Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2020
A privilege escalation vulnerability exists within Global RADAR BSA Radar 1.6.7234.24750 and earlier that allows an authenticated, low-privileged user to escalate their privileges to administrator rights (i.e., the BankAdmin role) via modified SaveUser data.
CVSS Score
8.8
EPSS Score
0.152
Published
2020-06-22
In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.
CVSS Score
3.5
EPSS Score
0.002
Published
2020-06-22
IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain privileges for file deletion by manipulating the Clean & Optimize feature with an NTFS junction and an Object Manager symbolic link.
CVSS Score
7.1
EPSS Score
0.001
Published
2020-06-22
In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key.
CVSS Score
9.8
EPSS Score
0.002
Published
2020-06-22
The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.
CVSS Score
9.8
EPSS Score
0.007
Published
2020-06-22
A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super user function of quay. Attackers are able to use the name field of service key to inject scripts and make it run when admin users try to change the name.
CVSS Score
4.7
EPSS Score
0.004
Published
2020-06-22
Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
CVSS Score
9.8
EPSS Score
0.76
Published
2020-06-22
A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients.
CVSS Score
6.4
EPSS Score
0.002
Published
2020-06-22
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.
CVSS Score
6.6
EPSS Score
0.006
Published
2020-06-22
The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to read or write to physical disc sectors via a \\.\SecureDocDevice handle. Exploiting this vulnerability results in privileged code execution.
CVSS Score
7.8
EPSS Score
0.011
Published
2020-06-22


Contact Us

Shodan ® - All rights reserved