0126 416 Exec Code 2020-06-11 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137878930
1484 CVE-2020-0124 787 2020-06-11 2020-06-12
4.6
None Local Low Not required Partial Partial Partial
In markBootComplete of InstalldNativeService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140237592
1485 CVE-2020-0121 276 Bypass 2020-06-10 2021-07-21
2.1
None Local Low Not required Partial None None
In updateUidProcState of AppOpsService.java, there is a possible permission bypass due to a logic error. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148180766
1486 CVE-2020-0119 295 2020-06-10 2020-06-15
5.4
None Remote High Not required Complete None None
In addOrUpdateNetworkInternal and related functions of WifiConfigManager.java, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150500247
1487 CVE-2020-0118 787 2020-06-10 2021-07-21
6.9
None Local Medium Not required Complete Complete Complete
In addListener of RegionSamplingThread.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150904694
1488 CVE-2020-0117 190 Exec Code Overflow 2020-06-10 2021-07-21
10.0
None Remote Low Not required Complete Complete Complete
In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-151155194
1489 CVE-2020-0116 276 Bypass 2020-06-10 2021-07-21
4.9
None Local Low Not required Complete None None
In checkSystemLocationAccess of LocationAccessPolicy.java, there is a possible bypass of user profile isolation due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-151330809
1490 CVE-2020-0115 269 Bypass 2020-06-10 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-150038428
1491 CVE-2020-0114 269 2020-06-10 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
In onCreateSliceProvider of KeyguardSliceProvider.java, there is a possible confused deputy due to a PendingIntent error. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147606347
1492 CVE-2020-0113 416 2020-06-10 2021-07-21
4.9
None Local Low Not required Complete None None
In sendCaptureResult of Camera3OutputUtils.cpp, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-150944913
1493 CVE-2019-20893 120 Exec Code Overflow 2020-06-30 2020-07-09
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered in Activision Infinity Ward Call of Duty Modern Warfare 2 through 2019-12-11. PartyHost_HandleJoinPartyRequest has a buffer overflow vulnerability and can be exploited by using a crafted joinParty packet. This can be utilized to conduct arbitrary code execution on a victim's machine.
1494 CVE-2019-20892 415 2020-06-25 2021-01-20
4.0
None Remote Low ??? None None Partial
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.
1495 CVE-2019-20891 352 XSS CSRF 2020-06-19 2020-06-25
6.8
None Remote Medium Not required Partial Partial Partial
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.
1496 CVE-2019-20890 200 Bypass +Info 2020-06-19 2021-07-21
4.0
None Remote Low ??? Partial None None
An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions.
1497 CVE-2019-20889 276 2020-06-19 2020-06-23
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation.
1498 CVE-2019-20888 401 DoS 2020-06-19 2020-06-20
5.0
None Remote Low Not required None None Partial
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration.
1499 CVE-2019-20887 732 2020-06-19 2021-07-21
4.0
None Remote Low ??? Partial None None
An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts.
1500 CVE-2019-20886 269 2020-06-19 2020-06-23
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin.
Total number of vulnerabilities : 1786   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 (This Page)31 32 33 34 35 36
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.