CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2020-13265 345 Bypass 2020-06-19 2020-06-26
5.0
None Remote Low Not required None Partial None
User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification
402 CVE-2020-13264 200 +Info 2020-06-19 2020-06-26
5.0
None Remote Low Not required Partial None None
Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token
403 CVE-2020-13263 863 2020-06-19 2020-07-01
6.5
None Remote Low ??? Partial Partial Partial
An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.
404 CVE-2020-13262 79 XSS 2020-06-19 2021-07-21
4.3
None Remote Medium Not required None Partial None
Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link
405 CVE-2020-13261 522 2020-06-19 2021-07-21
4.0
None Remote Low ??? Partial None None
Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code
406 CVE-2020-13254 295 2020-06-03 2021-01-20
4.3
None Remote Medium Not required Partial None None
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.
407 CVE-2020-13250 119 DoS Overflow 2020-06-11 2021-07-21
5.0
None Remote Low Not required None None Partial
HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4.
408 CVE-2020-13248 79 XSS 2020-06-24 2021-02-10
3.5
None Remote Medium ??? None Partial None
BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx.
409 CVE-2020-13247 74 2020-06-24 2021-07-21
8.5
None Remote Medium ??? Complete Complete Complete
BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area.
410 CVE-2020-13238 400 DoS 2020-06-10 2020-06-23
7.8
None Remote Low Not required None None Complete
Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production.
411 CVE-2020-13229 384 2020-06-02 2020-06-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token.
412 CVE-2020-13228 79 XSS 2020-06-02 2020-06-15
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Sysax Multi Server 6.90. There is reflected XSS via the /scgi sid parameter.
413 CVE-2020-13227 22 Dir. Trav. Bypass 2020-06-02 2020-06-02
5.0
None Remote Low Not required Partial None None
An issue was discovered in Sysax Multi Server 6.90. An attacker can determine the username (under which the web server is running) by triggering an invalid path permission error. This bypasses the fakepath protection mechanism.
414 CVE-2020-13224 120 Overflow 2020-06-17 2020-06-24
9.0
None Remote Low ??? Complete Complete Complete
TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow
415 CVE-2020-13223 200 +Info 2020-06-10 2021-07-21
5.0
None Remote Low Not required Partial None None
HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.
416 CVE-2020-13170 20 2020-06-11 2020-06-17
5.0
None Remote Low Not required None Partial None
HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
417 CVE-2020-13162 367 2020-06-16 2020-09-04
6.9
None Local Medium Not required Complete Complete Complete
A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.
418 CVE-2020-13160 134 Exec Code 2020-06-09 2021-03-15
7.5
None Remote Low Not required Partial Partial Partial
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
419 CVE-2020-13159 78 2020-06-22 2020-07-01
10.0
None Remote Low Not required Complete Complete Complete
Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818.
420 CVE-2020-13158 22 Dir. Trav. 2020-06-22 2020-07-01
5.0
None Remote Low Not required Partial None None
Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter.
421 CVE-2020-13157 352 CSRF 2020-06-23 2020-06-29
4.3
None Remote Medium Not required None Partial None
modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed.
422 CVE-2020-13156 352 CSRF 2020-06-23 2020-06-29
4.3
None Remote Medium Not required None Partial None
modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI.
423 CVE-2020-13155 352 CSRF 2020-06-23 2020-06-29
6.8
None Remote Medium Not required Partial Partial Partial
clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI.
424 CVE-2020-13150 306 2020-06-15 2021-04-23
4.6
None Local Low Not required Partial Partial Partial
D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active.
425 CVE-2020-13095 59 Exec Code 2020-06-30 2020-07-08
9.0
None Remote Low ??? Complete Complete Complete
Little Snitch version 4.5.1 and older changed ownership of a directory path controlled by the user. This allowed the user to escalate to root by linking the path to a directory containing code executed by root.
426 CVE-2020-12887 401 Overflow 2020-06-18 2021-07-21
5.0
None Remote Low Not required None None Partial
Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP option number field of all options present in the input packet. Each option number is calculated as a sum of the previous option number and a delta of the current option. The delta and the previous option number are expressed as unsigned 16-bit integers. Due to lack of overflow detection, it is possible to craft a packet that wraps the option number around and results in the same option number being processed again in a single packet. Certain options allocate memory by calling a memory allocation function. In the cases of COAP_OPTION_URI_QUERY, COAP_OPTION_URI_PATH, COAP_OPTION_LOCATION_QUERY, and COAP_OPTION_ETAG, there is no check on whether memory has already been allocated, which in conjunction with the option number integer overflow may lead to multiple assignments of allocated memory to a single pointer. This has been demonstrated to lead to memory leak by buffer orphaning. As a result, the memory is never freed.
427 CVE-2020-12886 125 2020-06-18 2020-06-25
6.4
None Remote Low Not required Partial None Partial
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP packet header starting from the message token. The length of the token in the received message is provided in the first byte parsed by the sn_coap_parser_options_parse() function. The length encoded in the message is not validated against the actual input buffer length before accessing the token. As a result, memory access outside of the intended boundary of the buffer may occur.
428 CVE-2020-12885 835 2020-06-18 2020-06-25
7.8
None Remote Low Not required None None Complete
An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed using the previously allocated heap memory required for storing the result of parsing multiple options. If the input heap memory calculation results in zero bytes, the loop exit condition is never met and the loop is not terminated. As a result, the packet parsing function never exits, leading to resource consumption.
429 CVE-2020-12884 125 2020-06-18 2020-06-25
6.4
None Remote Low Not required Partial None Partial
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options that may occur multiple consecutive times in a single packet. While processing the options, packet_data_pptr is accessed after being incremented by option_len without a prior out-of-bounds memory check. The temp_parsed_uri_query_ptr is validated for a correct range, but the range valid for temp_parsed_uri_query_ptr is derived from the amount of allocated heap memory, not the actual input size. Therefore the check of temp_parsed_uri_query_ptr may be insufficient for safe access to the area pointed to by packet_data_pptr. As a result, access to a memory area outside of the intended boundary of the packet buffer is made.
430 CVE-2020-12883 119 Overflow 2020-06-18 2021-07-21
6.4
None Remote Low Not required Partial None Partial
Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the option delta and option length bytes. The actual input packet length is not verified against the number of bytes read when processing the option extended delta and the option extended length. Moreover, the calculation of the message_left variable, in the case of non-extended option deltas, is incorrect and indicates more data left for processing than provided in the function input. All of these lead to heap-based or stack-based memory location read access that is outside of the intended boundary of the buffer. Depending on the platform-specific memory management mechanisms, it can lead to processing of unintended inputs or system memory access violation errors.
431 CVE-2020-12867 476 DoS 2020-06-01 2020-11-02
2.1
None Local Low Not required None None Partial
A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.
432 CVE-2020-12866 476 DoS 2020-06-24 2020-11-02
2.7
None Local Network Low ??? None None Partial
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.
433 CVE-2020-12865 787 Exec Code Overflow 2020-06-24 2020-11-02
5.2
None Local Network Low ??? Partial Partial Partial
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.
434 CVE-2020-12864 908 2020-06-24 2021-07-21
3.3
None Local Network Low Not required Partial None None
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.
435 CVE-2020-12863 125 2020-06-24 2020-11-02
3.3
None Local Network Low Not required Partial None None
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.
436 CVE-2020-12862 125 2020-06-24 2020-11-02
3.3
None Local Network Low Not required Partial None None
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.
437 CVE-2020-12861 787 Exec Code Overflow 2020-06-24 2020-11-02
7.9
None Local Network Medium Not required Complete Complete Complete
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.
438 CVE-2020-12853 79 XSS 2020-06-04 2020-06-10
4.3
None Remote Medium Not required None Partial None
Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or create a new file that contains potentially malicious HTML and JavaScript code to personal folders or accessible cells.
439 CVE-2020-12852 20 Exec Code 2020-06-04 2020-06-12
8.5
None Remote Medium ??? Complete Complete Complete
The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package. The update process involves downloading the updated binary file from a URL indicated in the update server response, validating its checksum and signature with the provided public key and finally replacing the current application binary. To complete the update process, the application’s service or appliance needs to be restarted. An attacker with administrator access can leverage the software update feature to force the application to download a custom binary that will replace current Pydio Cells binary. When the server or service is eventually restarted the attacker will be able to execute code under the privileges of the user running the application. In the Pydio Cells enterprise appliance this is with the privileges of the user named “pydio”.
440 CVE-2020-12851 200 +Info 2020-06-04 2021-07-21
5.5
None Remote Low ??? Partial Partial None
Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in the targeted user folders.
441 CVE-2020-12850 269 Exec Code 2020-06-11 2020-06-22
6.9
None Local Medium Not required Complete Complete Complete
The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF (such as version 2.0.3) have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the appliance, the user pydio is responsible for running all the services and binaries that are contained in the Pydio Cells web application package, such as mysqld, cells, among others. This user has privileges restricted to run those services and nothing more.
442 CVE-2020-12849 79 XSS 2020-06-05 2020-06-12
3.5
None Remote Medium ??? None Partial None
Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles. These profile pictures can later be accessed directly with the generated URL by any unauthenticated or authenticated user.
443 CVE-2020-12848 732 2020-06-05 2021-07-21
5.8
None Remote Medium Not required Partial Partial None
In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous user that obtains a valid public link can get the associated hidden account username and password and proceed to login to the web application. Once logged into the web application with the hidden user account, some actions that were not available with the public share link can now be performed.
444 CVE-2020-12847 20 2020-06-04 2021-07-21
6.5
None Remote Low ??? Partial Partial Partial
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the application’s mailer configuration. It is possible to configure a few engines to be used by the mailer application to send emails. If the user selects the “sendmail” option as the default one, the web application offers to edit the full path where the sendmail binary is hosted. Since there is no restriction in place while editing this value, an attacker authenticated as an administrator user could force the web application into executing any arbitrary binary.
445 CVE-2020-12846 434 Exec Code 2020-06-03 2020-06-05
6.0
None Remote Medium ??? Partial Partial Partial
Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox as an avatar image for a contact. A user will receive a "Corrupt File" error, but the file is still uploaded and stored locally in /opt/zimbra/data/tmp/upload/, leaving it open to possible remote execution.
446 CVE-2020-12827 22 Dir. Trav. 2020-06-17 2020-06-23
6.4
None Remote Low Not required Partial None Partial
MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document.
447 CVE-2020-12803 20 2020-06-08 2020-08-27
4.3
None Remote Medium Not required None Partial None
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.4.4 LibreOffice allowed forms to be submitted to any URI, including file: URIs, enabling form submissions to overwrite local files. User-interaction is required to submit the form, but to avoid the possibility of malicious documents engineered to maximize the possibility of inadvertent user submission this feature has now been limited to http[s] URIs, removing the possibility to overwrite local files. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.
448 CVE-2020-12802 2020-06-08 2021-11-04
4.3
None Remote Medium Not required Partial None None
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where remote graphic links loaded from docx documents were omitted from this protection prior to version 6.4.4. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4.
449 CVE-2020-12800 434 Exec Code 2020-06-08 2020-06-11
7.5
None Remote Low Not required Partial Partial Partial
The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.
450 CVE-2020-12797 732 2020-06-11 2021-07-21
5.0
None Remote Low Not required None Partial None
HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.
Total number of vulnerabilities : 1786   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.