CVE List - 2020 / June
Showing 101 - 200 of 1807 CVEs for June 2020 (Page 2 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-2193 | 2020-06-03 | Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the parser identifier when rendering charts, resulting in a stored cross-site scripting vulnerability. |
| CVE-2020-2194 | 2020-06-03 | Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the display name of the builds in the trend chart, resulting in a stored cross-site scripting vulnerability. |
| CVE-2020-2195 | 2020-06-03 | Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocessed job description in tooltips, resulting in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission. |
| CVE-2020-2196 | 2020-06-03 | Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin. |
| CVE-2020-2197 | 2020-06-03 | Jenkins Project Inheritance Plugin 19.08.02 and earlier does not require users to have Job/ExtendedRead permission to access Inheritance Project job configurations in XML format. |
| CVE-2020-2198 | 2020-06-03 | Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure. |
| CVE-2020-2199 | 2020-06-03 | Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier does not escape the error message for the repository URL field form validation, resulting in a reflected cross-site scripting vulnerability. |
| CVE-2020-2200 | 2020-06-03 | Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command... |
| CVE-2020-7115 | 2020-06-03 | The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authentication bypass. Upon successful bypass an attacker could then execute an exploit that would allow to... |
| CVE-2020-7117 | 2020-06-03 | The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading... |
| CVE-2020-7116 | 2020-06-03 | The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading... |
| CVE-2020-1963 | 2020-06-03 | Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem. |
| CVE-2020-13254 | 2020-06-03 | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result... |
| CVE-2020-13596 | 2020-06-03 | An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility... |
| CVE-2020-10516 | 2020-06-03 | Improper access control in GitHub Enterprise Server leading to privilege escalation of organization member |
| CVE-2020-10749 | 2020-06-03 | A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this... |
| CVE-2020-13756 | 2020-06-03 | Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker. |
| CVE-2020-4177 | 2020-06-03 | IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of... |
| CVE-2020-4180 | 2020-06-03 | IBM Security Guardium 11.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute... |
| CVE-2020-4182 | 2020-06-03 | IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to... |
| CVE-2020-4187 | 2020-06-03 | IBM Security Guardium 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174805. |
| CVE-2020-4190 | 2020-06-03 | IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components,... |
| CVE-2020-4307 | 2020-06-03 | IBM Security Guardium 11.1 could allow an attacker on the same network to gain access to the Solr dashboard and cause a denial of service attack. IBM X-Force ID: 176997. |
| CVE-2020-12846 | 2020-06-03 | Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem.... |
| CVE-2020-13787 | 2020-06-03 | D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. |
| CVE-2020-13786 | 2020-06-03 | D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. |
| CVE-2020-13785 | 2020-06-03 | D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. |
| CVE-2020-13784 | 2020-06-03 | D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. |
| CVE-2020-13783 | 2020-06-03 | D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. |
| CVE-2020-13782 | 2020-06-03 | D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. |
| CVE-2020-13597 | 2020-06-03 | Calico nodes IPv6 traffic redirection from route advertisment |
| CVE-2020-4035 | 2020-06-03 | DoS or local data modification via malicious record IDs in WatermelonDB |
| CVE-2019-20809 | 2020-06-03 | The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently... |
| CVE-2020-3319 | 2020-06-03 | Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability |
| CVE-2020-3321 | 2020-06-03 | Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability |
| CVE-2020-3322 | 2020-06-03 | Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability |
| CVE-2020-3201 | 2020-06-03 | Cisco IOS and IOS XE Software Tcl Denial of Service Vulnerability |
| CVE-2020-3203 | 2020-06-03 | Cisco IOS XE Software Catalyst 9800 Series Wireless Controllers Denial of Service Vulnerability |
| CVE-2020-3204 | 2020-06-03 | Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability |
| CVE-2020-3205 | 2020-06-03 | Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability |
| CVE-2020-3206 | 2020-06-03 | Cisco IOS XE Software Catalyst 9800 Series Wireless Controllers Denial of Service Vulnerability |
| CVE-2020-3207 | 2020-06-03 | Cisco IOS XE Software Command Injection Vulnerability |
| CVE-2020-3208 | 2020-06-03 | Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Image Verification Bypass Vulnerability |
| CVE-2020-3209 | 2020-06-03 | Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability |
| CVE-2020-3210 | 2020-06-03 | Cisco IOS Software for Cisco Industrial Routers Virtual Device Server CLI Command Injection Vulnerability |
| CVE-2020-3211 | 2020-06-03 | Cisco IOS XE Software Web UI Command Injection Vulnerability |
| CVE-2020-3212 | 2020-06-03 | Cisco IOS XE Software Web UI Command Injection Vulnerability |
| CVE-2020-3213 | 2020-06-03 | Cisco IOS XE Software Privilege Escalation Vulnerability |
| CVE-2020-3214 | 2020-06-03 | Cisco IOS XE Software Privilege Escalation Vulnerability |
| CVE-2020-3215 | 2020-06-03 | Cisco IOS XE Software Privilege Escalation Vulnerability |
| CVE-2020-3216 | 2020-06-03 | Cisco IOS XE SD-WAN Software Authentication Bypass Vulnerability |
| CVE-2020-3217 | 2020-06-03 | Cisco IOS, IOS XE, IOS XR, and NX-OS Software One Platform Kit Remote Code Execution Vulnerability |
| CVE-2020-3218 | 2020-06-03 | Cisco IOS XE Software Web UI Remote Code Execution Vulnerability |
| CVE-2020-3219 | 2020-06-03 | Cisco IOS XE Software Web UI Command Injection Vulnerability |
| CVE-2020-3220 | 2020-06-03 | Cisco IOS XE Software IPsec VPN Denial of Service Vulnerability |
| CVE-2020-3221 | 2020-06-03 | Cisco IOS XE Software Flexible NetFlow Version 9 Denial of Service Vulnerability |
| CVE-2020-3222 | 2020-06-03 | Cisco IOS XE Software Web UI Unauthenticated Proxy Service Vulnerability |
| CVE-2020-3223 | 2020-06-03 | Cisco IOS XE Software Web UI Arbitrary File Read Vulnerability |
| CVE-2020-3224 | 2020-06-03 | Cisco IOS XE Software Web UI Command Injection Vulnerability |
| CVE-2020-3225 | 2020-06-03 | Cisco IOS and IOS XE Software Common Industrial Protocol Denial of Service Vulnerabilities |
| CVE-2020-3226 | 2020-06-03 | Cisco IOS and IOS XE Software Session Initiation Protocol Denial of Service Vulnerability |
| CVE-2020-3227 | 2020-06-03 | Cisco IOx for IOS XE Software Privilege Escalation Vulnerability |
| CVE-2020-3229 | 2020-06-03 | Cisco IOS XE Software Web UI Privilege Escalation Vulnerability |
| CVE-2020-3230 | 2020-06-03 | Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerability |
| CVE-2020-3231 | 2020-06-03 | Cisco IOS Software for Catalyst 2960-L Series Switches and Catalyst CDB-8P Switches 802.1X Authentication Bypass Vulnerability |
| CVE-2020-3228 | 2020-06-03 | Cisco IOS, IOS XE, and NX-OS Software Security Group Tag Exchange Protocol Denial of Service Vulnerability |
| CVE-2020-3198 | 2020-06-03 | Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities |
| CVE-2020-3199 | 2020-06-03 | Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities |
| CVE-2020-3200 | 2020-06-03 | Cisco IOS and IOS XE Software Secure Shell Denial of Service Vulnerability |
| CVE-2020-3232 | 2020-06-03 | Cisco ASR 920 Series Aggregation Services Router Model 12SZ-IM SNMP Denial of Service Vulnerability |
| CVE-2020-3233 | 2020-06-03 | Cisco IOx Application Framework Local Manager Stored Cross-Site Scripting Vulnerability |
| CVE-2020-7010 | 2020-06-03 | Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster... |
| CVE-2020-7011 | 2020-06-03 | Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a... |
| CVE-2020-7012 | 2020-06-03 | Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could... |
| CVE-2020-7013 | 2020-06-03 | Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated attacker with privileges to create TSVB visualizations could insert data that would cause Kibana to... |
| CVE-2020-7014 | 2020-06-03 | The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to... |
| CVE-2020-7015 | 2020-06-03 | Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the... |
| CVE-2020-3234 | 2020-06-03 | Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Static Credentials Vulnerability |
| CVE-2020-3235 | 2020-06-03 | Cisco IOS and IOS XE Software Simple Network Management Protocol Denial of Service Vulnerability |
| CVE-2020-3237 | 2020-06-03 | Cisco IOx Application Framework Arbitrary File Overwrite Vulnerability |
| CVE-2020-3238 | 2020-06-03 | Cisco IOx Application Framework Arbitrary File Creation Vulnerability |
| CVE-2020-3257 | 2020-06-03 | Cisco IOx Application Environment for IOS Software for Cisco Industrial Routers Vulnerabilities |
| CVE-2020-3258 | 2020-06-03 | Cisco IOS Software for Cisco Industrial Routers Arbitrary Code Execution Vulnerabilities |
| CVE-2020-3267 | 2020-06-03 | Cisco Unified Contact Center Express Improper API Authorization Vulnerability |
| CVE-2020-3281 | 2020-06-03 | Cisco Digital Network Architecture Center Information Disclosure Vulnerability |
| CVE-2020-3333 | 2020-06-03 | Cisco Application Services Engine Software Unauthenticated Event Policies Update Vulnerability |
| CVE-2020-3335 | 2020-06-03 | Cisco Application Services Engine Software Authorization Vulnerability |
| CVE-2020-3339 | 2020-06-03 | Cisco Prime Infrastructure SQL Injection Vulnerability |
| CVE-2020-3353 | 2020-06-03 | Cisco Identity Services Engine Denial of Service Vulnerability |
| CVE-2020-13379 | 2020-06-03 | The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL... |
| CVE-2020-13790 | 2020-06-03 | libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. |
| CVE-2020-13792 | 2020-06-03 | PlayTube 1.8 allows disclosure of user details via ajax.php?type=../admin-panel/autoload&page=manage-users directory traversal, aka local file inclusion. |
| CVE-2020-13798 | 2020-06-03 | An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/feeds/feed.class.php. |
| CVE-2020-13797 | 2020-06-03 | An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/websites/website.class.php. |
| CVE-2020-13796 | 2020-06-03 | An issue was discovered in Navigate CMS through 2.8.7. It allows XSS because of a lack of purify calls in lib/packages/structure/structure.class.php. |
| CVE-2020-13795 | 2020-06-03 | An issue was discovered in Navigate CMS through 2.8.7. It allows Directory Traversal because lib/packages/templates/template.class.php mishandles ../ and ..\ substrings. |
| CVE-2020-5295 | 2020-06-03 | Local File read vulnerability in OctoberCMS |
| CVE-2020-5298 | 2020-06-03 | Reflected XSS when importing CSV in OctoberCMS |
| CVE-2020-5297 | 2020-06-03 | Upload whitelisted files to any directory in OctoberCMS |
| CVE-2020-5296 | 2020-06-03 | Arbitrary File Deletion vulnerability in OctoberCMS |