Monthly Archive: June 2020

An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020). Date published : 2020-06-04...

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020). Date published : 2020-06-04 https://security.samsungmobile.com/securityUpdate.smsb

An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020). Date published : 2020-06-04...

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software. Secure Folder does not properly restrict use of Android Debug Bridge (adb) for arbitrary installations. The Samsung ID...

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The system area allows arbitrary file overwrites via a symlink attack. The Samsung ID is SVE-2020-17183 (June 2020). Date published...

An issue was discovered on Samsung mobile devices with Q(10.0) (with TEEGRIS on Exynos chipsets) software. The Widevine Trustlet allows arbitrary code execution because of memory disclosure, The Samsung IDs are SVE-2020-17117, SVE-2020-17118, SVE-2020-17119,...

An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 7570 chipsets) software. The Trustonic Kinibi component allows arbitrary memory mapping. The Samsung ID is SVE-2019-16665 (June 2020). Date published :...

An issue was discovered on Samsung mobile devices with P(9.0) software. One UI HOME logging can leak information. The Samsung ID is SVE-2019-16382 (June 2020). Date published : 2020-06-04 https://security.samsungmobile.com/securityUpdate.smsb

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can disable the SEAndroid protection mechanism in the RKP. The Samsung ID is SVE-2019-15998 (June 2020). Date published : 2020-06-04...

phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php. Date published : 2020-06-04 phpList 3.5.4 released: Security Release https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-004

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading ‘’ bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single...

In Zoho ManageEngine OpManager before 125144, when is used, directory traversal validation can be bypassed. Date published : 2020-06-04 https://www.manageengine.com/network-monitoring/help/read-me-complete.html https://www.zerodayinitiative.com/advisories/ZDI-20-691/

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The...

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference. Date published : 2020-06-04 https://www.foxitsoftware.com/support/security-bulletins.php