CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-1805 704 2020-06-03 2020-06-04
6.8
None Remote Medium Not required Partial Partial Partial
Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
2 CVE-2011-2863 200 +Info 2020-06-03 2020-06-04
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0.0 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
3 CVE-2013-7489 502 Exec Code 2020-06-26 2020-07-06
5.2
None Local Network Low ??? Partial Partial Partial
The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution.
4 CVE-2014-7173 78 2020-06-01 2020-06-02
7.5
None Remote Low Not required Partial Partial Partial
FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php.
5 CVE-2014-7174 22 Dir. Trav. 2020-06-01 2020-06-02
5.0
None Remote Low Not required Partial None None
FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature.
6 CVE-2014-7175 787 2020-06-01 2020-06-02
7.5
None Remote Low Not required Partial Partial Partial
FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php.
7 CVE-2014-8937 400 DoS 2020-06-01 2020-06-02
5.0
None Remote Low Not required None None Partial
Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources.
8 CVE-2014-8938 522 +Info 2020-06-01 2020-06-02
2.1
None Local Low Not required Partial None None
Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line.
9 CVE-2014-8939 22 Dir. Trav. +Info 2020-06-01 2020-06-02
4.3
None Remote Medium Not required Partial None None
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.
10 CVE-2014-8940 200 +Info 2020-06-01 2020-06-02
5.0
None Remote Low Not required Partial None None
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI.
11 CVE-2014-8941 89 Sql 2020-06-01 2020-06-02
7.5
None Remote Low Not required Partial Partial Partial
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.
12 CVE-2014-8942 352 CSRF 2020-06-01 2020-06-02
6.8
None Remote Medium Not required Partial Partial Partial
Lexiglot through 2014-11-20 allows CSRF.
13 CVE-2014-8943 918 2020-06-01 2020-06-02
6.5
None Remote Low ??? Partial Partial Partial
Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter.
14 CVE-2014-8944 79 XSS 2020-06-01 2020-06-02
3.5
None Remote Medium ??? None Partial None
Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter.
15 CVE-2014-8945 78 2020-06-01 2020-06-02
7.5
None Remote Low Not required Partial Partial Partial
admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields.
16 CVE-2014-9702 522 +Info 2020-06-01 2020-06-04
5.0
None Remote Low Not required Partial None None
system/classes/DbPDO.php in Cmfive through 2015-03-15, when database connectivity malfunctions, allows remote attackers to obtain sensitive information (username and password) via any request, such as a password reset request.
17 CVE-2015-9548 400 DoS 2020-06-19 2020-06-25
5.0
None Remote Low Not required None None Partial
An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.
18 CVE-2016-11062 732 Bypass 2020-06-19 2020-06-26
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.
19 CVE-2016-11063 79 XSS 2020-06-19 2020-06-25
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.
20 CVE-2016-11064 94 Exec Code 2020-06-19 2020-06-26
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection.
21 CVE-2016-11065 732 2020-06-19 2020-06-26
4.0
None Remote Low ??? None Partial None
An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance.
22 CVE-2016-11066 200 +Info 2020-06-19 2020-06-24
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.
23 CVE-2016-11067 20 2020-06-19 2020-06-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.
24 CVE-2016-11068 74 2020-06-19 2020-06-24
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.
25 CVE-2016-11069 521 2020-06-19 2020-06-26
5.0
None Remote Low Not required None Partial None
An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change.
26 CVE-2016-11070 79 XSS 2020-06-19 2020-06-25
3.5
None Remote Medium ??? None Partial None
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.
27 CVE-2016-11071 79 XSS 2020-06-19 2020-06-25
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.
28 CVE-2016-11072 287 2020-06-19 2020-06-26
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled.
29 CVE-2016-11073 79 XSS 2020-06-19 2020-06-25
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.
30 CVE-2016-11074 287 2020-06-19 2020-06-26
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.
31 CVE-2016-11075 200 +Info 2020-06-19 2020-06-25
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.
32 CVE-2016-11076 295 2020-06-19 2020-06-23
5.0
None Remote Low Not required Partial None None
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.
33 CVE-2016-11077 732 2020-06-19 2020-06-25
4.0
None Remote Low ??? None Partial None
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.
34 CVE-2016-11078 200 +Info 2020-06-19 2020-06-25
4.0
None Remote Low ??? Partial None None
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.
35 CVE-2016-11079 79 XSS 2020-06-19 2020-06-25
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.
36 CVE-2016-11080 732 2020-06-19 2020-06-25
4.0
None Remote Low ??? Partial None None
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.
37 CVE-2016-11081 200 +Info 2020-06-19 2020-06-25
4.0
None Remote Low ??? Partial None None
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.
38 CVE-2016-11082 79 XSS 2020-06-19 2020-06-25
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link.
39 CVE-2016-11083 79 XSS 2020-06-19 2020-06-25
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.
40 CVE-2016-11084 352 XSS CSRF 2020-06-19 2020-06-23
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.
41 CVE-2017-9103 119 Overflow 2020-06-18 2020-07-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records.
42 CVE-2017-9104 400 2020-06-18 2020-07-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered.
43 CVE-2017-9105 476 Exec Code 2020-06-18 2020-07-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution.
44 CVE-2017-9106 119 Overflow 2020-06-18 2020-07-02
5.0
None Remote Low Not required None None Partial
An issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun (depending on the sizes of the types on the current platform). Of course the inputs ought to be right. And there are pointers in there too, so perhaps one could say that the caller ought to check these things. It may be better to require the caller to make the pointer structure right, but to have the code here be defensive about (and tolerate with an error but without crashing) out-of-range integer values. So: it should defend each of these integer conversion sites with a check for the actual permitted range, and return adns_s_invaliddata if not. The lack of this check causes the SOA sign extension bug to be a serious security problem: the sign extended SOA value is out of range, and overruns the buffer when reconverted. This is related to sign extending SOA 32-bit integer fields, and use of a signed data type.
45 CVE-2017-9107 119 DoS Overflow 2020-06-18 2020-07-02
5.0
None Remote Low Not required None None Partial
An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with \, and adns_qf_quoteok_query was specified, qdparselabel would read additional bytes from the buffer and try to treat them as the escape sequence. It would depart the input buffer and start processing many bytes of arbitrary heap data as if it were the query domain. Eventually it would run out of input or find some other kind of error, and declare the query domain invalid. But before then it might outrun available memory and crash. In principle this could be a denial of service attack.
46 CVE-2017-9108 119 Overflow 2020-06-18 2020-07-02
5.0
None Remote Low Not required None None Partial
An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte.
47 CVE-2017-9109 119 Overflow 2020-06-18 2020-07-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the CNAME itself. In that case the answer data structure (on the heap) can be overrun. With this fixed, it prefers to look only at the answer RRs which come after the CNAME, which is at least arguably correct.
48 CVE-2017-18869 367 2020-06-15 2020-06-17
1.9
None Local Medium Not required None Partial None
A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.
49 CVE-2017-18870 732 2020-06-19 2020-06-29
3.5
None Remote Medium ??? None Partial None
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.
50 CVE-2017-18871 DoS 2020-06-19 2020-06-26
5.0
None Remote Low Not required None None Partial
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name.
Total number of vulnerabilities : 1786   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.