CVE List - 2020 / June
Showing 1101 - 1200 of 1807 CVEs for June 2020 (Page 12 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-14430 | 2020-06-18 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25,... |
| CVE-2020-14431 | 2020-06-18 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25,... |
| CVE-2020-14432 | 2020-06-18 | Certain NETGEAR devices are affected by CSRF. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25,... |
| CVE-2020-14433 | 2020-06-18 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK842 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBR840... |
| CVE-2020-14434 | 2020-06-18 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852... |
| CVE-2020-14435 | 2020-06-18 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.2.104, SRS60 before 2.5.2.104, SRR60 before 2.5.2.104, SRK60B03 before 2.5.2.104, SRK60B04 before 2.5.2.104, SRK60B05... |
| CVE-2020-14436 | 2020-06-18 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852... |
| CVE-2020-14437 | 2020-06-18 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842... |
| CVE-2020-14438 | 2020-06-18 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842... |
| CVE-2020-14439 | 2020-06-18 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842... |
| CVE-2020-14440 | 2020-06-18 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842... |
| CVE-2020-14441 | 2020-06-18 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842... |
| CVE-2020-14442 | 2020-06-18 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842... |
| CVE-2020-14443 | 2020-06-18 | A SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. |
| CVE-2019-13033 | 2020-06-18 | In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used... |
| CVE-2020-13882 | 2020-06-18 | CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and... |
| CVE-2020-14446 | 2020-06-18 | An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists. |
| CVE-2020-14445 | 2020-06-18 | An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the... |
| CVE-2020-14444 | 2020-06-18 | An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the... |
| CVE-2020-12887 | 2020-06-18 | Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. The CoAP parser is responsible for parsing received CoAP packets.... |
| CVE-2020-12886 | 2020-06-18 | A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP... |
| CVE-2020-12885 | 2020-06-18 | An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options... |
| CVE-2020-12884 | 2020-06-18 | A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options... |
| CVE-2020-12883 | 2020-06-18 | Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly... |
| CVE-2020-4059 | 2020-06-18 | Command Injection in mversion |
| CVE-2020-8184 | 2020-06-19 | A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or... |
| CVE-2020-5590 | 2020-06-19 | Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors. |
| CVE-2020-7679 | 2020-06-19 | Prototype Pollution |
| CVE-2020-14019 | 2020-06-19 | Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. |
| CVE-2020-14462 | 2020-06-19 | CALDERA 2.7.0 allows XSS via the Operation Name box. |
| CVE-2020-14447 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0021. |
| CVE-2020-14448 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020. |
| CVE-2020-14449 | 2020-06-19 | An issue was discovered in Mattermost Mobile Apps before 1.30.0. Authorization tokens can sometimes be disclosed to third-party servers, aka MMSA-2020-0018. |
| CVE-2020-14450 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attackers to cause a denial of service (client-side), aka MMSA-2020-0017. |
| CVE-2020-14451 | 2020-06-19 | An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMSA-2020-0013. |
| CVE-2020-14452 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal via HTTP, aka MMSA-2020-0014. |
| CVE-2020-14453 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.21.0. Socket read operations are not appropriately restricted, which allows attackers to cause a denial of service, aka MMSA-2020-0005. |
| CVE-2020-14454 | 2020-06-19 | An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008. |
| CVE-2020-14455 | 2020-06-19 | An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007. |
| CVE-2020-14456 | 2020-06-19 | An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006. |
| CVE-2020-14457 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_team WebSocket event, aka MMSA-2020-0012. |
| CVE-2020-14458 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by name" API, aka MMSA-2020-0004. |
| CVE-2020-14459 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002. |
| CVE-2020-14460 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001. |
| CVE-2019-20841 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks. |
| CVE-2019-20842 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels. |
| CVE-2019-20843 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files. |
| CVE-2019-20844 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel. |
| CVE-2019-20845 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import. |
| CVE-2019-20846 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage. |
| CVE-2019-20847 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel. |
| CVE-2019-20848 | 2020-06-19 | An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies. |
| CVE-2019-20849 | 2020-06-19 | An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout. |
| CVE-2019-20850 | 2020-06-19 | An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout. |
| CVE-2019-20851 | 2020-06-19 | An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device. |
| CVE-2019-20852 | 2020-06-19 | An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information (e.g., server addresses or message content). |
| CVE-2019-20853 | 2020-06-19 | An issue was discovered in Mattermost Packages before 5.16.3. A Droplet could allow Internet access to a service that has a remote code execution problem. |
| CVE-2019-20854 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message. |
| CVE-2019-20855 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration. |
| CVE-2019-20856 | 2020-06-19 | An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection. |
| CVE-2019-20857 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters. |
| CVE-2019-20858 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an... |
| CVE-2019-20859 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input. |
| CVE-2019-20860 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service (application hang) via a crafted SVG document. |
| CVE-2019-20861 | 2020-06-19 | An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link. |
| CVE-2019-20862 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands. |
| CVE-2019-20863 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted. |
| CVE-2019-20864 | 2020-06-19 | An issue was discovered in Mattermost Plugins before 5.13.0. The GitHub plugin allows an attacker to attach his Mattermost account to a different person's GitHub account. |
| CVE-2020-14470 | 2020-06-19 | In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password. |
| CVE-2019-20865 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF. |
| CVE-2019-20866 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information... |
| CVE-2019-20867 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel's post loading via one crafted post. |
| CVE-2019-20868 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated. |
| CVE-2019-20869 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel. |
| CVE-2019-20870 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID. |
| CVE-2019-20871 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking. |
| CVE-2019-20872 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services. |
| CVE-2019-20873 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation. |
| CVE-2019-20874 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change. |
| CVE-2020-4281 | 2020-06-19 | IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... |
| CVE-2020-4295 | 2020-06-19 | IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... |
| CVE-2020-4297 | 2020-06-19 | IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... |
| CVE-2020-14475 | 2020-06-19 | A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey). |
| CVE-2019-20875 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed. |
| CVE-2019-20876 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy. |
| CVE-2019-20877 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information about whether someone has 2FA enabled. |
| CVE-2019-20878 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled. |
| CVE-2019-20879 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry. |
| CVE-2019-20880 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph. |
| CVE-2019-20881 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA. |
| CVE-2020-13961 | 2020-06-19 | Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request,... |
| CVE-2019-20882 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team. |
| CVE-2019-20883 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Users can pin or unpin a post. |
| CVE-2019-20885 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file. |
| CVE-2019-20887 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts. |
| CVE-2019-20884 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post. |
| CVE-2019-20890 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions. |
| CVE-2018-21253 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user. |
| CVE-2018-21258 | 2020-06-19 | An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command. |
| CVE-2018-21263 | 2020-06-19 | An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response. |