CVE-2020-13247
BooleBox Secure File Sharing Utility (potentially all versions) allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area.
Source: CVE-2020-13247
[월:] 2020년 06월
CVE-2020-13248
CVE-2020-13248
BooleBox Secure File Sharing Utility (potentially all versions) allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx.
Source: CVE-2020-13248
CVE-2020-15025
CVE-2020-15025
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
Source: CVE-2020-15025
CVE-2020-15026
CVE-2020-15026
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php.
Source: CVE-2020-15026
CVE-2020-3962
CVE-2020-3962
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.
Source: CVE-2020-3962
CVE-2020-14473
CVE-2020-14473
Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1.
Source: CVE-2020-14473
CVE-2020-11961
CVE-2020-11961
Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive information leakage caused by an insecure interface get_config_result without authentication
Source: CVE-2020-11961
CVE-2020-14472
CVE-2020-14472
DrayTek Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1 is affected by a remote code injection/execution vulnerability.
Source: CVE-2020-14472
CVE-2020-11960
CVE-2020-11960
Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS
Source: CVE-2020-11960
CVE-2020-10561
CVE-2020-10561
An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. Injecting parameters to ippserver through the web management background, resulting in command execution vulnerabilities.
Source: CVE-2020-10561