Security Vulnerabilities - CVEs Published In June 2020
The SportsPress plugin before 2.7.2 for WordPress allows XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-06-09
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.209
Published
2020-06-09
The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-09
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to break out of its sandbox.
CVSS Score
8.6
EPSS Score
0.002
Published
2020-06-09
An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5. A person with physical access to an iOS device may be able to view notification contents from the lockscreen.
CVSS Score
2.4
EPSS Score
0.001
Published
2020-06-09
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.843
Published
2020-06-09
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to modify protected parts of the file system.
CVSS Score
5.5
EPSS Score
0.002
Published
2020-06-09
An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges.
CVSS Score
7.8
EPSS Score
0.005
Published
2020-06-09
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Catalina 10.15.5. A local attacker may be able to elevate their privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-06-09
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges.
CVSS Score
5.3
EPSS Score
0.189
Published
2020-06-09