CVE List - 2020 / June
Showing 1001 - 1100 of 1807 CVEs for June 2020 (Page 11 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-11906 | 2020-06-17 | The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow. |
| CVE-2020-11907 | 2020-06-17 | The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP. |
| CVE-2020-11908 | 2020-06-17 | The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP. |
| CVE-2020-11909 | 2020-06-17 | The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. |
| CVE-2020-11910 | 2020-06-17 | The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read. |
| CVE-2020-11911 | 2020-06-17 | The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control. |
| CVE-2020-11912 | 2020-06-17 | The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read. |
| CVE-2020-11913 | 2020-06-17 | The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. |
| CVE-2020-11914 | 2020-06-17 | The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read. |
| CVE-2020-13224 | 2020-06-17 | TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build... |
| CVE-2020-12827 | 2020-06-17 | MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document. |
| CVE-2020-14295 | 2020-06-17 | A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts... |
| CVE-2018-21247 | 2020-06-17 | An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. |
| CVE-2019-20840 | 2020-06-17 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode. |
| CVE-2019-20839 | 2020-06-17 | libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename. |
| CVE-2020-14405 | 2020-06-17 | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. |
| CVE-2020-14404 | 2020-06-17 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. |
| CVE-2020-14403 | 2020-06-17 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. |
| CVE-2020-14402 | 2020-06-17 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. |
| CVE-2020-14401 | 2020-06-17 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. |
| CVE-2020-14400 | 2020-06-17 | An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there... |
| CVE-2020-14399 | 2020-06-17 | An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed. |
| CVE-2020-14398 | 2020-06-17 | An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c. |
| CVE-2020-14397 | 2020-06-17 | An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. |
| CVE-2020-14396 | 2020-06-17 | An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference. |
| CVE-2020-7664 | 2020-06-17 | Arbitrary File Write via Archive Extraction (Zip Slip) |
| CVE-2020-7668 | 2020-06-17 | Arbitrary File Write via Archive Extraction (Zip Slip) |
| CVE-2019-9944 | 2020-06-17 | In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. This occurs because the Bio-Formats feature allows an image... |
| CVE-2019-9943 | 2020-06-17 | In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are... |
| CVE-2020-7932 | 2020-06-17 | OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link... |
| CVE-2019-16245 | 2020-06-17 | OMERO before 5.6.1 makes the details of each user available to all users. |
| CVE-2020-6752 | 2020-06-17 | In OMERO before 5.6.1, group owners can access members' data in other groups. |
| CVE-2020-13637 | 2020-06-17 | An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms. It stores the client_key, the device_id, and the public key for... |
| CVE-2020-9332 | 2020-06-17 | ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 allows privilege escalation via crafted IoCtl code related to a USB HID device. |
| CVE-2020-6869 | 2020-06-17 | All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie... |
| CVE-2020-4532 | 2020-06-17 | IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a... |
| CVE-2020-14408 | 2020-06-17 | An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content,... |
| CVE-2020-14040 | 2020-06-17 | The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run... |
| CVE-2020-14157 | 2020-06-17 | The wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it... |
| CVE-2020-8618 | 2020-06-17 | A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer |
| CVE-2020-8619 | 2020-06-17 | A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer |
| CVE-2020-14422 | 2020-06-18 | Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application... |
| CVE-2020-3277 | 2020-06-18 | Cisco Small Business RV Series Routers Command Injection Vulnerabilities |
| CVE-2020-3278 | 2020-06-18 | Cisco Small Business RV Series Routers Command Injection Vulnerabilities |
| CVE-2020-3279 | 2020-06-18 | Cisco Small Business RV Series Routers Command Injection Vulnerabilities |
| CVE-2020-3286 | 2020-06-18 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabilities |
| CVE-2020-3287 | 2020-06-18 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabilities |
| CVE-2020-3288 | 2020-06-18 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabilities |
| CVE-2020-3289 | 2020-06-18 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabilities |
| CVE-2020-3290 | 2020-06-18 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabilities |
| CVE-2020-3291 | 2020-06-18 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabilities |
| CVE-2020-3292 | 2020-06-18 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabilities |
| CVE-2020-3293 | 2020-06-18 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabilities |
| CVE-2020-3294 | 2020-06-18 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabilities |
| CVE-2020-3295 | 2020-06-18 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabilities |
| CVE-2020-3296 | 2020-06-18 | Cisco Small Business RV Series Routers Stack Overflow Arbitrary Code Execution Vulnerabilities |
| CVE-2020-3336 | 2020-06-18 | Cisco TelePresence Collaboration Endpoint and RoomOS Software Command Injection Vulnerability |
| CVE-2020-3337 | 2020-06-18 | Cisco Umbrella Open Redirect Vulnerability |
| CVE-2020-3342 | 2020-06-18 | Cisco Webex Meetings Desktop App for Mac Update Feature Code Execution Vulnerability |
| CVE-2020-3347 | 2020-06-18 | Cisco Webex Meetings Desktop App for Windows Shared Memory Information Disclosure Vulnerability |
| CVE-2020-3350 | 2020-06-18 | Cisco AMP for Endpoints and ClamAV Privilege Escalation Vulnerability |
| CVE-2020-3354 | 2020-06-18 | Cisco Data Center Network Manager Stored Cross-Site Scripting Vulnerability |
| CVE-2020-3355 | 2020-06-18 | Cisco Data Center Network Manager Stored Cross-Site Scripting Vulnerability |
| CVE-2020-3356 | 2020-06-18 | Cisco Data Center Network Manager Stored Cross-Site Scripting Vulnerability |
| CVE-2020-3360 | 2020-06-18 | Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability |
| CVE-2020-3361 | 2020-06-18 | Cisco Webex Meetings and Cisco Webex Meetings Server Token Handling Unauthorized Access Vulnerability |
| CVE-2020-3362 | 2020-06-18 | Cisco Network Services Orchestrator Information Disclosure Vulnerability |
| CVE-2020-3364 | 2020-06-18 | Cisco IOS XR Software Standby Route Processor Gigabit Ethernet Management Interface Access Control List Bypass Vulnerability |
| CVE-2020-3368 | 2020-06-18 | Cisco Email Security Appliance URL Filtering Bypass Vulnerability |
| CVE-2020-3236 | 2020-06-18 | Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability |
| CVE-2020-3241 | 2020-06-18 | Cisco UCS Director Path Traversal Vulnerability |
| CVE-2020-3242 | 2020-06-18 | Cisco UCS Director Information Disclosure Vulnerability |
| CVE-2020-3244 | 2020-06-18 | Cisco ASR 5000 Series Aggregation Services Routers Enhanced Charging Service Rule Bypass Vulnerability |
| CVE-2020-3245 | 2020-06-18 | Cisco Smart Software Manager On-Prem Improper Access Control Vulnerability |
| CVE-2020-3263 | 2020-06-18 | Cisco Webex Meetings Desktop App URL Filtering Arbitrary Program Execution Vulnerability |
| CVE-2020-3268 | 2020-06-18 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Management Interface Vulnerabilities |
| CVE-2020-3269 | 2020-06-18 | Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Management Interface Vulnerabilities |
| CVE-2020-3274 | 2020-06-18 | Cisco Small Business RV Series Routers Command Injection Vulnerabilities |
| CVE-2020-3275 | 2020-06-18 | Cisco Small Business RV Series Routers Command Injection Vulnerabilities |
| CVE-2020-3276 | 2020-06-18 | Cisco Small Business RV Series Routers Command Injection Vulnerabilities |
| CVE-2020-14416 | 2020-06-18 | In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and... |
| CVE-2020-10782 | 2020-06-18 | An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information, such tokens and other secrets could be readable and exposed from the rsyslog configuration file, which... |
| CVE-2020-14421 | 2020-06-18 | aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen. |
| CVE-2017-9109 | 2020-06-18 | An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second... |
| CVE-2017-9108 | 2020-06-18 | An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since... |
| CVE-2017-9107 | 2020-06-18 | An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with \, and adns_qf_quoteok_query was specified,... |
| CVE-2017-9106 | 2020-06-18 | An issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if... |
| CVE-2017-9105 | 2020-06-18 | An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be... |
| CVE-2020-14423 | 2020-06-18 | Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOS_LOCAL_SECRET value, affecting password resets and invitations. |
| CVE-2020-1835 | 2020-06-18 | HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. A logic judgment error occurs when the system handling Bluetooth connections, an attacker could craft as an... |
| CVE-2020-9225 | 2020-06-18 | FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow... |
| CVE-2020-1834 | 2020-06-18 | HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C00E135R2P11) and versions earlier than 10.1.0.135(C00E135R2P8) have an insufficient integrity check vulnerability. The system does not check certain software package's... |
| CVE-2020-13640 | 2020-06-18 | A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request.... |
| CVE-2017-9104 | 2020-06-18 | An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered. |
| CVE-2017-9103 | 2020-06-18 | An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length.... |
| CVE-2020-11503 | 2020-06-18 | A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely. |
| CVE-2020-14426 | 2020-06-18 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11,... |
| CVE-2020-14427 | 2020-06-18 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25,... |
| CVE-2020-14428 | 2020-06-18 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25,... |
| CVE-2020-14429 | 2020-06-18 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25,... |