CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1551 CVE-2019-20835 2020-06-04 2020-06-05
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling.
1552 CVE-2019-20834 347 Bypass 2020-06-04 2020-06-09
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows signature validation bypass via a modified file or a file with non-standard signatures.
1553 CVE-2019-20833 522 2020-06-04 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive.
1554 CVE-2019-20832 2020-06-04 2020-06-09
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homograph mishandling.
1555 CVE-2019-20831 2020-06-04 2020-06-11
5.0
None Remote Low Not required None None Partial
An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.5.0.20733. It has void data mishandling, causing a crash.
1556 CVE-2019-20830 787 2020-06-04 2020-06-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used.
1557 CVE-2019-20829 476 2020-06-04 2020-06-05
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.
1558 CVE-2019-20828 120 Overflow 2020-06-04 2020-06-05
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.
1559 CVE-2019-20827 787 2020-06-04 2020-06-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It allows stack consumption because of interaction between ICC-Based color space and Alternate color space.
1560 CVE-2019-20826 476 2020-06-04 2020-06-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader for Mac before 3.3. It has a NULL pointer dereference.
1561 CVE-2019-20825 787 2020-06-04 2020-06-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used.
1562 CVE-2019-20824 476 2020-06-04 2020-06-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NULL pointer dereference via FXSYS_wcslen in an Epub file.
1563 CVE-2019-20823 120 Overflow 2020-06-04 2020-06-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.
1564 CVE-2019-20822 787 2020-06-04 2020-06-10
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the 3D Plugin Beta for Foxit Reader and PhantomPDF before 9.7.0.29430. It has an out-of-bounds write via incorrect image data.
1565 CVE-2019-20821 476 2020-06-04 2020-06-08
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF Mac before 3.4. It has a NULL pointer dereference.
1566 CVE-2019-20820 476 2020-06-04 2021-02-03
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference during the parsing of file data.
1567 CVE-2019-20819 400 2020-06-04 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing.
1568 CVE-2019-20818 400 2020-06-04 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level.
1569 CVE-2019-20817 476 2020-06-04 2020-06-04
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It has a NULL pointer dereference.
1570 CVE-2019-20816 476 2020-06-04 2021-02-03
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference during the parsing of file data.
1571 CVE-2019-20815 400 2020-06-04 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing.
1572 CVE-2019-20814 400 2020-06-04 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows memory consumption because data is created for each page of an application level.
1573 CVE-2019-20813 476 2020-06-04 2020-06-04
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NULL pointer dereference.
1574 CVE-2019-20812 400 DoS 2020-06-03 2021-06-14
4.9
None Local Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067.
1575 CVE-2019-20811 2020-06-03 2020-09-23
2.1
None Local Low Not required None Partial None
An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
1576 CVE-2019-20810 772 2020-06-03 2021-07-21
4.9
None Local Low Not required None None Complete
go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.
1577 CVE-2019-20809 20 2020-06-03 2021-07-21
5.0
None Remote Low Not required None Partial None
The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate the intended limits on price swings.
1578 CVE-2019-20805 190 Overflow 2020-06-01 2020-06-02
4.3
None Remote Medium Not required None None Partial
p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.
1579 CVE-2019-20416 79 XSS 2020-06-30 2020-07-07
3.5
None Remote Medium ??? None Partial None
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the project configuration feature. The affected versions are before version 8.3.0.
1580 CVE-2019-20415 352 CSRF 2020-06-30 2020-07-08
4.3
None Remote Medium Not required None Partial None
Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0.
1581 CVE-2019-20414 79 XSS 2020-06-29 2020-07-07
3.5
None Remote Medium ??? None Partial None
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in Issue Navigator Basic Search. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.
1582 CVE-2019-20413 20 DoS 2020-06-29 2021-07-21
5.0
None Remote Low Not required None None Partial
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability on the UserPickerBrowser.jspa page. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.
1583 CVE-2019-20412 287 2020-06-29 2020-07-08
5.0
None Remote Low Not required Partial None None
The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper Authentication vulnerability: Workflow names; Project Key, if it is part of the workflow name; Issue Keys; Issue Types; Status Types. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.
1584 CVE-2019-20411 352 CSRF 2020-06-29 2020-07-07
4.3
None Remote Medium Not required None Partial None
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify Wallboard settings via a Cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.
1585 CVE-2019-20410 200 +Info 2020-06-29 2021-07-21
4.0
None Remote Low ??? Partial None None
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2.
1586 CVE-2019-20409 74 Exec Code 2020-06-23 2020-07-06
7.5
None Remote Low Not required Partial Partial Partial
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.
1587 CVE-2019-19506 835 DoS 2020-06-25 2020-07-08
7.8
None Remote Low Not required None None Complete
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot.
1588 CVE-2019-19505 787 Exec Code Overflow 2020-06-25 2020-07-08
9.0
None Remote Low ??? Complete Complete Complete
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
1589 CVE-2019-19412 Bypass 2020-06-08 2020-07-08
2.1
None Local Low Not required None Partial None
Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en.
1590 CVE-2019-19163 Exec Code 2020-06-30 2021-11-03
5.8
None Local Network Low Not required Partial Partial Partial
A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL.
1591 CVE-2019-19161 426 2020-06-30 2020-07-07
6.5
None Remote Low ??? Partial Partial Partial
CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification.
1592 CVE-2019-19160 345 Exec Code 2020-06-29 2020-07-07
6.5
None Remote Low ??? Partial Partial Partial
Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure file(rxp).
1593 CVE-2019-19112 79 XSS 2020-06-15 2020-06-15
4.3
None Remote Medium Not required None Partial None
The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php.
1594 CVE-2019-19111 79 XSS 2020-06-15 2020-06-15
4.3
None Remote Medium Not required None Partial None
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter.
1595 CVE-2019-19110 79 XSS 2020-06-15 2020-06-15
3.5
None Remote Medium ??? None Partial None
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter.
1596 CVE-2019-19109 352 CSRF 2020-06-15 2020-06-16
6.8
None Remote Medium Not required Partial Partial Partial
The wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF.
1597 CVE-2019-18614 787 Overflow 2020-06-16 2020-06-24
4.6
None Local Low Not required Partial Partial Partial
On the Cypress CYW20735 evaluation board, any data that exceeds 384 bytes is copied and causes an overflow. This is because the maximum BLOC buffer size for sending and receiving data is set to 384 bytes, but everything else is still configured to the usual size of 1092 (which was used for everything in the previous CYW20719 and later CYW20819 evaluation board). To trigger the overflow, an attacker can either send packets over the air or as unprivileged local user. Over the air, the minimal PoC is sending "l2ping -s 600" to the target address prior to any pairing. Locally, the buffer overflow is immediately triggered by opening an ACL or SCO connection to a headset. This occurs because, in WICED Studio 6.2 and 6.4, BT_ACL_HOST_TO_DEVICE_DEFAULT_SIZE and BT_ACL_DEVICE_TO_HOST_DEFAULT_SIZE are set to 384.
1598 CVE-2019-18256 522 2020-06-29 2021-10-29
2.1
None Local Low Not required Partial None None
BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for network authentication and decryption of local data in transit.
1599 CVE-2019-18254 312 2020-06-29 2021-10-29
2.1
None Local Low Not required Partial None None
BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.
1600 CVE-2019-18252 287 2020-06-29 2021-04-06
3.3
None Local Network Low Not required Partial None None
BIOTRONIK CardioMessenger II, The affected products allow credential reuse for multiple authentication purposes. An attacker with adjacent access to the CardioMessenger can disclose its credentials used for connecting to the BIOTRONIK Remote Communication infrastructure.
Total number of vulnerabilities : 1786   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 (This Page)33 34 35 36
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.