CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1751 CVE-2016-11080 732 2020-06-19 2020-06-25
4.0
None Remote Low ??? Partial None None
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.
1752 CVE-2016-11079 79 XSS 2020-06-19 2020-06-25
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.
1753 CVE-2016-11078 200 +Info 2020-06-19 2020-06-25
4.0
None Remote Low ??? Partial None None
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.
1754 CVE-2016-11077 732 2020-06-19 2020-06-25
4.0
None Remote Low ??? None Partial None
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.
1755 CVE-2016-11076 295 2020-06-19 2020-06-23
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.
1756 CVE-2016-11075 200 +Info 2020-06-19 2020-06-25
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.
1757 CVE-2016-11074 287 2020-06-19 2020-06-26
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.
1758 CVE-2016-11073 79 XSS 2020-06-19 2020-06-25
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.
1759 CVE-2016-11072 287 2020-06-19 2020-06-26
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled.
1760 CVE-2016-11071 79 XSS 2020-06-19 2020-06-25
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.
1761 CVE-2016-11070 79 XSS 2020-06-19 2020-06-25
3.5
None Remote Medium ??? None Partial None
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.
1762 CVE-2016-11069 521 2020-06-19 2020-06-26
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change.
1763 CVE-2016-11068 74 2020-06-19 2020-06-24
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.
1764 CVE-2016-11067 20 2020-06-19 2020-06-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.
1765 CVE-2016-11066 200 +Info 2020-06-19 2020-06-24
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.
1766 CVE-2016-11065 732 2020-06-19 2020-06-26
4.0
None Remote Low ??? None Partial None
An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance.
1767 CVE-2016-11064 94 Exec Code 2020-06-19 2020-06-26
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection.
1768 CVE-2016-11063 79 XSS 2020-06-19 2020-06-25
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.
1769 CVE-2016-11062 732 Bypass 2020-06-19 2020-06-26
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.
1770 CVE-2015-9548 400 DoS 2020-06-19 2020-06-25
5.0
None Remote Low Not required None None Partial
An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.
1771 CVE-2014-9702 522 +Info 2020-06-01 2020-06-04
5.0
None Remote Low Not required Partial None None
system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request.
1772 CVE-2014-8945 78 2020-06-01 2020-06-02
7.5
None Remote Low Not required Partial Partial Partial
admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields.
1773 CVE-2014-8944 79 XSS 2020-06-01 2020-06-02
3.5
None Remote Medium ??? None Partial None
Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter.
1774 CVE-2014-8943 918 2020-06-01 2020-06-02
6.5
None Remote Low ??? Partial Partial Partial
Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter.
1775 CVE-2014-8942 352 CSRF 2020-06-01 2020-06-02
6.8
None Remote Medium Not required Partial Partial Partial
Lexiglot through 2014-11-20 allows CSRF.
1776 CVE-2014-8941 89 Sql 2020-06-01 2020-06-02
7.5
None Remote Low Not required Partial Partial Partial
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.
1777 CVE-2014-8940 200 +Info 2020-06-01 2020-06-02
5.0
None Remote Low Not required Partial None None
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI.
1778 CVE-2014-8939 22 Dir. Trav. +Info 2020-06-01 2020-06-02
4.3
None Remote Medium Not required Partial None None
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.
1779 CVE-2014-8938 522 +Info 2020-06-01 2020-06-02
2.1
None Local Low Not required Partial None None
Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line.
1780 CVE-2014-8937 400 DoS 2020-06-01 2020-06-02
5.0
None Remote Low Not required None None Partial
Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources.
1781 CVE-2014-7175 787 2020-06-01 2020-06-02
7.5
None Remote Low Not required Partial Partial Partial
FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php.
1782 CVE-2014-7174 22 Dir. Trav. 2020-06-01 2020-06-02
5.0
None Remote Low Not required Partial None None
FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature.
1783 CVE-2014-7173 78 2020-06-01 2020-06-02
7.5
None Remote Low Not required Partial Partial Partial
FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php.
1784 CVE-2013-7489 502 Exec Code 2020-06-26 2020-07-06
5.2
None Local Network Low ??? Partial Partial Partial
The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution.
1785 CVE-2011-2863 200 +Info 2020-06-03 2020-06-04
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
1786 CVE-2011-1805 704 2020-06-03 2020-06-04
6.8
None Remote Medium Not required Partial Partial Partial
Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Total number of vulnerabilities : 1786   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.