CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1651 CVE-2018-21264 20 2020-06-19 2020-06-30
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response.
1652 CVE-2018-21263 287 2020-06-19 2020-06-25
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response.
1653 CVE-2018-21262 20 DoS 2020-06-19 2020-06-20
5.0
None Remote Low Not required None None Partial
An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text.
1654 CVE-2018-21261 732 2020-06-19 2020-06-30
4.0
None Remote Low ??? None Partial None
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. An e-mail invite accidentally included the team invite_id, which leads to unintended excessive invitation privileges.
1655 CVE-2018-21260 200 +Info 2020-06-19 2020-06-25
4.0
None Remote Low ??? Partial None None
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy.
1656 CVE-2018-21259 20 DoS 2020-06-19 2020-06-30
5.0
None Remote Low Not required None None Partial
An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and 4.8.2. It allows attackers to cause a denial of service (application hang) via a malformed link in a channel.
1657 CVE-2018-21258 74 DoS 2020-06-19 2020-06-23
5.0
None Remote Low Not required None None Partial
An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command.
1658 CVE-2018-21257 862 Bypass 2020-06-19 2020-06-30
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for setting a channel header) via the Channel header slash command API.
1659 CVE-2018-21256 732 Bypass 2020-06-19 2020-06-30
4.0
None Remote Low ??? None Partial None
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command.
1660 CVE-2018-21255 732 2020-06-19 2020-06-30
4.0
None Remote Low ??? None Partial None
An issue was discovered in Mattermost Server before 5.1. Non-members of a channel could use the Channel PATCH API to modify that channel.
1661 CVE-2018-21254 732 Bypass 2020-06-19 2020-06-30
4.0
None Remote Low ??? None Partial None
An issue was discovered in Mattermost Server before 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command.
1662 CVE-2018-21253 732 2020-06-19 2020-06-26
4.0
None Remote Low ??? None Partial None
An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user.
1663 CVE-2018-21252 732 Bypass 2020-06-19 2020-06-30
4.0
None Remote Low ??? None Partial None
An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups.
1664 CVE-2018-21251 862 Bypass 2020-06-19 2020-06-26
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.
1665 CVE-2018-21250 400 DoS 2020-06-19 2020-06-29
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions.
1666 CVE-2018-21249 2020-06-19 2020-06-23
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing.
1667 CVE-2018-21248 522 2020-06-19 2020-06-24
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials.
1668 CVE-2018-21247 200 +Info 2020-06-17 2021-12-14
5.0
None Remote Low Not required Partial None None
An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.
1669 CVE-2018-21246 287 Bypass 2020-06-15 2020-06-26
7.5
None Remote Low Not required Partial Partial Partial
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.
1670 CVE-2018-21245 444 2020-06-15 2020-06-22
6.4
None Remote Low Not required Partial Partial None
Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.
1671 CVE-2018-21244 434 2020-06-04 2020-06-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029.
1672 CVE-2018-21243 434 2020-06-04 2020-06-11
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microsoft Word is used.
1673 CVE-2018-21242 200 Exec Code +Info 2020-06-04 2020-06-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action.
1674 CVE-2018-21241 426 Exec Code 2020-06-04 2020-06-09
4.4
None Local Medium Not required Partial Partial Partial
An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allows a DLL to execute remote code.
1675 CVE-2018-21240 400 2020-06-04 2020-06-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.
1676 CVE-2018-21239 522 2020-06-04 2020-06-09
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action.
1677 CVE-2018-21238 400 2020-06-04 2020-06-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.
1678 CVE-2018-21237 522 2020-06-04 2020-06-09
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action.
1679 CVE-2018-21236 476 2020-06-04 2020-06-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference.
1680 CVE-2018-21235 287 Bypass 2020-06-04 2020-06-09
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit E-mail advertising system before September 2018. It allows authentication bypass and information disclosure, related to Interspire Email Marketer.
1681 CVE-2018-18625 79 XSS 2020-06-02 2020-06-08
4.3
None Remote Medium Not required None Partial None
Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
1682 CVE-2018-18624 79 XSS 2020-06-02 2020-06-08
4.3
None Remote Medium Not required None Partial None
Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
1683 CVE-2018-18623 79 XSS 2020-06-02 2020-06-08
4.3
None Remote Medium Not required None Partial None
Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
1684 CVE-2018-16848 400 DoS 2020-06-15 2020-06-17
4.0
None Remote Low ??? None None Partial
A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service.
1685 CVE-2018-6446 798 2020-06-29 2020-07-07
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications.
1686 CVE-2017-18922 787 Overflow 2020-06-30 2021-12-14
7.5
None Remote Low Not required Partial Partial Partial
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
1687 CVE-2017-18921 79 XSS 2020-06-19 2020-06-24
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page.
1688 CVE-2017-18920 2020-06-19 2020-06-23
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy.
1689 CVE-2017-18919 287 2020-06-19 2020-06-25
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation.
1690 CVE-2017-18918 295 2020-06-19 2020-06-23
4.0
None Remote Low ??? None Partial None
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.
1691 CVE-2017-18917 916 2020-06-19 2020-06-23
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.
1692 CVE-2017-18916 732 2020-06-19 2020-06-25
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.
1693 CVE-2017-18915 276 2020-06-19 2020-06-25
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.
1694 CVE-2017-18914 754 2020-06-19 2020-06-25
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.
1695 CVE-2017-18913 79 XSS 2020-06-19 2020-06-24
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.
1696 CVE-2017-18912 22 Dir. Trav. 2020-06-19 2020-06-26
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file.
1697 CVE-2017-18911 295 2020-06-19 2020-06-26
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server.
1698 CVE-2017-18910 732 2020-06-19 2020-06-25
4.0
None Remote Low ??? None Partial None
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.
1699 CVE-2017-18909 295 2020-06-19 2020-06-25
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory.
1700 CVE-2017-18908 287 2020-06-19 2020-06-25
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.
Total number of vulnerabilities : 1786   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 (This Page)35 36
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.