CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2020-13836 22 Dir. Trav. 2020-06-04 2020-06-07
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020).
302 CVE-2020-13835 522 2020-06-04 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020).
303 CVE-2020-13834 863 2020-06-04 2020-06-07
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software. Secure Folder does not properly restrict use of Android Debug Bridge (adb) for arbitrary installations. The Samsung ID is SVE-2020-17369 (June 2020).
304 CVE-2020-13833 59 2020-06-04 2020-06-07
6.4
None Remote Low Not required None Partial Partial
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 (June 2020).
305 CVE-2020-13832 119 Exec Code Overflow 2020-06-04 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with Q(10.0) (with TEEGRIS on Exynos chipsets) software. The Widevine Trustlet allows arbitrary code execution because of memory disclosure, The Samsung IDs are SVE-2020-17117, SVE-2020-17118, SVE-2020-17119, and SVE-2020-17161 (June 2020).
306 CVE-2020-13831 119 Overflow 2020-06-04 2020-06-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 7570 chipsets) software. The Trustonic Kinibi component allows arbitrary memory mapping. The Samsung ID is SVE-2019-16665 (June 2020).
307 CVE-2020-13830 200 +Info 2020-06-04 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Samsung mobile devices with P(9.0) software. One UI HOME logging can leak information. The Samsung ID is SVE-2019-16382 (June 2020).
308 CVE-2020-13829 2020-06-04 2020-06-07
5.0
None Remote Low Not required None Partial None
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can disable the SEAndroid protection mechanism in the RKP. The Samsung ID is SVE-2019-15998 (June 2020).
309 CVE-2020-13827 79 XSS 2020-06-04 2020-08-27
4.3
None Remote Medium Not required None Partial None
phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php.
310 CVE-2020-13822 190 Overflow 2020-06-04 2020-07-02
6.8
None Remote Medium Not required Partial Partial Partial
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
311 CVE-2020-13818 22 Dir. Trav. Bypass 2020-06-04 2021-06-22
5.0
None Remote Low Not required Partial None None
In Zoho ManageEngine OpManager before 125144, when <cachestart> is used, directory traversal validation can be bypassed.
312 CVE-2020-13817 20 DoS 2020-06-04 2021-07-21
5.8
None Remote Medium Not required None Partial Partial
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
313 CVE-2020-13815 400 2020-06-04 2020-06-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference.
314 CVE-2020-13814 416 2020-06-04 2020-06-09
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary.
315 CVE-2020-13813 426 +Priv 2020-06-04 2020-06-10
4.4
None Local Medium Not required Partial Partial Partial
An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory when FoxitStudioPhoto366_3.6.6.916.exe is used.
316 CVE-2020-13812 426 +Priv 2020-06-04 2020-06-10
4.4
None Local Medium Not required Partial Partial Partial
An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory.
317 CVE-2020-13811 787 2020-06-04 2020-06-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has an out-of-bounds write via a crafted TIFF file.
318 CVE-2020-13810 347 Bypass 2020-06-04 2020-06-09
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows signature validation bypass via a modified file or a file with non-standard signatures.
319 CVE-2020-13809 400 2020-06-04 2020-06-04
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream.
320 CVE-2020-13808 400 2020-06-04 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via crafted cross-reference stream data.
321 CVE-2020-13807 835 2020-06-04 2020-06-04
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop.
322 CVE-2020-13806 400 2020-06-04 2021-07-21
5.0
None Remote Low Not required None None Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation.
323 CVE-2020-13805 307 2020-06-04 2020-06-04
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has brute-force attack mishandling because the CAS service lacks a limit on login failures.
324 CVE-2020-13804 798 2020-06-04 2020-06-04
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin.
325 CVE-2020-13803 347 Bypass 2020-06-04 2020-06-05
5.0
None Remote Low Not required Partial None None
An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for Mac before 4.0. It allows signature validation bypass via a modified file or a file with non-standard signatures.
326 CVE-2020-13800 835 2020-06-04 2021-07-21
4.9
None Local Low Not required None None Complete
ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to trigger infinite recursion via a crafted mm_index value during an ati_mm_read or ati_mm_write call.
327 CVE-2020-13798 79 XSS 2020-06-03 2020-06-04
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php.
328 CVE-2020-13797 79 XSS 2020-06-03 2020-06-04
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php.
329 CVE-2020-13796 79 XSS 2020-06-03 2020-06-04
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/structure.class.php.
330 CVE-2020-13795 22 Dir. Trav. 2020-06-03 2020-06-04
5.0
None Remote Low Not required Partial None None
An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings.
331 CVE-2020-13792 22 Dir. Trav. File Inclusion 2020-06-03 2020-06-04
4.0
None Remote Low ??? Partial None None
PlayTube 1.8 allows disclosure of user details via ajax.php?type=../admin-panel/autoload&page=manage-users directory traversal, aka local file inclusion.
332 CVE-2020-13791 125 2020-06-04 2020-12-14
2.1
None Local Low Not required None None Partial
hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.
333 CVE-2020-13790 125 2020-06-03 2020-10-20
5.8
None Remote Medium Not required Partial None Partial
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
334 CVE-2020-13787 319 2020-06-03 2021-12-13
5.0
None Remote Low Not required Partial None None
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information.
335 CVE-2020-13786 352 CSRF 2020-06-03 2020-06-17
6.8
None Remote Medium Not required Partial Partial Partial
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.
336 CVE-2020-13785 326 2020-06-03 2020-06-17
5.0
None Remote Low Not required Partial None None
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.
337 CVE-2020-13784 335 2020-06-03 2021-12-13
5.0
None Remote Low Not required Partial None None
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
338 CVE-2020-13783 312 2020-06-03 2021-12-13
5.0
None Remote Low Not required Partial None None
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.
339 CVE-2020-13782 78 2020-06-03 2020-06-17
7.5
None Remote Low Not required Partial Partial Partial
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.
340 CVE-2020-13777 327 Bypass 2020-06-04 2020-06-19
5.8
None Remote Medium Not required Partial Partial None
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
341 CVE-2020-13776 20 2020-06-03 2020-07-30
6.2
None Local High Not required Complete Complete Complete
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
342 CVE-2020-13775 476 2020-06-02 2020-07-03
3.5
None Remote Medium ??? None None Partial
ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network.
343 CVE-2020-13768 787 Exec Code Overflow 2020-06-04 2020-06-10
7.5
None Remote Low Not required Partial Partial Partial
In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued.
344 CVE-2020-13765 787 2020-06-04 2021-01-04
6.8
None Remote Medium Not required Partial Partial Partial
rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.
345 CVE-2020-13764 200 +Info 2020-06-02 2020-06-03
5.0
None Remote Low Not required Partial None None
common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call.
346 CVE-2020-13763 281 2020-06-02 2020-10-19
5.0
None Remote Low Not required None Partial None
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.
347 CVE-2020-13762 79 XSS 2020-06-02 2020-06-03
4.3
None Remote Medium Not required None Partial None
In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS.
348 CVE-2020-13761 79 XSS 2020-06-02 2020-10-19
4.3
None Remote Medium Not required None Partial None
In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS.
349 CVE-2020-13760 352 CSRF 2020-06-02 2020-10-19
6.8
None Remote Medium Not required Partial Partial Partial
In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.
350 CVE-2020-13759 119 DoS Overflow 2020-06-02 2021-07-21
5.0
None Remote Low Not required None None Partial
rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. This affects aarch64 (with musl or glibc) and x86_64 (with musl).
Total number of vulnerabilities : 1786   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.