LiveActive security incident?Get immediate response
CVE archive

June 2020

Browse CVE records published in June 2020, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 1976 matching CVEs · Page 2 of 40.

Medium · CVSS 5.9

CVE-2020-14145: The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in...

The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.

Published Jun 29, 2020 · Updated Dec 18, 2025

Unknown · CVSS Not scored

CVE-2020-27339: In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and Co...

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5).

Published Jun 16, 2021 · Updated Nov 4, 2025

High · CVSS 7.5 · CISA KEV

CVE-2020-5410: Directory Traversal with spring-cloud-config-server

Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.

Published Jun 2, 2020 · Updated Oct 21, 2025

High · CVSS 7.8 · CISA KEV

CVE-2020-9859: A memory consumption issue was addressed with improved memory handling.

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.

Published Jun 5, 2020 · Updated Oct 21, 2025

High · CVSS 7.8 · CISA KEV

CVE-2020-0986: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in...

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1237, CVE-2020-1246, CVE-2020-1262, CVE-2020-1264, CVE-2020-1266, CVE-2020-1269, CVE-2020-1273, CVE-2020-1274, CVE-2020-1275, CVE-2020-1276, CVE-2020-1307, CVE-2020-1316.

Published Jun 9, 2020 · Updated Oct 21, 2025

Critical · CVSS 10 · CISA KEV

CVE-2020-2021: PAN-OS: Authentication Bypass in SAML Authentication

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability. This issue affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0 (EOL). This issue does not affect PAN-OS 7.1. This issue cannot be exploited if SAML is not used for authentication. This issue cannot be exploited if the 'Validate Identity Provider Certificate' option is enabled (checked) in the SAML Identity Provider Server Profile. Resources that can be protected by SAML-based single sign-on (SSO) authentication are: GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN, Authentication and Captive Portal, PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces, Prisma Access In the case of GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, and Prisma Access, an unauthenticated attacker with network access to the affected servers can gain access to protected resources if allowed by configured authentication and Security policies. There is no impact on the integrity and availability of the gateway, portal or VPN server. An attacker cannot inspect or tamper with sessions of regular users. In the worst case, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N). In the case of PAN-OS and Panorama web interfaces, this issue allows an unauthenticated attacker with network access to the PAN-OS or Panorama web interfaces to log in as an administrator and perform administrative actions. In the worst-case scenario, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). If the web interfaces are only accessible to a restricted management network, then the issue is lowered to a CVSS Base Score of 9.6 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability.

Published Jun 29, 2020 · Updated Oct 21, 2025

High · CVSS 7.8 · CISA KEV

CVE-2020-11261: Memory corruption due to improper check to return error when user application requests memory allocation of...

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Published Jun 9, 2021 · Updated Oct 21, 2025

High · CVSS 8.1

CVE-2020-14061: FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and...

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).

Published Jun 14, 2020 · Updated Aug 27, 2025

Low · CVSS 3.7

CVE-2020-11080: Denial of service in nghttp2

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.

Published Jun 3, 2020 · Updated Jun 9, 2025

Low · CVSS 2

CVE-2020-12023: Philips IntelliBridge Enterprise IBE Insertion of Sensitive Information into Log File

Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). Unencrypted user credentials received in the IntelliBridge Enterprise (IBE) are logged within the transaction logs, which are secured behind the login based administrative web portal. The unencrypted user credentials sent from the affected products listed above, for the purpose of handshake or authentication with the Enterprise Systems, are logged as the payload in IntelliBridge Enterprise (IBE) within the transaction logs. An attacker with administrative privileges could exploit this vulnerability to read plain text credentials from log files.

Published Jun 11, 2020 · Updated Jun 4, 2025

Low · CVSS 3.6

CVE-2020-14477: Philips Ultrasound Systems Authentication Bypass Using an Alternate Path or Channel

In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.

Published Jun 26, 2020 · Updated Jun 4, 2025

High · CVSS 7.4

CVE-2020-13817: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (...

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.

Published Jun 4, 2020 · Updated May 5, 2025

High · CVSS 8.8

CVE-2020-9802: A logic issue was addressed with improved restrictions.

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.

Published Jun 9, 2020 · Updated May 5, 2025

Medium · CVSS 5.9

CVE-2020-36547: GE Voluson S8 Service Browser hard-coded credentials

A vulnerability was found in GE Voluson S8. It has been rated as critical. This issue affects the Service Browser which itroduces hard-coded credentials. Attacking locally is a requirement. It is recommended to change the configuration settings.

Published Jun 17, 2022 · Updated Apr 16, 2025

Medium · CVSS 5.9

CVE-2020-36548: GE Voluson S8 Service Browser users.cgi improper authentication

A vulnerability classified as problematic has been found in GE Voluson S8. Affected is the file /uscgi-bin/users.cgi of the Service Browser. The manipulation leads to improper authentication and elevated access possibilities. It is possible to launch the attack on the local host.

Published Jun 17, 2022 · Updated Apr 16, 2025

Low · CVSS 3.5

CVE-2020-36523: PlantUML Database Information Macro cross site scripting

A vulnerability was found in PlantUML 6.43. It has been declared as problematic. Affected by this vulnerability is the component Database Information Macro. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Published Jun 3, 2022 · Updated Apr 15, 2025

Low · CVSS 3.5

CVE-2020-36524: Refined Toolkit UI-Image/UI-Button cross site scripting

A vulnerability was found in Refined Toolkit. It has been rated as problematic. Affected by this issue is some unknown functionality of the component UI-Image/UI-Button. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Published Jun 3, 2022 · Updated Apr 15, 2025

Low · CVSS 3.5

CVE-2020-36525: Linking New Windows Macro cross site scripting

A vulnerability classified as problematic has been found in Linking. This affects an unknown part of the component New Windows Macro. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Published Jun 3, 2022 · Updated Apr 15, 2025

Low · CVSS 3.5

CVE-2020-36526: Countdown Timer Macro cross site scripting

A vulnerability classified as problematic was found in Countdown Timer. This vulnerability affects unknown code of the component Macro Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Published Jun 3, 2022 · Updated Apr 15, 2025