CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1501 CVE-2019-20885 200 +Info 2020-06-19 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file.
1502 CVE-2019-20884 732 2020-06-19 2021-07-21
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post.
1503 CVE-2019-20883 732 2020-06-19 2021-07-21
3.5
None Remote Medium ??? None Partial None
An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Users can pin or unpin a post.
1504 CVE-2019-20882 276 2020-06-19 2020-06-23
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team.
1505 CVE-2019-20881 522 2020-06-19 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA.
1506 CVE-2019-20880 400 DoS 2020-06-19 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph.
1507 CVE-2019-20879 732 2020-06-19 2021-07-21
4.0
None Remote Low ??? None Partial None
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry.
1508 CVE-2019-20878 200 +Info 2020-06-19 2021-07-21
4.0
None Remote Low ??? Partial None None
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled.
1509 CVE-2019-20877 200 +Info 2020-06-19 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information about whether someone has 2FA enabled.
1510 CVE-2019-20876 732 Bypass 2020-06-19 2021-07-21
5.5
None Remote Low ??? None Partial Partial
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy.
1511 CVE-2019-20875 732 2020-06-19 2021-07-21
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed.
1512 CVE-2019-20874 200 +Info 2020-06-19 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change.
1513 CVE-2019-20873 200 +Info 2020-06-19 2021-07-21
4.0
None Remote Low ??? Partial None None
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation.
1514 CVE-2019-20872 918 2020-06-19 2020-06-23
2.1
None Local Low Not required Partial None None
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.
1515 CVE-2019-20871 2020-06-19 2020-06-23
5.0
None Remote Low Not required None None Partial
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking.
1516 CVE-2019-20870 20 Bypass 2020-06-19 2020-06-23
4.0
None Remote Low ??? None Partial None
An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID.
1517 CVE-2019-20869 732 2020-06-19 2021-07-21
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel.
1518 CVE-2019-20868 20 2020-06-19 2020-06-23
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated.
1519 CVE-2019-20867 20 2020-06-19 2021-07-21
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel's post loading via one crafted post.
1520 CVE-2019-20866 444 +Info 2020-06-19 2020-06-29
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled.
1521 CVE-2019-20865 352 CSRF 2020-06-19 2020-06-23
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF.
1522 CVE-2019-20864 863 2020-06-19 2021-07-21
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Plugins before 5.13.0. The GitHub plugin allows an attacker to attach his Mattermost account to a different person's GitHub account.
1523 CVE-2019-20863 2020-06-19 2020-06-26
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted.
1524 CVE-2019-20862 2020-06-19 2020-06-23
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands.
1525 CVE-2019-20861 Exec Code 2020-06-19 2020-06-26
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link.
1526 CVE-2019-20860 DoS 2020-06-19 2020-06-29
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service (application hang) via a crafted SVG document.
1527 CVE-2019-20859 269 Bypass 2020-06-19 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input.
1528 CVE-2019-20858 400 DoS 2020-06-19 2020-06-23
5.0
None Remote Low Not required None None Partial
An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint.
1529 CVE-2019-20857 DoS 2020-06-19 2020-06-23
5.0
None Remote Low Not required None None Partial
An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters.
1530 CVE-2019-20856 427 2020-06-19 2021-09-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection.
1531 CVE-2019-20855 200 +Info 2020-06-19 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration.
1532 CVE-2019-20854 DoS 2020-06-19 2020-06-23
5.0
None Remote Low Not required None None Partial
An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message.
1533 CVE-2019-20853 668 Exec Code 2020-06-19 2020-06-30
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mattermost Packages before 5.16.3. A Droplet could allow Internet access to a service that has a remote code execution problem.
1534 CVE-2019-20852 200 +Info 2020-06-19 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information (e.g., server addresses or message content).
1535 CVE-2019-20851 22 Dir. Trav. 2020-06-19 2020-10-27
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device.
1536 CVE-2019-20850 200 +Info 2020-06-19 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout.
1537 CVE-2019-20849 200 +Info 2020-06-19 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout.
1538 CVE-2019-20848 20 2020-06-19 2020-06-29
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies.
1539 CVE-2019-20847 2020-06-19 2020-06-25
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel.
1540 CVE-2019-20846 281 2020-06-19 2020-06-19
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage.
1541 CVE-2019-20845 400 DoS 2020-06-19 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import.
1542 CVE-2019-20844 924 2020-06-19 2020-06-19
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel.
1543 CVE-2019-20843 281 2020-06-19 2020-06-19
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.
1544 CVE-2019-20842 89 Sql 2020-06-19 2020-06-19
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels.
1545 CVE-2019-20841 352 CSRF 2020-06-19 2021-04-12
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.
1546 CVE-2019-20840 787 2020-06-17 2021-12-14
5.0
None Remote Low Not required None None Partial
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.
1547 CVE-2019-20839 120 Overflow 2020-06-17 2021-12-14
5.0
None Remote Low Not required None None Partial
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
1548 CVE-2019-20838 125 2020-06-15 2021-09-22
4.3
None Remote Medium Not required None None Partial
libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.
1549 CVE-2019-20837 347 Bypass 2020-06-04 2020-06-05
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It allows signature validation bypass via a modified file or a file with non-standard signatures.
1550 CVE-2019-20836 200 +Info 2020-06-04 2020-06-05
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has mishandling of cloud credentials, as demonstrated by Google Drive.
Total number of vulnerabilities : 1786   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 (This Page)32 33 34 35 36
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.