Weekly Vulnerabilities Reports > April 6 to 12, 2020
Overview
372 new vulnerabilities reported during this period, including 29 critical vulnerabilities and 85 high severity vulnerabilities. This weekly summary report vulnerabilities in 308 products from 107 vendors including Google, Juniper, Samsung, IBM, and Cipplanner. Vulnerabilities are notably categorized as "Information Exposure", "Improper Input Validation", "Cross-site Scripting", "Out-of-bounds Write", and "Classic Buffer Overflow".
- 295 reported vulnerabilities are remotely exploitables.
- 79 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 310 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 146 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 14 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
29 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-04-10 | CVE-2015-8546 | Google Samsung | Out-of-bounds Write vulnerability in Google Android An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. | 10.0 |
2020-04-09 | CVE-2020-10621 | Advantech | Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess/Nms Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). | 10.0 |
2020-04-08 | CVE-2020-1615 | Juniper | Use of Hard-coded Credentials vulnerability in Juniper Junos The factory configuration for vMX installations, as shipped, includes default credentials for the root account. | 10.0 |
2020-04-08 | CVE-2018-21072 | Out-of-bounds Read vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos chipsets) software. | 10.0 | |
2020-04-08 | CVE-2018-21066 | Classic Buffer Overflow vulnerability in Google Android 6.0 An issue was discovered on Samsung mobile devices with M(6.0) (Exynos or MediaTek chipsets) software. | 10.0 | |
2020-04-08 | CVE-2018-21063 | Unspecified vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. | 10.0 | |
2020-04-08 | CVE-2018-21057 | Out-of-bounds Write vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) O(8.x, and P(9.0) (Exynos chipsets) software. | 10.0 | |
2020-04-08 | CVE-2018-21055 | Google Qualcomm | Improper Input Validation vulnerability in Google Android 7.0 An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. | 10.0 |
2020-04-08 | CVE-2018-21052 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. | 10.0 | |
2020-04-08 | CVE-2018-21051 | Injection vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. | 10.0 | |
2020-04-08 | CVE-2018-21050 | Classic Buffer Overflow vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. | 10.0 | |
2020-04-08 | CVE-2018-21049 | Out-of-bounds Write vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. | 10.0 | |
2020-04-08 | CVE-2020-11600 | Out-of-bounds Write vulnerability in Google Android 10.0 An issue was discovered on Samsung mobile devices with Q(10.0) software. | 10.0 | |
2020-04-08 | CVE-2018-21090 | Classic Buffer Overflow vulnerability in Google Android An issue was discovered on Samsung mobile devices with software through 2017-11-03 (S.LSI modem chipsets). | 10.0 | |
2020-04-08 | CVE-2018-21089 | Google Mediatek | Integer Overflow or Wraparound vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) (MT6755/MT6757 Mediatek models) software. | 10.0 |
2020-04-08 | CVE-2020-11543 | Opsramp | Use of Hard-coded Credentials vulnerability in Opsramp Gateway 3.0.0 OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the password 9vt@f3Vt that allows root SSH access to the server. | 10.0 |
2020-04-07 | CVE-2017-18681 | Samsung | Classic Buffer Overflow vulnerability in Samsung Galaxy S5 Firmware 20161220 An issue was discovered on Samsung Galaxy S5 mobile devices with software through 2016-12-20 (Qualcomm AP chipsets). | 10.0 |
2020-04-12 | CVE-2020-11722 | Dungeon Crawl Stone Soup Project | Unrestricted Upload of File with Dangerous Type vulnerability in Dungeon Crawl Stone Soup Project Dungeon Crawl Stone Soup Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file. | 9.8 |
2020-04-12 | CVE-2020-11710 | Konghq | Unspecified vulnerability in Konghq Docker-Kong An issue was discovered in docker-kong (for Kong) through 2.0.3. | 9.8 |
2020-04-12 | CVE-2020-11708 | Provideserver | Improper Privilege Management vulnerability in Provideserver Provide FTP Server 13.1 An issue was discovered in ProVide (formerly zFTPServer) through 13.1. | 9.8 |
2020-04-08 | CVE-2018-21054 | Integer Overflow or Wraparound vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.0), N(7.x) and O(8.x) except exynos9610/9820 in all Platforms, M(6.0) except MSM8909 SC77xx/9830 exynos3470/5420, N(7.0) except MSM8939, N(7.1) except MSM8996 SDM6xx/M6737T software. | 9.8 | |
2020-04-07 | CVE-2020-11514 | Rankmath | Missing Authorization vulnerability in Rankmath SEO The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint. | 9.8 |
2020-04-08 | CVE-2020-1614 | Juniper | Use of Hard-coded Credentials vulnerability in Juniper Junos A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, which allows an attacker to take control of the vSRX VNF instance if they have the ability to access an administrative service (e.g. | 9.3 |
2020-04-08 | CVE-2020-1992 | Paloaltonetworks | Use of Externally-Controlled Format String vulnerability in Paloaltonetworks Pan-Os A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root privileges. | 9.3 |
2020-04-06 | CVE-2020-11581 | Pulsesecure | OS Command Injection vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. | 9.3 |
2020-04-10 | CVE-2020-11002 | Dropwizard | Injection vulnerability in Dropwizard Validation dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote code execution vulnerability. | 9.0 |
2020-04-08 | CVE-2020-1990 | Paloaltonetworks | Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges. | 9.0 |
2020-04-06 | CVE-2019-19699 | Centreon | Improper Privilege Management vulnerability in Centreon There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. | 9.0 |
2020-04-06 | CVE-2020-10265 | Universal Robots | Missing Authentication for Critical Function vulnerability in Universal-Robots UR Software Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, CB3 SW Version 3.0 and upwards, e-series SW Version 5.0 and upwards expose a service called DashBoard server at port 29999 that allows for control over core robot functions like starting/stopping programs, shutdown, reset safety and more. | 9.0 |
85 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-04-08 | CVE-2020-8828 | Argoproj | Insecure Default Initialization of Resource vulnerability in Argoproj Argo CD As of v1.5.0, the default admin password is set to the argocd-server pod name. | 8.8 |
2020-04-06 | CVE-2020-9473 | Siedle | Missing Authentication for Critical Function vulnerability in Siedle SG 150-0 Firmware 1.1.0 The S. | 8.5 |
2020-04-07 | CVE-2020-11620 | Fasterxml Debian Netapp Oracle | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). | 8.1 |
2020-04-07 | CVE-2020-11619 | Fasterxml Debian Netapp Oracle | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). | 8.1 |
2020-04-08 | CVE-2020-5735 | Amcrest | Out-of-bounds Write vulnerability in Amcrest products Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. | 8.0 |
2020-04-12 | CVE-2020-11725 | Linux | Unspecified vulnerability in Linux Kernel snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept. | 7.8 |
2020-04-10 | CVE-2015-9547 | Information Exposure vulnerability in Google Android 4.3/4.4.2 An issue was discovered on Samsung mobile devices with JBP(4.3) and KK(4.4.2) software. | 7.8 | |
2020-04-08 | CVE-2020-1617 | Juniper | Improper Initialization vulnerability in Juniper Junos This issue occurs on Juniper Networks Junos OS devices which do not support Advanced Forwarding Interface (AFI) / Advanced Forwarding Toolkit (AFT). | 7.8 |
2020-04-08 | CVE-2018-21088 | Improper Handling of Exceptional Conditions vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) software. | 7.8 | |
2020-04-08 | CVE-2018-21091 | Improper Handling of Exceptional Conditions vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. | 7.8 | |
2020-04-07 | CVE-2020-11560 | Nchsoftware | Insufficiently Protected Credentials vulnerability in Nchsoftware Express Invoice 7.25 NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file. | 7.8 |
2020-04-07 | CVE-2017-18685 | Improper Input Validation vulnerability in Google Android An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. | 7.8 | |
2020-04-07 | CVE-2017-18682 | Improper Handling of Exceptional Conditions vulnerability in Google Android An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. | 7.8 | |
2020-04-07 | CVE-2017-18679 | Improper Input Validation vulnerability in Google Android 6.0 An issue was discovered on Samsung mobile devices with M(6.0) software. | 7.8 | |
2020-04-07 | CVE-2017-18674 | Improper Input Validation vulnerability in Google Android 7.0 An issue was discovered on Samsung mobile devices with N(7.0) software. | 7.8 | |
2020-04-07 | CVE-2016-11039 | NULL Pointer Dereference vulnerability in Google Android An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (AP + CP MDM9x35, or Qualcomm Onechip) software. | 7.8 | |
2020-04-07 | CVE-2016-11031 | Improper Input Validation vulnerability in Google Android An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. | 7.8 | |
2020-04-07 | CVE-2016-11026 | Improper Handling of Exceptional Conditions vulnerability in Google Android An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. | 7.8 | |
2020-04-12 | CVE-2020-11705 | Provideserver | Path Traversal vulnerability in Provideserver Provide FTP Server 13.1 An issue was discovered in ProVide (formerly zFTPServer) through 13.1. | 7.5 |
2020-04-10 | CVE-2020-11647 | Wireshark Debian Opensuse | Uncontrolled Recursion vulnerability in multiple products In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. | 7.5 |
2020-04-10 | CVE-2020-5330 | Dell | Information Exposure vulnerability in Dell products Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. | 7.5 |
2020-04-10 | CVE-2015-5524 | Classic Buffer Overflow vulnerability in Google Android 4.4 An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-05-13. | 7.5 | |
2020-04-10 | CVE-2019-7305 | Extplorer | Files or Directories Accessible to External Parties vulnerability in Extplorer 2.0.0/2.1.0 Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. | 7.5 |
2020-04-09 | CVE-2020-8961 | Avira | Code Injection vulnerability in Avira Free Antivirus An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. | 7.5 |
2020-04-09 | CVE-2020-10631 | Advantech | Path Traversal vulnerability in Advantech Webaccess/Nms An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | 7.5 |
2020-04-09 | CVE-2020-10625 | Advantech | Missing Authentication for Critical Function vulnerability in Advantech Webaccess/Nms WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account. | 7.5 |
2020-04-09 | CVE-2020-11656 | Sqlite Netapp Oracle Siemens Tenable | Use After Free vulnerability in multiple products In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. | 7.5 |
2020-04-08 | CVE-2020-11653 | Varnish Cache Varnish Software Opensuse Debian | Reachable Assertion vulnerability in multiple products An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. | 7.5 |
2020-04-08 | CVE-2020-8827 | Argoproj | Improper Restriction of Excessive Authentication Attempts vulnerability in Argoproj Argo CD As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures. | 7.5 |
2020-04-08 | CVE-2020-8826 | Argoproj | Session Fixation vulnerability in Argoproj Argo CD As of v1.5.0, the Argo web interface authentication system issued immutable tokens. | 7.5 |
2020-04-08 | CVE-2020-1639 | Juniper | Improper Handling of Exceptional Conditions vulnerability in Juniper Junos When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition. | 7.5 |
2020-04-08 | CVE-2020-10980 | Gitlab | Server-Side Request Forgery (SSRF) vulnerability in Gitlab GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration. | 7.5 |
2020-04-08 | CVE-2018-21075 | Unspecified vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. | 7.5 | |
2020-04-08 | CVE-2018-21071 | Information Exposure vulnerability in Google Android 6.0 An issue was discovered on Samsung mobile devices with M(6.0) software. | 7.5 | |
2020-04-08 | CVE-2018-21065 | Integer Underflow (Wrap or Wraparound) vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. | 7.5 | |
2020-04-08 | CVE-2018-21064 | Classic Buffer Overflow vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. | 7.5 | |
2020-04-08 | CVE-2018-21058 | Google Samsung | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Google Android 7.0/8.0 An issue was discovered on Samsung mobile devices with N(7.0), O(8.0) (exynos7420 or Exynos 8890/8996 chipsets) software. | 7.5 |
2020-04-08 | CVE-2018-21044 | Classic Buffer Overflow vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) software. | 7.5 | |
2020-04-08 | CVE-2018-21042 | Missing Authorization vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. | 7.5 | |
2020-04-08 | CVE-2018-21038 | Improper Authentication vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) software. | 7.5 | |
2020-04-08 | CVE-2020-11603 | Type Confusion vulnerability in Google Android 10.0/9.0 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. | 7.5 | |
2020-04-08 | CVE-2018-21087 | Out-of-bounds Write vulnerability in Google Android An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software. | 7.5 | |
2020-04-08 | CVE-2017-18645 | Out-of-bounds Write vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) (Qualcomm chipsets) software. | 7.5 | |
2020-04-08 | CVE-2017-18644 | Out-of-bounds Write vulnerability in Google Android An issue was discovered on Samsung mobile devices with L(5.1), M(6.x), and N(7.x) software. | 7.5 | |
2020-04-08 | CVE-2020-11630 | Primekey | Deserialization of Untrusted Data vulnerability in Primekey Ejbca 7.0.0 An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. | 7.5 |
2020-04-07 | CVE-2020-6974 | Honeywell | Path Traversal vulnerability in Honeywell Notifier Webserver 3.50 Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories. | 7.5 |
2020-04-07 | CVE-2020-11612 | Netty Debian Fedoraproject Netapp Oracle | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. | 7.5 |
2020-04-07 | CVE-2013-7488 | Convert Fedoraproject | Infinite Loop vulnerability in multiple products perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input. | 7.5 |
2020-04-07 | CVE-2017-18691 | Google Samsung | Classic Buffer Overflow vulnerability in Google Android 6.0/7.0 An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos8890 chipsets) software. | 7.5 |
2020-04-07 | CVE-2017-18690 | Google Samsung | Classic Buffer Overflow vulnerability in Google Android An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) (Exynos54xx, Exynos7420, Exynos8890, or Exynos8895 chipsets) software. | 7.5 |
2020-04-07 | CVE-2017-18684 | Improper Input Validation vulnerability in Google Android 5.0/5.1/6.0 An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. | 7.5 | |
2020-04-07 | CVE-2017-18683 | Improper Input Validation vulnerability in Google Android 5.0/5.1/6.0 An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. | 7.5 | |
2020-04-07 | CVE-2017-18661 | Classic Buffer Overflow vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. | 7.5 | |
2020-04-07 | CVE-2017-18660 | Classic Buffer Overflow vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. | 7.5 | |
2020-04-07 | CVE-2017-18655 | Out-of-bounds Write vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. | 7.5 | |
2020-04-07 | CVE-2017-18652 | Injection vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. | 7.5 | |
2020-04-07 | CVE-2020-7614 | NPM Programmatic Project | OS Command Injection vulnerability in Npm-Programmatic Project Npm-Programmatic 0.0.12 npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly. | 7.5 |
2020-04-07 | CVE-2017-18696 | Google Qualcomm Samsung | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 6.0/7.0 An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos7420, Exynos8890, or MSM8996 chipsets) software. | 7.5 |
2020-04-07 | CVE-2017-18693 | Classic Buffer Overflow vulnerability in Google Android An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. | 7.5 | |
2020-04-07 | CVE-2016-11038 | Google Samsung | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). | 7.5 |
2020-04-07 | CVE-2016-11036 | Missing Authorization vulnerability in Google Android 6.0 An issue was discovered on Samsung mobile devices with M(6.0) software. | 7.5 | |
2020-04-07 | CVE-2016-11033 | Out-of-bounds Write vulnerability in Google Android 6.0 An issue was discovered on Samsung mobile devices with M(6.0) software. | 7.5 | |
2020-04-07 | CVE-2016-11028 | Google Samsung | Out-of-bounds Write vulnerability in Google Android An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). | 7.5 |
2020-04-07 | CVE-2016-11025 | Out-of-bounds Write vulnerability in Google Android An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). | 7.5 | |
2020-04-06 | CVE-2020-11586 | Cipplanner | XXE vulnerability in Cipplanner Cipace 6.80 An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. | 7.5 |
2020-04-06 | CVE-2020-11598 | Cipplanner | Improper Authentication vulnerability in Cipplanner Cipace 6.80 An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. | 7.5 |
2020-04-06 | CVE-2020-11597 | Cipplanner | SQL Injection vulnerability in Cipplanner Cipace 6.80 An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. | 7.5 |
2020-04-06 | CVE-2020-11545 | Projectworlds | SQL Injection vulnerability in Projectworlds Official CAR Rental System 1.0 Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to bypass the login authentication prompt. | 7.5 |
2020-04-06 | CVE-2020-7622 | Jooby | Unspecified vulnerability in Jooby This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. | 7.5 |
2020-04-06 | CVE-2020-7636 | ADB Driver Project | Injection vulnerability in Adb-Driver Project Adb-Driver adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function. | 7.5 |
2020-04-06 | CVE-2020-7635 | Compass Compile Project | Injection vulnerability in Compass-Compile Project Compass-Compile 0.0.1 compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument. | 7.5 |
2020-04-06 | CVE-2020-7634 | Heroku Addonpool Project | Injection vulnerability in Heroku-Addonpool Project Heroku-Addonpool heroku-addonpool through 0.1.15 is vulnerable to Command Injection. | 7.5 |
2020-04-06 | CVE-2020-7633 | Apiconnect CLI Plugins Project | Injection vulnerability in Apiconnect-Cli-Plugins Project Apiconnect-Cli-Plugins apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument. | 7.5 |
2020-04-06 | CVE-2020-7632 | Node MPV Project | Injection vulnerability in Node-Mpv Project Node-Mpv node-mpv through 1.4.3 is vulnerable to Command Injection. | 7.5 |
2020-04-06 | CVE-2020-7631 | Diskusage NG Project | Injection vulnerability in Diskusage-Ng Project Diskusage-Ng 0.2.2/0.2.3/0.2.4 diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument. | 7.5 |
2020-04-09 | CVE-2020-10551 | Tencent | Improper Privilege Management vulnerability in Tencent Qqbrowser QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. | 7.2 |
2020-04-08 | CVE-2020-1989 | Paloaltonetworks | Improper Privilege Management vulnerability in Paloaltonetworks Globalprotect 5.0/5.0.4/5.1 An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system. | 7.2 |
2020-04-08 | CVE-2020-1988 | Paloaltonetworks | Unquoted Search Path or Element vulnerability in Paloaltonetworks Globalprotect An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges. | 7.2 |
2020-04-08 | CVE-2020-1984 | Paloaltonetworks | Improper Input Validation vulnerability in Paloaltonetworks Secdo Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. | 7.2 |
2020-04-08 | CVE-2020-10263 | MI | Improper Input Validation vulnerability in MI Xiaomi Xiaoai Speaker PRO Lx06 Firmware 1.52.4 An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. | 7.2 |
2020-04-08 | CVE-2020-10262 | MI | Improper Input Validation vulnerability in MI Xiaomi Xiaoai Speaker PRO Lx06 Firmware 1.58.10 An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. | 7.2 |
2020-04-08 | CVE-2018-21070 | Google Qualcomm | Improper Validation of Integrity Check Value vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x), O(8.0) devices (MSM8998 or SDM845 chipsets) software. | 7.2 |
2020-04-08 | CVE-2019-15789 | Canonical | Unspecified vulnerability in Canonical Microk8S Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container. | 7.2 |
2020-04-07 | CVE-2019-13559 | GE | Use of Hard-coded Credentials vulnerability in GE Mark VIE Controll System GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. | 7.2 |
2020-04-07 | CVE-2016-11034 | Improper Handling of Exceptional Conditions vulnerability in Google Android 5.0/5.1/6.0 An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. | 7.1 |
203 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-04-08 | CVE-2020-1618 | Juniper | Improper Authentication vulnerability in Juniper Junos On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. | 6.9 |
2020-04-06 | CVE-2020-11507 | Malwarebytes | Untrusted Search Path vulnerability in Malwarebytes Adwcleaner 8.0.3 An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded. | 6.9 |
2020-04-12 | CVE-2020-11706 | Provideserver | Cross-Site Request Forgery (CSRF) vulnerability in Provideserver Provide FTP Server 13.1 An issue was discovered in ProVide (formerly zFTPServer) through 13.1. | 6.8 |
2020-04-12 | CVE-2020-11701 | Provideserver | Cross-Site Request Forgery (CSRF) vulnerability in Provideserver Provide FTP Server 13.1 An issue was discovered in ProVide (formerly zFTPServer) through 13.1. | 6.8 |
2020-04-10 | CVE-2020-3952 | Vmware | Missing Authentication for Critical Function vulnerability in VMWare Vcenter Server 6.7 Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. | 6.8 |
2020-04-09 | CVE-2020-1895 | Integer Overflow or Wraparound vulnerability in Facebook Instagram A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. | 6.8 | |
2020-04-09 | CVE-2020-11553 | Castlerock | Cross-Site Request Forgery (CSRF) vulnerability in Castlerock Snmpc Online 12.10.10 An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. | 6.8 |
2020-04-08 | CVE-2018-21040 | Google Samsung | Use After Free vulnerability in Google Android 8.0/8.1/9.0 An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. | 6.8 |
2020-04-08 | CVE-2018-21086 | Race Condition vulnerability in Google Android An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. | 6.8 | |
2020-04-08 | CVE-2018-21085 | Use After Free vulnerability in Google Android An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. | 6.8 | |
2020-04-08 | CVE-2018-21084 | Use After Free vulnerability in Google Android An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.x) software. | 6.8 | |
2020-04-08 | CVE-2020-5736 | Amcrest | NULL Pointer Dereference vulnerability in Amcrest products Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777. | 6.8 |
2020-04-08 | CVE-2020-5549 | Plathome | Cross-Site Request Forgery (CSRF) vulnerability in Plathome products Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver. | 6.8 |
2020-04-08 | CVE-2020-11627 | Primekey | Cross-Site Request Forgery (CSRF) vulnerability in Primekey Ejbca 7.0.0 An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. | 6.8 |
2020-04-07 | CVE-2020-9286 | Fortinet | Incorrect Authorization vulnerability in Fortinet Fortiadc Firmware An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system. | 6.8 |
2020-04-07 | CVE-2020-11610 | Cross Domain Local Storage Project | Improper Input Validation vulnerability in Cross Domain Local Storage Project Cross Domain Local Storage An issue was discovered in xdLocalStorage through 2.0.5. | 6.8 |
2020-04-07 | CVE-2017-18647 | Race Condition vulnerability in Google Android 6.0/6.0.1/7.0 An issue was discovered on Samsung mobile devices with M(6,x) and N(7.0) software. | 6.8 | |
2020-04-07 | CVE-2020-7613 | Clamscan Project | Injection vulnerability in Clamscan Project Clamscan clamscan through 1.2.0 is vulnerable to Command Injection. | 6.8 |
2020-04-07 | CVE-2017-18692 | Google Qualcomm Samsung | Race Condition vulnerability in Google Android 6.0/7.0 An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (MSM8939, MSM8996, MSM8998, Exynos7580, Exynos8890, or Exynos8895 chipsets) software. | 6.8 |
2020-04-07 | CVE-2016-11030 | Race Condition vulnerability in Google Android An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (with Hrm sensor support) software. | 6.8 | |
2020-04-07 | CVE-2016-11052 | Improper Input Validation vulnerability in Google Android 5.0/5.1 An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. | 6.8 | |
2020-04-07 | CVE-2016-11045 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 5.0/5.1 An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. | 6.8 | |
2020-04-06 | CVE-2020-11102 | Qemu | Out-of-bounds Write vulnerability in Qemu 4.2.0 hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length. | 6.8 |
2020-04-06 | CVE-2020-10266 | Universal Robots | Insufficient Verification of Data Authenticity vulnerability in Universal-Robots Ur+ UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. | 6.8 |
2020-04-08 | CVE-2019-20636 | Linux Netapp | Out-of-bounds Write vulnerability in multiple products In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7. | 6.7 |
2020-04-12 | CVE-2020-11707 | Provideserver | Improper Input Validation vulnerability in Provideserver Provide FTP Server 13.1 An issue was discovered in ProVide (formerly zFTPServer) through 13.1. | 6.5 |
2020-04-10 | CVE-2020-6765 | Dlink | OS Command Injection vulnerability in Dlink Dsl-Gs225 Firmware Au1.0.4 D-Link DSL-GS225 J1 AU_1.0.4 devices allow an admin to execute OS commands by placing shell metacharacters after a supported CLI command, as demonstrated by ping -c1 127.0.0.1; cat/etc/passwd. | 6.5 |
2020-04-10 | CVE-2020-4362 | IBM | Improper Privilege Management vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector. | 6.5 |
2020-04-09 | CVE-2020-8834 | Linux Canonical Opensuse | Race Condition vulnerability in multiple products KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. | 6.5 |
2020-04-09 | CVE-2020-7922 | Mongodb | Improper Certificate Validation vulnerability in Mongodb Enterprise Kubernetes Operator X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. | 6.5 |
2020-04-09 | CVE-2018-21034 | Argoproj | Information Exposure vulnerability in Argoproj Argo CD In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git. | 6.5 |
2020-04-09 | CVE-2020-9499 | Dahuasecurity | Classic Buffer Overflow vulnerability in Dahuasecurity products Some Dahua products have buffer overflow vulnerabilities. | 6.5 |
2020-04-09 | CVE-2020-10603 | Advantech | OS Command Injection vulnerability in Advantech Webaccess/Nms WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely. | 6.5 |
2020-04-08 | CVE-2020-11629 | Primekey | Unrestricted Upload of File with Dangerous Type vulnerability in Primekey Ejbca 7.0.0 An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. | 6.5 |
2020-04-07 | CVE-2019-13554 | GE | Incorrect Authorization vulnerability in GE Mark VIE Control System GE Mark VIe Controller has an unsecured Telnet protocol that may allow a user to create an authenticated session using generic default credentials. | 6.5 |
2020-04-07 | CVE-2020-11561 | Nchsoftware | Improper Privilege Management vulnerability in Nchsoftware Express Invoice 7.25 In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen. | 6.5 |
2020-04-07 | CVE-2017-18649 | Google Qualcomm | Improper Validation of Integrity Check Value vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) software. | 6.5 |
2020-04-07 | CVE-2020-2172 | Jenkins | XML Entity Expansion vulnerability in Jenkins Code Coverage API Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 6.5 |
2020-04-06 | CVE-2020-11544 | Projectworlds | Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds Official CAR Rental System 1.0 An issue was discovered in Project Worlds Official Car Rental System 1. | 6.5 |
2020-04-10 | CVE-2019-18375 | Broadcom | Unspecified vulnerability in Broadcom Advanced Secure Gateway and Symantec Proxysg The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. | 6.4 |
2020-04-09 | CVE-2020-10619 | Advantech | Path Traversal vulnerability in Advantech Webaccess/Nms An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control. | 6.4 |
2020-04-08 | CVE-2020-11604 | Out-of-bounds Read vulnerability in Google Android 10.0/9.0 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. | 6.4 | |
2020-04-08 | CVE-2018-21081 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) software. | 6.4 | |
2020-04-07 | CVE-2020-5302 | MH Wikibot Project | Improper Privilege Management vulnerability in Mh-Wikibot Project Mh-Wikibot MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in. | 6.4 |
2020-04-07 | CVE-2019-4391 | Hcltech | XXE vulnerability in Hcltech Appscan 9.0.3.13/9.0.3.14 HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data | 6.4 |
2020-04-07 | CVE-2017-18648 | Improper Input Validation vulnerability in Google Android An issue was discovered on Samsung mobile devices with KK(4.4.x), L(5.x), M(6.x), and N(7.x) software. | 6.4 | |
2020-04-07 | CVE-2016-11049 | Unspecified vulnerability in Google Android An issue was discovered on Samsung mobile devices with software through 2016-01-16 (Shannon333/308/310 chipsets). | 6.4 | |
2020-04-06 | CVE-2020-11580 | Pulsesecure | Improper Certificate Validation vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. | 6.4 |
2020-04-07 | CVE-2020-11515 | Rankmath | Open Redirect vulnerability in Rankmath SEO The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. | 6.1 |
2020-04-07 | CVE-2020-2174 | Jenkins | Cross-site Scripting vulnerability in Jenkins Awseb Deployment Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability. | 6.1 |
2020-04-06 | CVE-2020-11565 | Linux Canonical | Out-of-bounds Write vulnerability in multiple products An issue was discovered in the Linux kernel through 5.6.2. | 6.0 |
2020-04-10 | CVE-2015-9546 | Path Traversal vulnerability in Google Android 4.4 An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-06-16. | 5.8 | |
2020-04-08 | CVE-2020-1637 | Juniper | Improper Authentication vulnerability in Juniper Junos A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. | 5.8 |
2020-04-08 | CVE-2020-5550 | Plathome | Session Fixation vulnerability in Plathome products Session fixation vulnerability in EasyBlocks IPv6 Ver. | 5.8 |
2020-04-07 | CVE-2020-11611 | Cross Domain Local Storage Project | Open Redirect vulnerability in Cross Domain Local Storage Project Cross Domain Local Storage An issue was discovered in xdLocalStorage through 2.0.5. | 5.8 |
2020-04-07 | CVE-2015-9545 | Cross Domain Local Storage Project | Improper Input Validation vulnerability in Cross Domain Local Storage Project Cross Domain Local Storage An issue was discovered in xdLocalStorage through 2.0.5. | 5.8 |
2020-04-07 | CVE-2015-9544 | Cross Domain Local Storage Project | Improper Input Validation vulnerability in Cross Domain Local Storage Project Cross Domain Local Storage An issue was discovered in xdLocalStorage through 2.0.5. | 5.8 |
2020-04-07 | CVE-2017-18665 | NULL Pointer Dereference vulnerability in Google Android 6.0 An issue was discovered on Samsung mobile devices with M(6.0) software. | 5.8 | |
2020-04-06 | CVE-2020-10264 | Universal Robots | Missing Authentication for Critical Function vulnerability in Universal-Robots UR Software CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs. | 5.8 |
2020-04-09 | CVE-2020-11668 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. | 5.6 |
2020-04-10 | CVE-2020-8832 | Canonical Netapp | Information Exposure vulnerability in multiple products The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. | 5.5 |
2020-04-08 | CVE-2020-10977 | Gitlab | Path Traversal vulnerability in Gitlab GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects. | 5.5 |
2020-04-08 | CVE-2020-4290 | IBM | Authentication Bypass by Spoofing vulnerability in IBM Security Information Queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow any authenticated user to spoof the configuration owner of any other user which disclose sensitive information or allow for unauthorized access. | 5.5 |
2020-04-07 | CVE-2020-2176 | Jenkins | Cross-site Scripting vulnerability in Jenkins Usemango Runner Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4 and earlier do not escape values received from the useMango service, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to control the values returned from the useMango service. | 5.4 |
2020-04-07 | CVE-2020-2175 | Jenkins | Cross-site Scripting vulnerability in Jenkins Fitnesse Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control the XML input files processed by the plugin. | 5.4 |
2020-04-07 | CVE-2020-2173 | Jenkins | Cross-site Scripting vulnerability in Jenkins Gatling Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able to change report content. | 5.4 |
2020-04-06 | CVE-2020-1728 | Redhat Quarkus | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. | 5.4 |
2020-04-08 | CVE-2020-11576 | Argoproj | Information Exposure Through Discrepancy vulnerability in Argoproj Argo CD 1.5.0 Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise. | 5.3 |
2020-04-07 | CVE-2020-7618 | SDS Project | Unspecified vulnerability in SDS Project SDS sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'. | 5.3 |
2020-04-07 | CVE-2020-7616 | Express Mock Middleware Project | Unspecified vulnerability in Express-Mock-Middleware Project Express-Mock-Middleware 0.0.6 express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. | 5.3 |
2020-04-06 | CVE-2020-7639 | DOT Project | Unspecified vulnerability in DOT Project DOT 0.2.0/1.0.1 eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | 5.3 |
2020-04-06 | CVE-2020-7638 | Confinit Project | Unspecified vulnerability in Confinit Project Confinit 0.1.0/0.2.0/0.3.0 confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | 5.3 |
2020-04-06 | CVE-2020-7637 | Class Transformer Project | Unspecified vulnerability in Class-Transformer Project Class-Transformer class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. | 5.3 |
2020-04-12 | CVE-2020-11724 | Openresty Debian | HTTP Request Smuggling vulnerability in multiple products An issue was discovered in OpenResty before 1.15.8.4. | 5.0 |
2020-04-12 | CVE-2020-11713 | Wolfssl | Information Exposure Through Discrepancy vulnerability in Wolfssl 4.3.0 wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks. | 5.0 |
2020-04-12 | CVE-2020-11709 | CPP Httplib Project | Injection vulnerability in Cpp-Httplib Project Cpp-Httplib cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts. | 5.0 |
2020-04-12 | CVE-2020-11703 | Provideserver | Injection vulnerability in Provideserver Provide FTP Server 13.1 An issue was discovered in ProVide (formerly zFTPServer) through 13.1. | 5.0 |
2020-04-10 | CVE-2020-11694 | Jetbrains | Insufficiently Protected Credentials vulnerability in Jetbrains Pycharm 2019.2.5/2019.3 In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included. | 5.0 |
2020-04-09 | CVE-2020-10629 | Advantech | XXE vulnerability in Advantech Webaccess/Nms WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. | 5.0 |
2020-04-09 | CVE-2020-10617 | Advantech | SQL Injection vulnerability in Advantech Webaccess/Nms There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | 5.0 |
2020-04-09 | CVE-2020-11557 | Castlerock | Insufficiently Protected Credentials vulnerability in Castlerock Snmpc Online 12.10.10 An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. | 5.0 |
2020-04-09 | CVE-2020-11555 | Castlerock | Insufficiently Protected Credentials vulnerability in Castlerock Snmpc Online 12.10.10 An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. | 5.0 |
2020-04-09 | CVE-2020-11554 | Castlerock | Information Exposure vulnerability in Castlerock Snmpc Online 12.10.10 An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. | 5.0 |
2020-04-09 | CVE-2020-11655 | Sqlite Netapp Debian Canonical Oracle Siemens Tenable | Improper Initialization vulnerability in multiple products SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. | 5.0 |
2020-04-08 | CVE-2020-11650 | Ixsystems | Improper Authentication vulnerability in Ixsystems Freenas Firmware and Truenas Firmware An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. | 5.0 |
2020-04-08 | CVE-2019-20637 | Varnish Cache Varnish Software Opensuse | Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. | 5.0 |
2020-04-08 | CVE-2020-1638 | Juniper | Unspecified vulnerability in Juniper Junos and Junos OS Evolved The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and Junos OS Evolved may restart after processing a specific IPv4 packet. | 5.0 |
2020-04-08 | CVE-2020-1628 | Juniper | Unspecified vulnerability in Juniper Junos Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. | 5.0 |
2020-04-08 | CVE-2020-1627 | Juniper | Improper Input Validation vulnerability in Juniper Junos A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the riot forwarding daemon to crash. | 5.0 |
2020-04-08 | CVE-2020-1626 | Juniper | Resource Exhaustion vulnerability in Juniper Junos OS Evolved 18.3 A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process crash. | 5.0 |
2020-04-08 | CVE-2020-1616 | Juniper | Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper products Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. | 5.0 |
2020-04-08 | CVE-2020-1613 | Juniper | Unspecified vulnerability in Juniper Junos A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement. | 5.0 |
2020-04-08 | CVE-2020-10978 | Gitlab | Information Exposure vulnerability in Gitlab GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API. | 5.0 |
2020-04-08 | CVE-2020-10976 | Gitlab | Information Exposure vulnerability in Gitlab GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget. | 5.0 |
2020-04-08 | CVE-2018-21079 | Memory Leak vulnerability in Google Android An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), N(7.x), and O(8.0) software. | 5.0 | |
2020-04-08 | CVE-2018-21078 | Improper Input Validation vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software. | 5.0 | |
2020-04-08 | CVE-2018-21069 | Information Exposure vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) (MediaTek chipsets) software. | 5.0 | |
2020-04-08 | CVE-2018-21067 | Information Exposure vulnerability in Google Android 6.0 An issue was discovered on Samsung mobile devices with M(6.0) software. | 5.0 | |
2020-04-08 | CVE-2018-21060 | Information Exposure vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. | 5.0 | |
2020-04-08 | CVE-2018-21059 | Information Exposure vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. | 5.0 | |
2020-04-08 | CVE-2018-21047 | Missing Authorization vulnerability in Google Android 8.0/8.1 An issue was discovered on Samsung mobile devices with O(8.x) software. | 5.0 | |
2020-04-08 | CVE-2018-21041 | Missing Authentication for Critical Function vulnerability in Google Android 8.0/8.1 An issue was discovered on Samsung mobile devices with O(8.x) software. | 5.0 | |
2020-04-08 | CVE-2018-21039 | Incorrect Authorization vulnerability in Google Android 7.0 An issue was discovered on Samsung mobile devices with N(7.0) software. | 5.0 | |
2020-04-08 | CVE-2020-11607 | Unspecified vulnerability in Google Android 10.0/9.0 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. | 5.0 | |
2020-04-08 | CVE-2020-11605 | Information Exposure vulnerability in Google Android An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. | 5.0 | |
2020-04-08 | CVE-2018-21083 | Information Exposure vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos or Qualcomm chipsets) software. | 5.0 | |
2020-04-08 | CVE-2020-4289 | IBM | Information Exposure vulnerability in IBM Security Information Queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 5.0 |
2020-04-08 | CVE-2020-4284 | IBM | Information Exposure vulnerability in IBM Security Information Queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. | 5.0 |
2020-04-08 | CVE-2017-18643 | Information Exposure vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. | 5.0 | |
2020-04-08 | CVE-2020-11628 | Primekey | Incorrect Authorization vulnerability in Primekey Ejbca 7.0.0 An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. | 5.0 |
2020-04-08 | CVE-2020-10366 | Logicaldoc | Path Traversal vulnerability in Logicaldoc LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CVE-2020-9423 and CVE-2020-10365. | 5.0 |
2020-04-07 | CVE-2019-17657 | Fortinet | Resource Exhaustion vulnerability in Fortinet products An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks. | 5.0 |
2020-04-07 | CVE-2019-4393 | Hcltech | Improper Restriction of Excessive Authentication Attempts vulnerability in Hcltech Appscan 10.0.0/9.0.3.13/9.0.3.14 HCL AppScan Standard is vulnerable to excessive authorization attempts | 5.0 |
2020-04-07 | CVE-2017-18688 | Out-of-bounds Read vulnerability in Google Android 5.1/6.0/7.0 An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.0) software. | 5.0 | |
2020-04-07 | CVE-2017-18687 | Information Exposure vulnerability in Google Android An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. | 5.0 | |
2020-04-07 | CVE-2017-18686 | Information Exposure vulnerability in Google Android 6.0/7.0 An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) software. | 5.0 | |
2020-04-07 | CVE-2017-18678 | Improper Handling of Exceptional Conditions vulnerability in Google Android An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. | 5.0 | |
2020-04-07 | CVE-2017-18677 | Missing Authorization vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. | 5.0 | |
2020-04-07 | CVE-2017-18676 | Improper Input Validation vulnerability in Google Android 7.0 An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm chipsets) software. | 5.0 | |
2020-04-07 | CVE-2017-18675 | Google Samsung | Missing Release of Resource after Effective Lifetime vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) (Exynos7420 or Exynox8890 chipsets) software. | 5.0 |
2020-04-07 | CVE-2017-18671 | Improper Handling of Exceptional Conditions vulnerability in Google Android An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.x) software. | 5.0 | |
2020-04-07 | CVE-2017-18670 | Improper Handling of Exceptional Conditions vulnerability in Google Android An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. | 5.0 | |
2020-04-07 | CVE-2017-18669 | Incorrect Default Permissions vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) software. | 5.0 | |
2020-04-07 | CVE-2017-18668 | Incorrect Default Permissions vulnerability in Google Android 6.0 An issue was discovered on Samsung mobile devices with M(6.0) software. | 5.0 | |
2020-04-07 | CVE-2017-18667 | Improper Input Validation vulnerability in Google Android An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. | 5.0 | |
2020-04-07 | CVE-2017-18666 | Missing Authorization vulnerability in Google Android An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. | 5.0 | |
2020-04-07 | CVE-2017-18664 | NULL Pointer Dereference vulnerability in Google Android An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. | 5.0 | |
2020-04-07 | CVE-2017-18663 | Improper Handling of Exceptional Conditions vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) software. | 5.0 | |
2020-04-07 | CVE-2017-18662 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. | 5.0 | |
2020-04-07 | CVE-2017-18659 | Improper Handling of Exceptional Conditions vulnerability in Google Android An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. | 5.0 | |
2020-04-07 | CVE-2017-18658 | NULL Pointer Dereference vulnerability in Google Android 6.0 An issue was discovered on Samsung mobile devices with M(6.0) software. | 5.0 | |
2020-04-07 | CVE-2017-18657 | Improper Check for Unusual or Exceptional Conditions vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. | 5.0 | |
2020-04-07 | CVE-2017-18656 | Out-of-bounds Read vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. | 5.0 | |
2020-04-07 | CVE-2017-18654 | Improper Authentication vulnerability in Google Android 6.0/7.0/7.1 An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0, 7.1) software. | 5.0 | |
2020-04-07 | CVE-2017-18651 | Integer Overflow or Wraparound vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. | 5.0 | |
2020-04-07 | CVE-2017-18650 | Improper Check for Unusual or Exceptional Conditions vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) software. | 5.0 | |
2020-04-07 | CVE-2017-18694 | Google Samsung | Information Exposure vulnerability in Google Android An issue was discovered on Samsung mobile devices with software through 2016-10-25 (Exynos5 chipsets). | 5.0 |
2020-04-07 | CVE-2016-11032 | Improper Input Validation vulnerability in Google Android 6.0 An issue was discovered on Samsung mobile devices with M(6.0) software. | 5.0 | |
2020-04-07 | CVE-2016-11029 | Insufficiently Protected Credentials vulnerability in Google Android An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.0) software. | 5.0 | |
2020-04-07 | CVE-2016-11046 | Improper Input Validation vulnerability in Google Android An issue was discovered on Samsung mobile devices with JBP(4.3), KK(4.4), and L(5.0/5.1) software. | 5.0 | |
2020-04-07 | CVE-2016-11043 | Inadequate Encryption Strength vulnerability in Google Android 6.0 An issue was discovered on Samsung mobile devices with M(6.0) software. | 5.0 | |
2020-04-07 | CVE-2016-11042 | Improper Authentication vulnerability in Google Android 5.0/5.1/6.0 An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. | 5.0 | |
2020-04-06 | CVE-2020-11587 | Cipplanner | Information Exposure vulnerability in Cipplanner Cipace 6.80 An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. | 5.0 |
2020-04-06 | CVE-2020-11599 | Cipplanner | Information Exposure vulnerability in Cipplanner Cipace 6.80 An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. | 5.0 |
2020-04-06 | CVE-2020-11596 | Cipplanner | Path Traversal vulnerability in Cipplanner Cipace 6.80 A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. | 5.0 |
2020-04-06 | CVE-2020-11595 | Cipplanner | Information Exposure vulnerability in Cipplanner Cipace 6.80 An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. | 5.0 |
2020-04-06 | CVE-2020-11594 | Cipplanner | Information Exposure vulnerability in Cipplanner Cipace 6.80 An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. | 5.0 |
2020-04-06 | CVE-2020-11593 | Cipplanner | Injection vulnerability in Cipplanner Cipace 6.80 An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. | 5.0 |
2020-04-06 | CVE-2020-11592 | Cipplanner | Information Exposure vulnerability in Cipplanner Cipace 6.80 An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. | 5.0 |
2020-04-06 | CVE-2020-11591 | Cipplanner | Information Exposure vulnerability in Cipplanner Cipace 6.80 An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. | 5.0 |
2020-04-06 | CVE-2020-11590 | Cipplanner | Information Exposure vulnerability in Cipplanner Cipace 6.80 An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. | 5.0 |
2020-04-06 | CVE-2020-11589 | Cipplanner | Information Exposure vulnerability in Cipplanner Cipace 6.80 An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. | 5.0 |
2020-04-06 | CVE-2020-11588 | Cipplanner | Information Exposure vulnerability in Cipplanner Cipace 6.80 An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. | 5.0 |
2020-04-06 | CVE-2020-8004 | ST | Information Exposure vulnerability in ST Stm32F1 Firmware STMicroelectronics STM32F1 devices have Incorrect Access Control. | 5.0 |
2020-04-06 | CVE-2020-10267 | Universal Robots | Cleartext Storage of Sensitive Information vulnerability in Universal-Robots UR Software Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps). | 5.0 |
2020-04-08 | CVE-2020-1986 | Paloaltonetworks | Improper Input Validation vulnerability in Paloaltonetworks Secdo Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. | 4.9 |
2020-04-07 | CVE-2020-11609 | Linux Canonical | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. | 4.9 |
2020-04-07 | CVE-2017-18672 | Improper Handling of Exceptional Conditions vulnerability in Google Android An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.x) software. | 4.9 | |
2020-04-07 | CVE-2020-11608 | Linux Canonical | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in the Linux kernel before 5.6.1. | 4.9 |
2020-04-07 | CVE-2016-11035 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android An issue was discovered on Samsung mobile devices with software through 2016-05-27 (Exynos AP chipsets). | 4.9 | |
2020-04-08 | CVE-2020-1885 | Oculus | Improper Privilege Management vulnerability in Oculus Desktop Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file. | 4.6 |
2020-04-08 | CVE-2020-1619 | Juniper | Unspecified vulnerability in Juniper Junos A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host. | 4.6 |
2020-04-08 | CVE-2020-1985 | Paloaltonetworks | Incorrect Default Permissions vulnerability in Paloaltonetworks Secdo Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. | 4.6 |
2020-04-08 | CVE-2018-21061 | Incorrect Default Permissions vulnerability in Google Android 7.1/8.0/8.1 An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) software. | 4.6 | |
2020-04-08 | CVE-2018-21082 | Incorrect Authorization vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) software. | 4.6 | |
2020-04-07 | CVE-2020-7615 | FSA Project | OS Command Injection vulnerability in FSA Project FSA 0.5.1 fsa through 0.5.1 is vulnerable to Command Injection. | 4.6 |
2020-04-07 | CVE-2016-11047 | Out-of-bounds Write vulnerability in Google Android 4.2/4.4 An issue was discovered on Samsung mobile devices with JBP(4.2) and KK(4.4) (Marvell chipsets) software. | 4.6 | |
2020-04-07 | CVE-2016-11044 | Improper Verification of Cryptographic Signature vulnerability in Google Android 5.0/5.1/6.0 An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (with Fingerprint support) software. | 4.6 | |
2020-04-07 | CVE-2020-8096 | Bitdefender | Untrusted Search Path vulnerability in Bitdefender Antimalware Software Development KIT Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. | 4.6 |
2020-04-06 | CVE-2020-5832 | Symantec | Improper Privilege Management vulnerability in Symantec Data Center Security 6.8.1 Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 4.6 |
2020-04-12 | CVE-2020-11721 | Libsixel Project | Access of Uninitialized Pointer vulnerability in Libsixel Project Libsixel 1.8.6 load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service. | 4.3 |
2020-04-12 | CVE-2020-11712 | Open Upload Project | Cross-site Scripting vulnerability in Open Upload Project Open Upload Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field. | 4.3 |
2020-04-12 | CVE-2020-11704 | Provideserver | Cross-site Scripting vulnerability in Provideserver Provide FTP Server 13.1 An issue was discovered in ProVide (formerly zFTPServer) through 13.1. | 4.3 |
2020-04-12 | CVE-2020-11702 | Provideserver | Cross-site Scripting vulnerability in Provideserver Provide FTP Server 13.1 An issue was discovered in ProVide (formerly zFTPServer) through 13.1. | 4.3 |
2020-04-10 | CVE-2020-5303 | Tendermint | Out-of-bounds Write vulnerability in Tendermint Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. | 4.3 |
2020-04-10 | CVE-2020-1801 | Huawei | Information Exposure vulnerability in Huawei Mate 30 Firmware and Mate 30 PRO Firmware There is an improper authentication vulnerability in several smartphones. | 4.3 |
2020-04-10 | CVE-2019-18376 | Symantec | Missing Encryption of Sensitive Data vulnerability in Symantec Management Center 2.2/2.3/2.4 A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC. | 4.3 |
2020-04-08 | CVE-2020-1634 | Juniper | Unspecified vulnerability in Juniper Junos 12.3X48 On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. | 4.3 |
2020-04-08 | CVE-2020-1629 | Juniper | Race Condition vulnerability in Juniper Junos A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. | 4.3 |
2020-04-08 | CVE-2020-10814 | Codeblocks | Classic Buffer Overflow vulnerability in Codeblocks Code::Blocks 17.12 A buffer overflow vulnerability in Code::Blocks 17.12 allows an attacker to execute arbitrary code via a crafted project file. | 4.3 |
2020-04-08 | CVE-2020-11000 | Greenbrowser Project | Unspecified vulnerability in Greenbrowser Project Greenbrowser 1.1 GreenBrowser before version 1.2 has a vulnerability where apps that rely on URL Parsing to verify that a given URL is pointing to a trust server may be susceptible to many different ways to get URL parsing and verification wrong, which allows an attacker to circumvent the access control. | 4.3 |
2020-04-08 | CVE-2020-4291 | IBM | Session Fixation vulnerability in IBM Security Information Queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. | 4.3 |
2020-04-08 | CVE-2020-10633 | HMS Networks | Cross-site Scripting vulnerability in Hms-Networks Ewon Cosy Firmware and Ewon Flexy Firmware A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0). | 4.3 |
2020-04-08 | CVE-2020-11626 | Primekey | Cross-site Scripting vulnerability in Primekey Ejbca 7.0.0 An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. | 4.3 |
2020-04-07 | CVE-2020-11509 | Wpleadplus | Cross-site Scripting vulnerability in Wpleadplus WP Lead Plus X An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page). | 4.3 |
2020-04-07 | CVE-2017-18689 | Google Samsung | Improper Validation of Integrity Check Value vulnerability in Google Android 6.0/7.0 An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos5433, Exynos7420, or Exynos7870 chipsets) software. | 4.3 |
2020-04-07 | CVE-2020-5734 | Solarwinds | Classic Buffer Overflow vulnerability in Solarwinds Dameware 12.1 Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated attacker to cause a denial of service by sending a large 'SigPubkeyLen' during ECDH key exchange. | 4.3 |
2020-04-07 | CVE-2020-6171 | Communilink | Cross-site Scripting vulnerability in Communilink Clink Office 2.0 A cross-site scripting (XSS) vulnerability in the index page of the CLink Office 2.0 management console allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 4.3 |
2020-04-10 | CVE-2020-5406 | Vmware | Insufficiently Protected Credentials vulnerability in VMWare Tanzu Application Service FOR VMS VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password. | 4.0 |
2020-04-09 | CVE-2020-5263 | Auth0 | Insufficiently Protected Credentials vulnerability in Auth0 Auth0.Js auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. | 4.0 |
2020-04-09 | CVE-2020-9500 | Dahuasecurity | Improper Input Validation vulnerability in Dahuasecurity products Some products of Dahua have Denial of Service vulnerabilities. | 4.0 |
2020-04-09 | CVE-2020-10623 | Advantech | SQL Injection vulnerability in Advantech Webaccess/Nms Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information. | 4.0 |
2020-04-08 | CVE-2020-10981 | Gitlab | Improper Input Validation vulnerability in Gitlab GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project. | 4.0 |
2020-04-08 | CVE-2020-10979 | Gitlab | Information Exposure vulnerability in Gitlab GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users. | 4.0 |
2020-04-08 | CVE-2020-10975 | Gitlab | Information Exposure vulnerability in Gitlab GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page. | 4.0 |
2020-04-08 | CVE-2020-4282 | IBM | Improper Authentication vulnerability in IBM Security Information Queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow an authenticated user to perform unauthorized actions by bypassing illegal character restrictions. | 4.0 |
2020-04-08 | CVE-2020-4164 | IBM | Information Exposure vulnerability in IBM Security Information Queue IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system. | 4.0 |
2020-04-08 | CVE-2019-4603 | IBM | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Rational Quality Manager 6.0.2/6.0.6/6.0.6.1 IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user. | 4.0 |
2020-04-08 | CVE-2019-4601 | IBM | Information Exposure Through an Error Message vulnerability in IBM Rational Quality Manager 6.0.2/6.0.6/6.0.6.1 IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to obtain sensitive information from a stack trace that could aid in further attacks against the system. | 4.0 |
2020-04-08 | CVE-2020-11631 | Primekey | Improper Input Validation vulnerability in Primekey Ejbca 7.0.0 An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. | 4.0 |
2020-04-07 | CVE-2020-9514 | Idxbroker | Improper Authentication vulnerability in Idxbroker Impress for IDX Broker An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. | 4.0 |
2020-04-07 | CVE-2017-18653 | Unspecified vulnerability in Google Android An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. | 4.0 | |
2020-04-06 | CVE-2020-11585 | Dnnsoftware | Information Exposure vulnerability in Dnnsoftware Dotnetnuke 9.5.0 There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. | 4.0 |
55 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-04-08 | CVE-2020-1991 | Paloaltonetworks | Improper Privilege Management vulnerability in Paloaltonetworks Traps An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. | 3.6 |
2020-04-07 | CVE-2017-18680 | Improper Input Validation vulnerability in Google Android 5.0/5.1/6.0 An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (tablets) software. | 3.6 | |
2020-04-12 | CVE-2020-11714 | Etentech | Cross-site Scripting vulnerability in Etentech Psg-6528Vm Firmware 1.1 eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Location. | 3.5 |
2020-04-10 | CVE-2020-9056 | Periscopeholdings | Cross-site Scripting vulnerability in Periscopeholdings Buyspeed 14.5 Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to store arbitrary JavaScript within the application. | 3.5 |
2020-04-09 | CVE-2020-11556 | Castlerock | Cross-site Scripting vulnerability in Castlerock Snmpc Online 12.10.10 An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. | 3.5 |
2020-04-08 | CVE-2020-4252 | IBM | Cross-site Scripting vulnerability in IBM products IBM DOORS Next Generation (DNG/RRC) 6.0.2. | 3.5 |
2020-04-08 | CVE-2019-4746 | IBM | Cross-site Scripting vulnerability in IBM products IBM DOORS Next Generation (DNG/RRC) 6.0.2. | 3.5 |
2020-04-08 | CVE-2019-4740 | IBM | Cross-site Scripting vulnerability in IBM products IBM DOORS Next Generation (DNG/RRC) 6.0.2. | 3.5 |
2020-04-08 | CVE-2019-4737 | IBM | Cross-site Scripting vulnerability in IBM products IBM DOORS Next Generation (DNG/RRC) 6.0.2. | 3.5 |
2020-04-08 | CVE-2019-4602 | IBM | Cross-site Scripting vulnerability in IBM Rational Quality Manager 6.0.2/6.0.6/6.0.6.1 IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 is vulnerable to cross-site scripting. | 3.5 |
2020-04-07 | CVE-2020-6647 | Fortinet | Cross-site Scripting vulnerability in Fortinet Fortiadc Firmware An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. | 3.5 |
2020-04-07 | CVE-2020-11508 | Wpleadplus | Cross-site Scripting vulnerability in Wpleadplus WP Lead Plus X An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action. | 3.5 |
2020-04-07 | CVE-2020-11516 | Contact Form 7 Datepicker Project | Cross-site Scripting vulnerability in Contact-Form-7-Datepicker Project Contact-Form-7-Datepicker 2.6.0 Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wp_ajax_cf7dp_save_settings AJAX action and the ui_theme parameter. | 3.5 |
2020-04-07 | CVE-2020-11512 | Idxbroker | Cross-site Scripting vulnerability in Idxbroker Impress FOR IDX Broker Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal (subscriber-level) permissions to save arbitrary JavaScript in the plugin's settings panel via the idx_update_recaptcha_key AJAX action and a crafted idx_recaptcha_site_key parameter, which would then be executed in the browser of any administrator visiting the panel. | 3.5 |
2020-04-07 | CVE-2017-18695 | Insufficiently Protected Credentials vulnerability in Google Android An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. | 3.5 | |
2020-04-06 | CVE-2020-5300 | ORY | Authentication Bypass by Capture-replay vulnerability in ORY Hydra In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the token, which can be used to prevent reuse of the token. | 3.5 |
2020-04-09 | CVE-2020-1633 | Juniper | Unspecified vulnerability in Juniper Junos Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry. | 3.3 |
2020-04-08 | CVE-2020-1625 | Juniper | Memory Leak vulnerability in Juniper Junos The kernel memory usage represented as "temp" via 'show system virtual-memory' may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces, and one interface flaps. | 3.3 |
2020-04-08 | CVE-2018-21092 | Improper Input Validation vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. | 3.3 | |
2020-04-06 | CVE-2020-11582 | Pulsesecure | Exposure of Resource to Wrong Sphere vulnerability in Pulsesecure Pulse Connect Secure 7.1/7.4 An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. | 3.3 |
2020-04-08 | CVE-2020-2732 | Redhat | Information Exposure vulnerability in Redhat Enterprise Linux 7.0/8.0 A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. | 2.3 |
2020-04-10 | CVE-2020-11669 | Linux Opensuse Redhat | An issue was discovered in the Linux kernel before 5.2 on the powerpc platform. | 2.1 |
2020-04-10 | CVE-2020-1802 | Huawei | Improper Validation of Integrity Check Value vulnerability in Huawei products There is an insufficient integrity validation vulnerability in several products. | 2.1 |
2020-04-08 | CVE-2020-1630 | Juniper | Unspecified vulnerability in Juniper Junos A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. | 2.1 |
2020-04-08 | CVE-2020-1624 | Juniper | Information Exposure Through Log Files vulnerability in Juniper Junos OS Evolved 18.3/19.1 A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files. | 2.1 |
2020-04-08 | CVE-2020-1623 | Juniper | Information Exposure Through Log Files vulnerability in Juniper Junos OS Evolved 18.3/19.1/19.2 A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file. | 2.1 |
2020-04-08 | CVE-2020-1622 | Juniper | Information Exposure Through Log Files vulnerability in Juniper Junos OS Evolved 18.3/19.1 A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore. | 2.1 |
2020-04-08 | CVE-2020-1621 | Juniper | Information Exposure Through Log Files vulnerability in Juniper Junos OS Evolved A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces. | 2.1 |
2020-04-08 | CVE-2020-1620 | Juniper | Information Exposure Through Log Files vulnerability in Juniper Junos OS Evolved A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. | 2.1 |
2020-04-08 | CVE-2020-1987 | Paloaltonetworks | Information Exposure Through Log Files vulnerability in Paloaltonetworks Globalprotect An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". | 2.1 |
2020-04-08 | CVE-2018-21080 | Inadequate Encryption Strength vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) software. | 2.1 | |
2020-04-08 | CVE-2018-21077 | Information Exposure vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. | 2.1 | |
2020-04-08 | CVE-2018-21076 | Google Samsung | Information Exposure vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software. | 2.1 |
2020-04-08 | CVE-2018-21074 | Information Exposure vulnerability in Google Android 6.0/6.0.1 An issue was discovered on Samsung mobile devices with M(6.x) (Exynos or Qualcomm chipsets) software. | 2.1 | |
2020-04-08 | CVE-2018-21073 | Google Samsung | Information Exposure vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). | 2.1 |
2020-04-08 | CVE-2018-21068 | Improper Input Validation vulnerability in Google Android 8.0 An issue was discovered on Samsung mobile devices with O(8.0) software. | 2.1 | |
2020-04-08 | CVE-2018-21062 | Improper Authentication vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. | 2.1 | |
2020-04-08 | CVE-2018-21056 | Information Exposure vulnerability in Google Android 8.0/8.1 An issue was discovered on Samsung mobile devices with O(8.x) software. | 2.1 | |
2020-04-08 | CVE-2018-21053 | Information Exposure vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. | 2.1 | |
2020-04-08 | CVE-2018-21048 | Information Exposure vulnerability in Google Android 8.0/8.1 An issue was discovered on Samsung mobile devices with O(8.x) software. | 2.1 | |
2020-04-08 | CVE-2018-21046 | Missing Authorization vulnerability in Google Android 8.0/8.1 An issue was discovered on Samsung mobile devices with O(8.x) software. | 2.1 | |
2020-04-08 | CVE-2018-21045 | Information Exposure vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. | 2.1 | |
2020-04-08 | CVE-2018-21043 | Google Samsung | Information Exposure vulnerability in Google Android 8.0/8.1/9.0 An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. | 2.1 |
2020-04-08 | CVE-2020-11606 | Information Exposure vulnerability in Google Android 10.0 An issue was discovered on Samsung mobile devices with Q(10.0) software. | 2.1 | |
2020-04-08 | CVE-2020-11602 | Information Exposure vulnerability in Google Android 10.0/9.0 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. | 2.1 | |
2020-04-08 | CVE-2020-11601 | Missing Authorization vulnerability in Google Android 10.0/9.0 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. | 2.1 | |
2020-04-08 | CVE-2017-18646 | Improper Authentication vulnerability in Google Android An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. | 2.1 | |
2020-04-07 | CVE-2017-18673 | Improper Input Validation vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.x) software. | 2.1 | |
2020-04-07 | CVE-2016-11040 | Improper Input Validation vulnerability in Google Android 5.0/5.1 An issue was discovered on Samsung mobile devices with L(5.0/5.1) (with USB OTG MyFile2014_L_ESS support) software. | 2.1 | |
2020-04-07 | CVE-2016-11027 | Information Exposure vulnerability in Google Android 6.0 An issue was discovered on Samsung mobile devices with M(6.0) software. | 2.1 | |
2020-04-07 | CVE-2016-11053 | Improper Input Validation vulnerability in Google Android An issue was discovered on Samsung mobile devices with software through 2015-11-11 (supporting FRP/RL). | 2.1 | |
2020-04-07 | CVE-2016-11050 | Samsung | Unspecified vulnerability in Samsung products An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software. | 2.1 |
2020-04-07 | CVE-2016-11048 | Improper Input Validation vulnerability in Google Android 5.0/5.1 An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) software. | 2.1 | |
2020-04-07 | CVE-2016-11041 | Improper Authentication vulnerability in Google Android 4.4 An issue was discovered on Samsung mobile devices with KK(4.4) software. | 2.1 | |
2020-04-08 | CVE-2020-1978 | Paloaltonetworks | Insufficiently Protected Credentials vulnerability in Paloaltonetworks Pan-Os and Vm-Series TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. | 1.9 |