Weekly Vulnerabilities Reports > April 13 to 19, 2020
Overview
870 new vulnerabilities reported during this period, including 92 critical vulnerabilities and 378 high severity vulnerabilities. This weekly summary report vulnerabilities in 655 products from 114 vendors including Oracle, Netgear, Microsoft, Fedoraproject, and Opensuse. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Command Injection", "Classic Buffer Overflow", and "Out-of-bounds Read".
- 581 reported vulnerabilities are remotely exploitables.
- 190 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 429 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 229 reported vulnerabilities.
- Qualcomm has the most reported critical vulnerabilities, with 21 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
92 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-04-19 | CVE-2019-20786 | Pion | Improper Authentication vulnerability in Pion Dtls handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion. | 9.8 |
2020-04-17 | CVE-2020-0073 | Out-of-bounds Write vulnerability in Google Android In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. | 9.8 | |
2020-04-17 | CVE-2020-0072 | Out-of-bounds Write vulnerability in Google Android In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. | 9.8 | |
2020-04-17 | CVE-2020-0071 | Out-of-bounds Write vulnerability in Google Android In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. | 9.8 | |
2020-04-17 | CVE-2020-0070 | Out-of-bounds Write vulnerability in Google Android In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. | 9.8 | |
2020-04-17 | CVE-2019-6203 | Apple | Unspecified vulnerability in Apple mac OS X A logic issue was addressed with improved state management. | 9.8 |
2020-04-17 | CVE-2020-11878 | Jitsi | Use of Hard-coded Credentials vulnerability in Jitsi Meet The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts. | 9.8 |
2020-04-17 | CVE-2020-11873 | Out-of-bounds Write vulnerability in Google Android An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. | 9.8 | |
2020-04-17 | CVE-2019-20782 | Classic Buffer Overflow vulnerability in Google Android An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. | 9.8 | |
2020-04-17 | CVE-2019-20780 | Uncontrolled Search Path Element vulnerability in Google Android An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. | 9.8 | |
2020-04-17 | CVE-2019-20778 | Improper Input Validation vulnerability in Google Android An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. | 9.8 | |
2020-04-17 | CVE-2019-20777 | Unspecified vulnerability in Google Android An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. | 9.8 | |
2020-04-17 | CVE-2019-20772 | Unspecified vulnerability in Google Android An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. | 9.8 | |
2020-04-17 | CVE-2019-12002 | HPE | Unspecified vulnerability in HPE products A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier. | 9.8 |
2020-04-17 | CVE-2020-10377 | Mitel | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mitel Mivoice Connect and Mivoice Connect Client A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. | 9.8 |
2020-04-17 | CVE-2020-10211 | Mitel | Improper Input Validation vulnerability in Mitel Mivoice Connect and Mivoice Connect Client A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters. | 9.8 |
2020-04-16 | CVE-2019-20730 | Netgear | SQL Injection vulnerability in Netgear products Certain NETGEAR devices are affected by SQL injection. | 9.8 |
2020-04-16 | CVE-2020-7485 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Tristation 1131 **VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine. | 9.8 |
2020-04-16 | CVE-2020-7224 | Aviatrix | Unspecified vulnerability in Aviatrix Openvpn The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load. | 9.8 |
2020-04-16 | CVE-2020-7114 | Arubanetworks | Missing Authentication for Critical Function vulnerability in Arubanetworks Clearpass A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to certain databases in ClearPass by crafting HTTP packets. | 9.8 |
2020-04-16 | CVE-2020-1964 | Apache | Deserialization of Untrusted Data vulnerability in Apache Heron 0.20.0Incubating/0.20.1Incubating/0.20.2Incubating It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data). | 9.8 |
2020-04-16 | CVE-2020-11820 | Rukovoditel | SQL Injection vulnerability in Rukovoditel 2.5.2 Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter. | 9.8 |
2020-04-16 | CVE-2020-11819 | Rukovoditel | Path Traversal vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution. | 9.8 |
2020-04-16 | CVE-2020-11816 | Rukovoditel | SQL Injection vulnerability in Rukovoditel 2.5.2 Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter. | 9.8 |
2020-04-16 | CVE-2020-11815 | Rukovoditel | Unrestricted Upload of File with Dangerous Type vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. | 9.8 |
2020-04-16 | CVE-2020-11812 | Rukovoditel | SQL Injection vulnerability in Rukovoditel 2.5.2 Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter. | 9.8 |
2020-04-16 | CVE-2020-11811 | Qdpm | Unrestricted Upload of File with Dangerous Type vulnerability in Qdpm 9.1 In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. | 9.8 |
2020-04-16 | CVE-2019-20699 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. | 9.8 |
2020-04-16 | CVE-2019-14134 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible out of bound access in WLAN handler when the received value of length in rx path is shorter than the expected value of country IE in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, QCA8081, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130 | 9.8 |
2020-04-16 | CVE-2019-14132 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm Qcs605 Firmware, Sa6155P Firmware and Sm8150 Firmware Buffer over-write when this 0-byte buffer is typecasted to some other structure and hence memory corruption in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SA6155P, SM8150 | 9.8 |
2020-04-16 | CVE-2019-14131 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Out of bound write can occur in radio measurement request if STA receives multiple invalid rrm measurement request from AP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, MSM8998, Nicobar, QCA6574AU, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDM660, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 9.8 |
2020-04-16 | CVE-2019-14127 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow while playing mkv clip due to lack of validation of atom size buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 9.8 |
2020-04-16 | CVE-2019-14114 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Buffer overflow in WLAN firmware while parsing GTK IE containing GTK key having length more than the buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 9.8 |
2020-04-16 | CVE-2019-14113 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Buffer overflow can occur in In WLAN firmware while unwraping data using CCMP cipher suite during parsing of EAPOL handshake frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 9.8 |
2020-04-16 | CVE-2019-14112 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Potential buffer overflow while processing CBF frames due to lack of check of buffer length before copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ6018, IPQ8074, MSM8998, Nicobar, QCA8081, QCN7605, QCS404, QCS605, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 9.8 |
2020-04-16 | CVE-2019-14111 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow while handling NAN reception of NMF in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, Rennell, SC7180, SC8180X, SM6150, SM7150, SM8150, SXR2130 | 9.8 |
2020-04-16 | CVE-2019-14110 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Buffer overflow can occur in function wlan firmware while copying association frame content if frame length is more than the maximum buffer size in case of SAP mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 9.8 |
2020-04-16 | CVE-2019-10609 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Out of bound write can happen due to lack of check of array index value while calculating it. | 9.8 |
2020-04-16 | CVE-2019-10589 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Lack of length check of response buffer can lead to buffer over-flow while GP command response buffer handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8098, MDM9206, MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660 | 9.8 |
2020-04-16 | CVE-2019-10588 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overflow. | 9.8 |
2020-04-15 | CVE-2020-3250 | Cisco | Improper Privilege Management vulnerability in Cisco UCS Director and UCS Director Express for BIG Data Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. | 9.8 |
2020-04-15 | CVE-2020-3248 | Cisco | Path Traversal vulnerability in Cisco UCS Director and UCS Director Express for BIG Data Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. | 9.8 |
2020-04-15 | CVE-2020-3247 | Cisco | Path Traversal vulnerability in Cisco UCS Director and UCS Director Express for BIG Data Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. | 9.8 |
2020-04-15 | CVE-2020-3243 | Cisco | Improper Privilege Management vulnerability in Cisco UCS Director and UCS Director Express for BIG Data Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. | 9.8 |
2020-04-15 | CVE-2020-11658 | Broadcom | Authorization Bypass Through User-Controlled Key vulnerability in Broadcom CA API Developer Portal CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. | 9.8 |
2020-04-15 | CVE-2020-3161 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. | 9.8 |
2020-04-15 | CVE-2019-20679 | Netgear | Unspecified vulnerability in Netgear Mr1100 Firmware 12.05.05.00/12.06.03 NETGEAR MR1100 devices before 12.06.08.00 are affected by lack of access control at the function level. | 9.8 |
2020-04-15 | CVE-2019-12519 | Squid Cache Debian Canonical Opensuse | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Squid through 4.7. | 9.8 |
2020-04-15 | CVE-2020-6996 | Trianglemicroworks | Out-of-bounds Write vulnerability in Trianglemicroworks Dnp3 Source Code Library Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Protocol components and DNP3 Outstation ANSI C source code libraries are affected:3.16.00 through 3.25.01. | 9.8 |
2020-04-15 | CVE-2020-11799 | Z Cron | Improper Privilege Management vulnerability in Z-Cron 5.6 Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privileges by modifying a privileged user's task. | 9.8 |
2020-04-15 | CVE-2020-10611 | Trianglemicroworks | Type Confusion vulnerability in Trianglemicroworks Scada Data Gateway Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. | 9.8 |
2020-04-15 | CVE-2019-12524 | Squid Cache Debian Canonical | Missing Authentication for Critical Function vulnerability in multiple products An issue was discovered in Squid through 4.7. | 9.8 |
2020-04-15 | CVE-2020-11790 | Netgear | Unspecified vulnerability in Netgear R7800 Firmware NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers. | 9.8 |
2020-04-15 | CVE-2020-11789 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 9.8 |
2020-04-15 | CVE-2019-20646 | Netgear | Information Exposure vulnerability in Netgear Rax40 Firmware 1.0.3.62 NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials. | 9.8 |
2020-04-15 | CVE-2020-11729 | Davical Debian | Session Fixation vulnerability in multiple products An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. | 9.8 |
2020-04-15 | CVE-2020-11537 | Onlyoffice | SQL Injection vulnerability in Onlyoffice Document Server 5.5.0 A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. | 9.8 |
2020-04-15 | CVE-2020-11536 | Onlyoffice | Improper Input Validation vulnerability in Onlyoffice Document Server 5.5.0 An issue was discovered in ONLYOFFICE Document Server 5.5.0. | 9.8 |
2020-04-15 | CVE-2020-11535 | Onlyoffice | XML Injection (aka Blind XPath Injection) vulnerability in Onlyoffice Document Server 5.5.0 An issue was discovered in ONLYOFFICE Document Server 5.5.0. | 9.8 |
2020-04-15 | CVE-2020-11534 | Onlyoffice | Improper Input Validation vulnerability in Onlyoffice Document Server 5.5.0 An issue was discovered in ONLYOFFICE Document Server 5.5.0. | 9.8 |
2020-04-15 | CVE-2020-1026 | Microsoft | Improper Verification of Cryptographic Signature vulnerability in Microsoft Research Javascript Cryptography Library 1.4 A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to learn information about a server’s private ECC key (a key leakage attack) or craft an invalid ECDSA signature that nevertheless passes as valid.The security update addresses the vulnerability by fixing the bugs disclosed in the ECC implementation, aka 'MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability'. | 9.8 |
2020-04-15 | CVE-2020-2961 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 13.2.0.0/13.3.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (Oracle OHS)). | 9.8 |
2020-04-15 | CVE-2020-2953 | Oracle | Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 18.0 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). | 9.8 |
2020-04-15 | CVE-2020-2950 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). | 9.8 |
2020-04-15 | CVE-2020-2931 | Oracle | Unspecified vulnerability in Oracle Knowledge Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). | 9.8 |
2020-04-15 | CVE-2020-2915 | Oracle | Unspecified vulnerability in Oracle Coherence Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). | 9.8 |
2020-04-15 | CVE-2020-2884 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 9.8 |
2020-04-15 | CVE-2020-2883 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 9.8 |
2020-04-15 | CVE-2020-2801 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 9.8 |
2020-04-15 | CVE-2020-2791 | Oracle | Unspecified vulnerability in Oracle Knowledge 8.6.0/8.6.1/8.6.2 Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). | 9.8 |
2020-04-15 | CVE-2020-2733 | Oracle | Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). | 9.8 |
2020-04-15 | CVE-2020-10511 | Hgiga | OS Command Injection vulnerability in Hgiga Oaklouds Ccm@Il HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. | 9.8 |
2020-04-15 | CVE-2020-10507 | THE School Manage System Project | Unrestricted Upload of File with Dangerous Type vulnerability in the School Manage System Project the School Manage System The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting machine. | 9.8 |
2020-04-15 | CVE-2020-10505 | THE School Manage System Project | SQL Injection vulnerability in the School Manage System Project the School Manage System The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password. | 9.8 |
2020-04-14 | CVE-2020-6195 | SAP | Insufficiently Protected Credentials vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. | 9.8 |
2020-04-14 | CVE-2019-10939 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in TIM 3V-IE (incl. | 9.8 |
2020-04-14 | CVE-2020-10383 | Mbconnectline | Unspecified vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24 An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. | 9.8 |
2020-04-14 | CVE-2019-16879 | Mysyngeryss | Missing Authentication for Critical Function vulnerability in Mysyngeryss Husky RTU 6049-E70 Firmware The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function (CWE-306) vulnerability. | 9.8 |
2020-04-13 | CVE-2020-11673 | Total Soft | Missing Authentication for Critical Function vulnerability in Total-Soft Responsive Poll An issue was discovered in the Responsive Poll through 1.3.4 for Wordpress. | 9.8 |
2020-04-14 | CVE-2020-6238 | SAP | XXE vulnerability in SAP Commerce Cloud SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. | 9.3 |
2020-04-19 | CVE-2020-11895 | Libming | Out-of-bounds Read vulnerability in Libming 0.4.8 Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) in the function decompileIF() in decompile.c. | 9.1 |
2020-04-19 | CVE-2020-11894 | Libming | Out-of-bounds Read vulnerability in Libming 0.4.8 Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) in the function decompileIF() in decompile.c. | 9.1 |
2020-04-17 | CVE-2019-20783 | Unspecified vulnerability in Google Android An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (North America CDMA) software. | 9.1 | |
2020-04-16 | CVE-2020-3653 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over-read in windows wlan driver function due to lack of check of length of variable received from userspace in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180, SC8180X, SDM850 | 9.1 |
2020-04-16 | CVE-2020-3652 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over-read issue in windows x86 wlan driver function while processing beacon or request frame due to lack of check of length of variable received. | 9.1 |
2020-04-16 | CVE-2019-14033 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Multiple Read overflows issue due to improper length check while decoding tau reject/tau accept/detach request/attach reject/attach accept in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 9.1 |
2020-04-16 | CVE-2019-14020 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Multiple Read overflows issue due to improper length check while decoding dedicated_eps_bearer_req/ act_def_context_req/ cs_serv_notification/ emm_info/ guti_realloc_cmd in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 9.1 |
2020-04-16 | CVE-2019-14019 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Multiple Read overflows issue due to improper length check while decoding RAU accept/PDN disconnect Rej/Modify EPS ctxt req/bearer resource alloc Rej/Deact EPs bearer REq in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 9.1 |
2020-04-16 | CVE-2019-14011 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Multiple Read overflows issue due to improper length check while decoding 3G attach accept/ SMS/ pdn connection reject/ esm data transport/ bearer modify context reject in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 9.1 |
2020-04-16 | CVE-2019-10622 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Out of bound memory access can happen while parsing ADSP message due to lack of check of size of payload received from userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCN7605, QCS605, SC8180X, SDM710, SDX24, SDX55, SM8150, SM8250, SXR2130 | 9.1 |
2020-04-16 | CVE-2019-10610 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over read when trying to process SDP message Video media line with frame-size attribute in video Media line in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 9.1 |
2020-04-16 | CVE-2019-10551 | Qualcomm | Unspecified vulnerability in Qualcomm products String error while processing non standard SIP messages received can lead to buffer overread and then denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 9.1 |
378 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-04-17 | CVE-2020-7082 | Autodesk | Use After Free vulnerability in Autodesk FBX Software Development KIT A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to code execution on a system running it. | 8.8 |
2020-04-17 | CVE-2020-7081 | Autodesk | Type Confusion vulnerability in Autodesk FBX Software Development KIT A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it. | 8.8 |
2020-04-17 | CVE-2020-9523 | Microfocus | Insufficiently Protected Credentials vulnerability in Microfocus Enterprise Developer Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. | 8.8 |
2020-04-17 | CVE-2020-11793 | Wpewebkit Webkitgtk Canonical Fedoraproject Opensuse | Use After Free vulnerability in multiple products A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). | 8.8 |
2020-04-17 | CVE-2020-10947 | Sophos | Link Following vulnerability in Sophos products Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation. | 8.8 |
2020-04-16 | CVE-2019-20760 | Netgear | Unspecified vulnerability in Netgear R9000 Firmware NETGEAR R9000 devices before 1.0.4.26 are affected by authentication bypass. | 8.8 |
2020-04-16 | CVE-2019-20753 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-16 | CVE-2019-20739 | Netgear | Classic Buffer Overflow vulnerability in Netgear R8500 Firmware NETGEAR R8500 devices before v1.0.2.128 are affected by a buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-16 | CVE-2019-20734 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-16 | CVE-2020-2180 | Jenkins | Deserialization of Untrusted Data vulnerability in Jenkins Amazon web Services Serverless Application Model 1.2.2 Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |
2020-04-16 | CVE-2020-2179 | Jenkins | Deserialization of Untrusted Data vulnerability in Jenkins Yaml Axis Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | 8.8 |
2020-04-16 | CVE-2020-11825 | Dolibarr | Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr Erp/Crm 10.0.6 In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. | 8.8 |
2020-04-16 | CVE-2020-11818 | Rukovoditel | Cross-Site Request Forgery (CSRF) vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks. | 8.8 |
2020-04-16 | CVE-2019-20697 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-16 | CVE-2019-20691 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF. | 8.8 |
2020-04-16 | CVE-2019-20690 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 8.8 |
2020-04-16 | CVE-2019-20686 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-16 | CVE-2019-20685 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-16 | CVE-2019-20684 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-16 | CVE-2019-20683 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-16 | CVE-2019-20682 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-15 | CVE-2020-3251 | Cisco | Path Traversal vulnerability in Cisco UCS Director and UCS Director Express for BIG Data Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. | 8.8 |
2020-04-15 | CVE-2020-3239 | Cisco | Path Traversal vulnerability in Cisco UCS Director and UCS Director Express for BIG Data Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. | 8.8 |
2020-04-15 | CVE-2020-11666 | Broadcom | Unspecified vulnerability in Broadcom CA API Developer Portal CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges. | 8.8 |
2020-04-15 | CVE-2019-20681 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 8.8 |
2020-04-15 | CVE-2019-20656 | Netgear | Use of Hard-coded Credentials vulnerability in Netgear products Certain NETGEAR devices are affected by a hardcoded password. | 8.8 |
2020-04-15 | CVE-2020-11788 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 8.8 |
2020-04-15 | CVE-2019-20641 | Netgear | Unspecified vulnerability in Netgear Rax40 Firmware 1.0.3.62 NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access control at the function level. | 8.8 |
2020-04-15 | CVE-2019-20640 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-15 | CVE-2020-0578 | Intel | Unspecified vulnerability in Intel Compute Module Mfs2600Ki Firmware Improper conditions check for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 8.8 |
2020-04-15 | CVE-2020-0577 | Intel | Unspecified vulnerability in Intel Compute Module Mfs2600Ki Firmware Insufficient control flow for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 8.8 |
2020-04-15 | CVE-2020-4272 | IBM | Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. | 8.8 |
2020-04-15 | CVE-2020-1020 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. | 8.8 |
2020-04-15 | CVE-2020-0981 | Microsoft | Incorrect Authorization vulnerability in Microsoft Windows 10 and Windows Server 2016 A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.The update addresses the vulnerability by correcting how Windows handles token relationships, aka 'Windows Token Security Feature Bypass Vulnerability'. | 8.8 |
2020-04-15 | CVE-2020-0979 | Microsoft | Unspecified vulnerability in Microsoft Office 365 Proplus A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | 8.8 |
2020-04-15 | CVE-2020-0974 | Microsoft | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. | 8.8 |
2020-04-15 | CVE-2020-0971 | Microsoft | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. | 8.8 |
2020-04-15 | CVE-2020-0967 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11/9 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. | 8.8 |
2020-04-15 | CVE-2020-0966 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 11/9 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. | 8.8 |
2020-04-15 | CVE-2020-0964 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | 8.8 |
2020-04-15 | CVE-2020-0950 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. | 8.8 |
2020-04-15 | CVE-2020-0949 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. | 8.8 |
2020-04-15 | CVE-2020-0948 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. | 8.8 |
2020-04-15 | CVE-2020-0932 | Microsoft | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. | 8.8 |
2020-04-15 | CVE-2020-0931 | Microsoft | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. | 8.8 |
2020-04-15 | CVE-2020-0929 | Microsoft | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. | 8.8 |
2020-04-15 | CVE-2020-0920 | Microsoft | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. | 8.8 |
2020-04-15 | CVE-2020-0906 | Microsoft | Unspecified vulnerability in Microsoft Excel, Office and Office 365 Proplus A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | 8.8 |
2020-04-15 | CVE-2020-0760 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. | 8.8 |
2020-04-15 | CVE-2020-0687 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. | 8.8 |
2020-04-15 | CVE-2020-2944 | Oracle | Classic Buffer Overflow vulnerability in Oracle Solaris 10/11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). | 8.8 |
2020-04-15 | CVE-2020-2902 | Oracle Opensuse | Out-of-bounds Write vulnerability in multiple products Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 8.8 |
2020-04-15 | CVE-2020-11770 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 8.8 |
2020-04-15 | CVE-2019-2880 | Oracle | Unspecified vulnerability in Oracle Retail Store Inventory Management 16.0 Vulnerability in the Oracle Retail Store Inventory Management product of Oracle Retail Applications (component: Security). | 8.8 |
2020-04-15 | CVE-2020-10514 | Icatchinc | Command Injection vulnerability in Icatchinc DVR Firmware iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command. | 8.8 |
2020-04-15 | CVE-2020-10512 | Hgiga | SQL Injection vulnerability in Hgiga Oaklouds Ccm@Il HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands. | 8.8 |
2020-04-14 | CVE-2020-9384 | Subex | Authorization Bypass Through User-Controlled Key vulnerability in Subex ROC Partner Settlement 10.5 An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters. | 8.8 |
2020-04-14 | CVE-2020-6225 | SAP | Path Traversal vulnerability in SAP products SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal. | 8.8 |
2020-04-14 | CVE-2020-6219 | SAP | Deserialization of Untrusted Data vulnerability in SAP products SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data. | 8.8 |
2020-04-14 | CVE-2019-18822 | Eleveo | Improper Privilege Management vulnerability in Eleveo Call Recording 6.3.1 A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allows its user account (i.e., the account under which the program runs - by default, the callrec account) to elevate privileges to root by abusing the [email protected]. | 8.8 |
2020-04-14 | CVE-2020-10382 | Mbconnectline | Unspecified vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24 An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. | 8.8 |
2020-04-14 | CVE-2020-9004 | Wowza | Missing Authentication for Critical Function vulnerability in Wowza Streaming Engine A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality. | 8.8 |
2020-04-14 | CVE-2020-5739 | Grandstream | Code Injection vulnerability in Grandstream products Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. | 8.8 |
2020-04-14 | CVE-2020-5738 | Grandstream | Link Following vulnerability in Grandstream products Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface. | 8.8 |
2020-04-14 | CVE-2020-11741 | XEN Fedoraproject Debian Opensuse | Missing Initialization of Resource vulnerability in multiple products An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. | 8.8 |
2020-04-13 | CVE-2020-6455 | Google Debian Fedoraproject Opensuse | Out-of-bounds Read vulnerability in multiple products Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-04-13 | CVE-2020-6454 | Google Fedoraproject Debian Opensuse | Use After Free vulnerability in multiple products Use after free in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. | 8.8 |
2020-04-13 | CVE-2020-6452 | Google Fedoraproject Opensuse | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-04-13 | CVE-2020-6451 | Google Fedoraproject Opensuse | Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-04-13 | CVE-2020-6450 | Google Fedoraproject Opensuse | Use After Free vulnerability in multiple products Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-04-13 | CVE-2020-6448 | Google Fedoraproject Debian Opensuse | Use After Free vulnerability in multiple products Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-04-13 | CVE-2020-6447 | Google Debian Fedoraproject Opensuse | Out-of-bounds Write vulnerability in multiple products Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-04-13 | CVE-2020-6443 | Google Debian Fedoraproject Opensuse | Insufficient Verification of Data Authenticity vulnerability in multiple products Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page. | 8.8 |
2020-04-13 | CVE-2020-6439 | Google Debian Fedoraproject Opensuse | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. | 8.8 |
2020-04-13 | CVE-2020-6436 | Google Fedoraproject Debian Opensuse | Use After Free vulnerability in multiple products Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-04-13 | CVE-2020-6434 | Google Fedoraproject Debian Opensuse | Use After Free vulnerability in multiple products Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-04-13 | CVE-2020-6430 | Google Fedoraproject Debian Opensuse | Type Confusion vulnerability in multiple products Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-04-13 | CVE-2020-6423 | Google Fedoraproject Opensuse Debian | Use After Free vulnerability in multiple products Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2020-04-13 | CVE-2019-13916 | Cypress | Out-of-bounds Write vulnerability in Cypress Wiced Studio 6.2 An issue was discovered in Cypress (formerly Broadcom) WICED Studio 6.2 CYW20735B1 and CYW20819A1. | 8.8 |
2020-04-13 | CVE-2020-9478 | Rubrik | OS Command Injection vulnerability in Rubrik CDM 5.0.0/5.0.4/5.1.0 An issue was discovered in Rubrik 5.0.3-2296. | 8.8 |
2020-04-15 | CVE-2020-1632 | Juniper | Improper Handling of Exceptional Conditions vulnerability in Juniper Junos In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. | 8.6 |
2020-04-15 | CVE-2020-2959 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 8.6 |
2020-04-15 | CVE-2020-2838 | Oracle | Unspecified vulnerability in Oracle Customer Relationship Management Gateway for Mobile Devices 12.1.1/12.1.3 Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). | 8.6 |
2020-04-15 | CVE-2020-2776 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). | 8.6 |
2020-04-14 | CVE-2020-6235 | SAP | Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.2 SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to Missing Authentication. | 8.6 |
2020-04-15 | CVE-2020-2863 | Oracle | Unspecified vulnerability in Oracle Advanced Outbound Telephony 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). | 8.5 |
2020-04-15 | CVE-2020-0910 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. | 8.4 |
2020-04-15 | CVE-2020-2805 | Oracle Netapp Debian Fedoraproject Opensuse Canonical | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). | 8.3 |
2020-04-15 | CVE-2020-2803 | Oracle Netapp Debian Fedoraproject Opensuse Canonical | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). | 8.3 |
2020-04-15 | CVE-2020-2908 | Oracle Opensuse | Incorrect Conversion between Numeric Types vulnerability in multiple products Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 8.2 |
2020-04-15 | CVE-2020-2905 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 8.2 |
2020-04-15 | CVE-2020-2890 | Oracle | Unspecified vulnerability in Oracle Applications Framework Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). | 8.2 |
2020-04-15 | CVE-2020-2885 | Oracle | Unspecified vulnerability in Oracle Document Management and Collaboration Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite (component: Attachments). | 8.2 |
2020-04-15 | CVE-2020-2881 | Oracle | Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). | 8.2 |
2020-04-15 | CVE-2020-2880 | Oracle | Unspecified vulnerability in Oracle Learning Management Vulnerability in the Oracle Learning Management product of Oracle E-Business Suite (component: OTA Training Activities). | 8.2 |
2020-04-15 | CVE-2020-2879 | Oracle | Unspecified vulnerability in Oracle Scripting Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). | 8.2 |
2020-04-15 | CVE-2020-2878 | Oracle | Unspecified vulnerability in Oracle Isupport 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Mail). | 8.2 |
2020-04-15 | CVE-2020-2877 | Oracle | Unspecified vulnerability in Oracle Partner Management 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite (component: Attribute Admin Setup). | 8.2 |
2020-04-15 | CVE-2020-2876 | Oracle | Unspecified vulnerability in Oracle Marketing Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 8.2 |
2020-04-15 | CVE-2020-2874 | Oracle | Unspecified vulnerability in Oracle Email Center 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Customer Search). | 8.2 |
2020-04-15 | CVE-2020-2873 | Oracle | Unspecified vulnerability in Oracle Customer Interaction History Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). | 8.2 |
2020-04-15 | CVE-2020-2872 | Oracle | Unspecified vulnerability in Oracle Isupport 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Profile). | 8.2 |
2020-04-15 | CVE-2020-2871 | Oracle | Unspecified vulnerability in Oracle Advanced Outbound Telephony Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). | 8.2 |
2020-04-15 | CVE-2020-2870 | Oracle | Unspecified vulnerability in Oracle One-To-One Fulfillment Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). | 8.2 |
2020-04-15 | CVE-2020-2867 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 12.1.3.0.0/12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). | 8.2 |
2020-04-15 | CVE-2020-2861 | Oracle | Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 8.2 |
2020-04-15 | CVE-2020-2860 | Oracle | Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 8.2 |
2020-04-15 | CVE-2020-2858 | Oracle | Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 8.2 |
2020-04-15 | CVE-2020-2857 | Oracle | Unspecified vulnerability in Oracle Advanced Outbound Telephony 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). | 8.2 |
2020-04-15 | CVE-2020-2856 | Oracle | Unspecified vulnerability in Oracle Advanced Outbound Telephony 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). | 8.2 |
2020-04-15 | CVE-2020-2855 | Oracle | Unspecified vulnerability in Oracle Isupport 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Admin). | 8.2 |
2020-04-15 | CVE-2020-2854 | Oracle | Unspecified vulnerability in Oracle Advanced Outbound Telephony 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). | 8.2 |
2020-04-15 | CVE-2020-2852 | Oracle | Unspecified vulnerability in Oracle Advanced Outbound Telephony 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Calendar). | 8.2 |
2020-04-15 | CVE-2020-2850 | Oracle | Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). | 8.2 |
2020-04-15 | CVE-2020-2849 | Oracle | Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). | 8.2 |
2020-04-15 | CVE-2020-2848 | Oracle | Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). | 8.2 |
2020-04-15 | CVE-2020-2847 | Oracle | Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). | 8.2 |
2020-04-15 | CVE-2020-2846 | Oracle | Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). | 8.2 |
2020-04-15 | CVE-2020-2845 | Oracle | Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). | 8.2 |
2020-04-15 | CVE-2020-2844 | Oracle | Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). | 8.2 |
2020-04-15 | CVE-2020-2843 | Oracle | Unspecified vulnerability in Oracle Isupport 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Profile). | 8.2 |
2020-04-15 | CVE-2020-2842 | Oracle | Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). | 8.2 |
2020-04-15 | CVE-2020-2841 | Oracle | Unspecified vulnerability in Oracle Knowledge Management 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). | 8.2 |
2020-04-15 | CVE-2020-2840 | Oracle | Unspecified vulnerability in Oracle E-Business Intelligence 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). | 8.2 |
2020-04-15 | CVE-2020-2839 | Oracle | Unspecified vulnerability in Oracle Service Intelligence 12.1.1/12.1.3 Vulnerability in the Oracle Service Intelligence product of Oracle E-Business Suite (component: Internal Operations- Search). | 8.2 |
2020-04-15 | CVE-2020-2837 | Oracle | Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 8.2 |
2020-04-15 | CVE-2020-2836 | Oracle | Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 8.2 |
2020-04-15 | CVE-2020-2835 | Oracle | Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 8.2 |
2020-04-15 | CVE-2020-2834 | Oracle | Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 8.2 |
2020-04-15 | CVE-2020-2833 | Oracle | Unspecified vulnerability in Oracle Quoting 12.1.1/12.1.3 Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: Courseware). | 8.2 |
2020-04-15 | CVE-2020-2832 | Oracle | Unspecified vulnerability in Oracle One-To-One Fulfillment 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). | 8.2 |
2020-04-15 | CVE-2020-2831 | Oracle | Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 8.2 |
2020-04-15 | CVE-2020-2827 | Oracle | Unspecified vulnerability in Oracle One-To-One Fulfillment 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). | 8.2 |
2020-04-15 | CVE-2020-2826 | Oracle | Unspecified vulnerability in Oracle One-To-One Fulfillment 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). | 8.2 |
2020-04-15 | CVE-2020-2825 | Oracle | Unspecified vulnerability in Oracle One-To-One Fulfillment 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). | 8.2 |
2020-04-15 | CVE-2020-2824 | Oracle | Unspecified vulnerability in Oracle One-To-One Fulfillment 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). | 8.2 |
2020-04-15 | CVE-2020-2823 | Oracle | Unspecified vulnerability in Oracle Common Applications Calendar 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Notes). | 8.2 |
2020-04-15 | CVE-2020-2822 | Oracle | Unspecified vulnerability in Oracle Trade Management 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claims). | 8.2 |
2020-04-15 | CVE-2020-2821 | Oracle | Unspecified vulnerability in Oracle Trade Management Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Budget). | 8.2 |
2020-04-15 | CVE-2020-2820 | Oracle | Unspecified vulnerability in Oracle Common Applications Calendar Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Notes). | 8.2 |
2020-04-15 | CVE-2020-2819 | Oracle | Unspecified vulnerability in Oracle Universal Work Queue 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). | 8.2 |
2020-04-15 | CVE-2020-2818 | Oracle | Unspecified vulnerability in Oracle Universal Work Queue 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). | 8.2 |
2020-04-15 | CVE-2020-2817 | Oracle | Unspecified vulnerability in Oracle Scripting 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). | 8.2 |
2020-04-15 | CVE-2020-2815 | Oracle | Unspecified vulnerability in Oracle Isupport 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Profile). | 8.2 |
2020-04-15 | CVE-2020-2813 | Oracle | Unspecified vulnerability in Oracle Email Center Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: KB Search). | 8.2 |
2020-04-15 | CVE-2020-2809 | Oracle | Unspecified vulnerability in Oracle E-Business Intelligence 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). | 8.2 |
2020-04-15 | CVE-2020-2808 | Oracle | Unspecified vulnerability in Oracle E-Business Intelligence 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). | 8.2 |
2020-04-15 | CVE-2020-2807 | Oracle | Unspecified vulnerability in Oracle Marketing Encyclopedia System 12.1.1/12.1.3 Vulnerability in the Oracle Marketing Encyclopedia System product of Oracle E-Business Suite (component: Administration). | 8.2 |
2020-04-15 | CVE-2020-2796 | Oracle | Unspecified vulnerability in Oracle Email Center Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). | 8.2 |
2020-04-15 | CVE-2020-2794 | Oracle | Unspecified vulnerability in Oracle Email Center Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Email Address list and Message Display). | 8.2 |
2020-04-15 | CVE-2020-2758 | Oracle Opensuse | Use After Free vulnerability in multiple products Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 8.2 |
2020-04-15 | CVE-2020-2742 | Oracle Opensuse | Integer Overflow or Wraparound vulnerability in multiple products Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 8.2 |
2020-04-14 | CVE-2020-7800 | Mysyngeryss | Improper Check for Unusual or Exceptional Conditions vulnerability in Mysyngeryss Husky RTU 6049-E70 Firmware The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability. | 8.2 |
2020-04-17 | CVE-2020-11886 | Opennms | SQL Injection vulnerability in Opennms Horizon and Meridian OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm. | 8.1 |
2020-04-15 | CVE-2020-11661 | Broadcom | Unspecified vulnerability in Broadcom CA API Developer Portal CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data. | 8.1 |
2020-04-15 | CVE-2020-2956 | Oracle | Unspecified vulnerability in Oracle Human Resources Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). | 8.1 |
2020-04-15 | CVE-2020-2882 | Oracle | Unspecified vulnerability in Oracle Human Resources Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). | 8.1 |
2020-04-15 | CVE-2020-2746 | Oracle | Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1.0 Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. | 8.1 |
2020-04-14 | CVE-2020-11003 | Fraction | Cross-Site Request Forgery (CSRF) vulnerability in Fraction Oasis Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability. | 8.1 |
2020-04-14 | CVE-2019-11480 | Canonical | Insufficient Verification of Data Authenticity vulnerability in Canonical C-Kernel 20190716 The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment. | 8.1 |
2020-04-16 | CVE-2019-20761 | Netgear | Command Injection vulnerability in Netgear R7800 Firmware NETGEAR R7800 devices before 1.0.2.62 are affected by command injection by an authenticated user. | 8.0 |
2020-04-16 | CVE-2019-20758 | Netgear | Classic Buffer Overflow vulnerability in Netgear R7000 Firmware NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflow by an authenticated user. | 8.0 |
2020-04-16 | CVE-2019-20711 | Netgear | Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 8.0 |
2020-04-16 | CVE-2019-20710 | Netgear | Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 8.0 |
2020-04-16 | CVE-2019-20709 | Netgear | Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 8.0 |
2020-04-16 | CVE-2019-20708 | Netgear | Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 8.0 |
2020-04-16 | CVE-2019-20707 | Netgear | Command Injection vulnerability in Netgear R7800 Firmware and Xr500 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 8.0 |
2020-04-16 | CVE-2019-20706 | Netgear | Command Injection vulnerability in Netgear R7800 Firmware and Xr500 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 8.0 |
2020-04-16 | CVE-2019-20705 | Netgear | Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 8.0 |
2020-04-16 | CVE-2019-20704 | Netgear | Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 8.0 |
2020-04-16 | CVE-2019-20703 | Netgear | Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 8.0 |
2020-04-16 | CVE-2019-20702 | Netgear | Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 8.0 |
2020-04-16 | CVE-2019-20701 | Netgear | Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 8.0 |
2020-04-15 | CVE-2019-20680 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 8.0 |
2020-04-15 | CVE-2019-20657 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. | 8.0 |
2020-04-15 | CVE-2019-20642 | Netgear | Unspecified vulnerability in Netgear Rax40 Firmware 1.0.3.62 NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication bypass. | 8.0 |
2020-04-15 | CVE-2020-1022 | Microsoft | Unspecified vulnerability in Microsoft Dynamics 365 Business Central and Dynamics NAV A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'. | 8.0 |
2020-04-15 | CVE-2020-2735 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Java VM component of Oracle Database Server. | 8.0 |
2020-04-17 | CVE-2020-0082 | Deserialization of Untrusted Data vulnerability in Google Android 10.0 In ExternalVibration of ExternalVibration.java, there is a possible activation of an arbitrary intent due to unsafe deserialization. | 7.8 | |
2020-04-17 | CVE-2020-0081 | Google Fedoraproject | Double Free vulnerability in multiple products In finalize of AssetManager.java, there is possible memory corruption due to a double free. | 7.8 |
2020-04-17 | CVE-2020-0080 | Unspecified vulnerability in Google Android 10.0 In onOpActiveChanged and related methods of AppOpsControllerImpl.java, there is a possible way to display an app overlaying other apps without the notification icon that it's overlaying. | 7.8 | |
2020-04-17 | CVE-2020-0079 | Out-of-bounds Write vulnerability in Google Android 10.0/9.0 In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. | 7.8 | |
2020-04-17 | CVE-2020-0078 | Out-of-bounds Write vulnerability in Google Android 10.0/9.0 In releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2020-04-17 | CVE-2020-7085 | Autodesk | Out-of-bounds Write vulnerability in Autodesk FBX Software Development KIT A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution on a system running it. | 7.8 |
2020-04-17 | CVE-2020-7080 | Autodesk | Classic Buffer Overflow vulnerability in Autodesk FBX Software Development KIT A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it. | 7.8 |
2020-04-17 | CVE-2020-7079 | Autodesk | Untrusted Search Path vulnerability in Autodesk Dynamo BIM 2.5.0/2.5.1 An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files. | 7.8 |
2020-04-17 | CVE-2020-11875 | Improper Handling of Exceptional Conditions vulnerability in Google Android An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) software. | 7.8 | |
2020-04-17 | CVE-2019-20773 | Unspecified vulnerability in Google Android An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. | 7.8 | |
2020-04-17 | CVE-2019-20770 | Classic Buffer Overflow vulnerability in Google Android 9.0 An issue was discovered on LG mobile devices with Android OS 9.0 software. | 7.8 | |
2020-04-17 | CVE-2019-20769 | LG | Uncontrolled Search Path Element vulnerability in LG PC Suite 5.3.27 An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier). | 7.8 |
2020-04-16 | CVE-2019-14135 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible integer overflow to buffer overflow in WLAN while parsing nonstandard NAN IE messages. | 7.8 |
2020-04-16 | CVE-2019-14122 | Qualcomm | Improper Handling of Exceptional Conditions vulnerability in Qualcomm products Memory failure in SKB if it fails to to add the requested padding to the skb in low memory targets or targets with major memory fragmentation in Snapdragon Auto, Snapdragon Mobile in Saipan, SM8150, SM8250, SXR2130 | 7.8 |
2020-04-16 | CVE-2019-14116 | Qualcomm | Missing Authorization vulnerability in Qualcomm Ipq6018 Firmware Privilege escalation by using an altered debug policy image can occur as the XPU protecting the debug policy regions are disabled during the crash dump boot flow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018 | 7.8 |
2020-04-16 | CVE-2019-14105 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm Sda845 Firmware, Sdm845 Firmware and Sm8150 Firmware Kernel was reading the CSL defined reserved field as uint16 instead of uint32 which could lead to memory overflow in Snapdragon Industrial IOT, Snapdragon Mobile in SDA845, SDM845, SM8150 | 7.8 |
2020-04-16 | CVE-2019-14021 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overrun when processing EFS filename and payload sent over diag interface due to lack of check for filename length and payload size received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 7.8 |
2020-04-16 | CVE-2019-14018 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products Possible out of bound array access as there is no check on carrier index passed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 7.8 |
2020-04-16 | CVE-2019-14009 | Qualcomm | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Out of bound memory access while processing TZ command handler due to improper input validation on response length received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, MDM9150, MDM9607, MDM9650, MSM8905, MSM8909, MSM8998, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDM850, SXR2130 | 7.8 |
2020-04-16 | CVE-2019-14001 | Qualcomm | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Qualcomm products Wrong public key usage from existing oem_keystore for hash generation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, QM215, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20 | 7.8 |
2020-04-16 | CVE-2019-10624 | Qualcomm | Incorrect Conversion between Numeric Types vulnerability in Qualcomm products While handling the vendor command there is an integer truncation issue that could yield a buffer overflow due to int data type copied to u8 data type in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, MSM8996AU, QCA6574AU, QCN7605, Rennell, SC8180X, SDM710, SDX55, SM7150, SM8150, SM8250, SXR2130 | 7.8 |
2020-04-16 | CVE-2019-10621 | Qualcomm | Use After Free vulnerability in Qualcomm products Use after free issue when MAP and UNMAP calls at same time as data structure used my MAP may be freed by UNMAP function in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in Nicobar, QCS405, Rennell, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | 7.8 |
2020-04-16 | CVE-2019-10620 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Kernel memory error in debug module due to improper check of user data length before copying into memory in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, APQ8098, MSM8996AU, QCN7605, SDM439, SDX24, SM8150 | 7.8 |
2020-04-16 | CVE-2019-10575 | Qualcomm | Improper Verification of Cryptographic Signature vulnerability in Qualcomm Sda845 Firmware, Sdm845 Firmware and Sdm850 Firmware Wlan binary which is not signed with OEMs RoT is working on secure device without authentication failure in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in SDA845, SDM845, SDM850 | 7.8 |
2020-04-16 | CVE-2019-10556 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Missing length check before copying the data from kernel space to userspace through the copy function can lead to buffer overflow in some cases in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8909W, MSM8917, MSM8953, Nicobar, QCN7605, QCS405, QCS605, QM215, Rennell, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.8 |
2020-04-16 | CVE-2019-10547 | Qualcomm | Memory Leak vulnerability in Qualcomm products When issuing IOCTL calls to ION, Memory leak can occur due to failure in unassign pages under certain conditions in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDX24, SDX55, SM7150, SM8150, SM8250, SXR2130 | 7.8 |
2020-04-15 | CVE-2020-3194 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. | 7.8 |
2020-04-15 | CVE-2019-20655 | Netgear | Command Injection vulnerability in Netgear Xr500 Firmware and Xr700 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 7.8 |
2020-04-15 | CVE-2020-10639 | Eaton | Classic Buffer Overflow vulnerability in Eaton Hmisoft VU3 Firmware 3.00.23 Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. | 7.8 |
2020-04-15 | CVE-2020-0600 | Intel | Unspecified vulnerability in Intel products Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2020-04-15 | CVE-2020-0598 | Intel | Untrusted Search Path vulnerability in Intel Binary Configuration Tool Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2020-04-15 | CVE-2020-0557 | Intel | Incorrect Permission Assignment for Critical Resource vulnerability in Intel Proset/Wireless Wifi Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2020-04-15 | CVE-2020-0547 | Intel | Incorrect Default Permissions vulnerability in Intel Data Migration 3.3 Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2020-04-15 | CVE-2020-8948 | Sierrawireless | Link Following vulnerability in Sierrawireless Mobile Broadband Driver Package The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. | 7.8 |
2020-04-15 | CVE-2020-4270 | IBM | Incorrect Default Permissions vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. | 7.8 |
2020-04-15 | CVE-2020-1094 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-1029 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-1027 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-1019 | Microsoft | Unspecified vulnerability in Microsoft RMS Sharing An elevation of privilege vulnerability exists in RMS Sharing App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-1017 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-1015 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-1014 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-1011 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows System Assessment Tool improperly handles file operations, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-1009 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-1008 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-1006 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-1004 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-1003 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-1001 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-1000 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0999 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0996 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0995 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0994 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0992 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0991 | Microsoft | Unspecified vulnerability in Microsoft Office and Office 365 Proplus A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0988 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0985 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0984 | Microsoft | Improper Input Validation vulnerability in Microsoft Autoupdate An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka 'Microsoft (MAU) Office Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0983 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0980 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0965 | Microsoft | Unspecified vulnerability in Microsoft products A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0961 | Microsoft | Unspecified vulnerability in Microsoft Office and Office 365 Proplus A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0960 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0959 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0958 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0957 | Microsoft | Unspecified vulnerability in Microsoft Windows 7 and Windows Server 2008 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0956 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0953 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0944 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0940 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0938 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0934 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows WpcDesktopMonSvc improperly manages memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0919 | Microsoft | Unspecified vulnerability in Microsoft Remote Desktop An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0913 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0907 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0889 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0888 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0835 | Microsoft | Unspecified vulnerability in Microsoft Windows Defender An elevation of privilege vulnerability exists when Windows Defender antimalware platform improperly handles hard links, aka 'Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-0784 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. | 7.8 |
2020-04-15 | CVE-2020-2929 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 7.8 |
2020-04-15 | CVE-2020-2927 | Oracle | Unspecified vulnerability in Oracle Solaris 10/11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). | 7.8 |
2020-04-15 | CVE-2020-2851 | Oracle | Unspecified vulnerability in Oracle Solaris 10/11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). | 7.8 |
2020-04-15 | CVE-2020-10699 | Targetcli FB Project | Incorrect Permission Assignment for Critical Resource vulnerability in Targetcli-Fb Project Targetcli-Fb 2.1.50/2.1.51 A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable. | 7.8 |
2020-04-15 | CVE-2020-7250 | Mcafee | Link Following vulnerability in Mcafee Endpoint Security Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory. | 7.8 |
2020-04-15 | CVE-2020-7274 | Mcafee | Improper Privilege Management vulnerability in Mcafee Endpoint Security Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges). | 7.8 |
2020-04-15 | CVE-2020-7259 | Mcafee | Improper Privilege Management vulnerability in Mcafee Endpoint Security Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file | 7.8 |
2020-04-14 | CVE-2020-8327 | Lenovo | Improper Privilege Management vulnerability in Lenovo Vantage 10.2001.12.0/4.0.49.0 A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges. | 7.8 |
2020-04-14 | CVE-2020-8319 | Lenovo | Unspecified vulnerability in Lenovo System Interface Foundation 1.0.66.0/1.1.18.3 A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges. | 7.8 |
2020-04-14 | CVE-2020-8318 | Lenovo | Unspecified vulnerability in Lenovo System Interface Foundation A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges. | 7.8 |
2020-04-14 | CVE-2019-14326 | Andyroid | Incorrect Default Permissions vulnerability in Andyroid Andy OS 46.11.113 An issue was discovered in AndyOS Andy versions up to 46.11.113. | 7.8 |
2020-04-14 | CVE-2020-10384 | Mbconnectline | Improper Privilege Management vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24 An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. | 7.8 |
2020-04-14 | CVE-2020-11739 | XEN Fedoraproject Debian Opensuse | Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. | 7.8 |
2020-04-13 | CVE-2020-10646 | Fujielectric | Out-of-bounds Write vulnerability in Fujielectric V-Server 3.3.24.0/4.0.3.0 Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. | 7.8 |
2020-04-13 | CVE-2020-10642 | Rockwellautomation | Unspecified vulnerability in Rockwellautomation Rslinx Classic 4.1.00/4.11.00 In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic. | 7.8 |
2020-04-15 | CVE-2020-2802 | Oracle | Unspecified vulnerability in Oracle Graalvm 19.3.1/20.0.0 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). | 7.7 |
2020-04-17 | CVE-2020-11877 | Zoom | Use of Insufficiently Random Values vulnerability in Zoom Meetings 4.6.11 airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. | 7.5 |
2020-04-17 | CVE-2020-11876 | Zoom | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zoom Meetings 4.6.11 airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. | 7.5 |
2020-04-17 | CVE-2020-4277 | IBM | Information Exposure Through an Error Message vulnerability in IBM Tririga Application Platform 3.5.3/3.6.1.0 IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive information in error messages that could aid an attacker formulate future attacks. | 7.5 |
2020-04-17 | CVE-2020-11874 | Unspecified vulnerability in Google Android An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. | 7.5 | |
2020-04-17 | CVE-2019-20771 | Unspecified vulnerability in Google Android An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. | 7.5 | |
2020-04-17 | CVE-2020-10813 | Ftpdmin Project | Classic Buffer Overflow vulnerability in Ftpdmin Project Ftpdmin 0.96 A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to crash the server via a crafted packet. | 7.5 |
2020-04-17 | CVE-2020-11872 | Bluetrace | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Bluetrace Opentrace 1.0 The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs. | 7.5 |
2020-04-17 | CVE-2020-11868 | NTP Redhat Netapp Debian Opensuse | Origin Validation Error vulnerability in multiple products ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. | 7.5 |
2020-04-17 | CVE-2019-7306 | Byobu Canonical | Files or Directories Accessible to External Parties vulnerability in multiple products Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. | 7.5 |
2020-04-16 | CVE-2020-7486 | Schneider Electric | Resource Exhaustion vulnerability in Schneider-Electric products **VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. | 7.5 |
2020-04-16 | CVE-2020-7484 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Tristation 1131 **VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection. | 7.5 |
2020-04-16 | CVE-2020-7483 | Schneider Electric | Cleartext Transmission of Sensitive Information vulnerability in Schneider-Electric Tristation 1131 **VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled. | 7.5 |
2020-04-16 | CVE-2020-11826 | Appinghouse | Cleartext Storage of Sensitive Information vulnerability in Appinghouse Memono 3.8 Users can lock their notes with a password in Memono version 3.8. | 7.5 |
2020-04-16 | CVE-2019-20696 | Netgear | Unspecified vulnerability in Netgear Wac505 Firmware and Wac510 Firmware Certain NETGEAR devices are affected by disclosure of sensitive information. | 7.5 |
2020-04-16 | CVE-2019-20695 | Netgear | Unspecified vulnerability in Netgear Srk60 Firmware, Srr60 Firmware and Srs60 Firmware Certain NETGEAR devices are affected by disclosure of sensitive information. | 7.5 |
2020-04-16 | CVE-2019-20694 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of sensitive information. | 7.5 |
2020-04-16 | CVE-2019-20687 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by denial of service. | 7.5 |
2020-04-16 | CVE-2019-18948 | Arista | Unspecified vulnerability in Arista EOS An issue was found in Arista EOS. | 7.5 |
2020-04-16 | CVE-2019-4762 | IBM | Unspecified vulnerability in IBM MQ IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to an error in the Channel processing function. | 7.5 |
2020-04-16 | CVE-2020-3651 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Active command timeout since WM status change cmd is not removed from active queue if peer sends multiple deauth frames. | 7.5 |
2020-04-16 | CVE-2019-14022 | Qualcomm | Reachable Assertion vulnerability in Qualcomm products Error occurs While extracting the ipv6_header having an invalid length due to lack of length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8096AU, MDM9205, MDM9206, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | 7.5 |
2020-04-16 | CVE-2019-14012 | Qualcomm | NULL Pointer Dereference vulnerability in Qualcomm products Possibility of null pointer deference as the array of video codecs from media info is referenced without null checking while processing SDP messages in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, Rennell, SC7180, SC8180X, SDA845, SDM429, SDM439, SDM450, SDM632, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150 | 7.5 |
2020-04-15 | CVE-2020-9280 | Silverstripe | Unrestricted Upload of File with Dangerous Type vulnerability in Silverstripe In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. | 7.5 |
2020-04-15 | CVE-2020-3273 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the 802.11 Generic Advertisement Service (GAS) frame processing function of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS). | 7.5 |
2020-04-15 | CVE-2020-3262 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol handler of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
2020-04-15 | CVE-2020-3249 | Cisco | Path Traversal vulnerability in Cisco UCS Director and UCS Director Express for BIG Data Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. | 7.5 |
2020-04-15 | CVE-2020-3177 | Cisco | Path Traversal vulnerability in Cisco products A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. | 7.5 |
2020-04-15 | CVE-2020-3162 | Cisco | Improper Input Validation vulnerability in Cisco IOT Field Network Director A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
2020-04-15 | CVE-2020-11662 | Broadcom | Unspecified vulnerability in Broadcom CA API Developer Portal CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information. | 7.5 |
2020-04-15 | CVE-2019-12520 | Squid Cache Canonical Debian | Improper Input Validation vulnerability in multiple products An issue was discovered in Squid through 4.7 and 5. | 7.5 |
2020-04-15 | CVE-2020-10615 | Trianglemicroworks | Out-of-bounds Write vulnerability in Trianglemicroworks Scada Data Gateway Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based buffer. | 7.5 |
2020-04-15 | CVE-2020-10613 | Trianglemicroworks | Out-of-bounds Read vulnerability in Trianglemicroworks Scada Data Gateway Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. | 7.5 |
2020-04-15 | CVE-2019-20654 | Netgear | Unspecified vulnerability in Netgear Wac505 Firmware and Wac510 Firmware Certain NETGEAR devices are affected by incorrect configuration of security settings. | 7.5 |
2020-04-15 | CVE-2020-11792 | Netgear | Improper Certificate Validation vulnerability in Netgear products NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are affected by Transport Layer Security (TLS) certificate private key disclosure. | 7.5 |
2020-04-15 | CVE-2019-20650 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by denial of service. | 7.5 |
2020-04-15 | CVE-2019-20649 | Netgear | Unspecified vulnerability in Netgear Mr1100 Firmware 12.05.05.00/12.06.03 NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of sensitive information. | 7.5 |
2020-04-15 | CVE-2019-20643 | Netgear | Unspecified vulnerability in Netgear Rax40 Firmware 1.0.3.62 NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of sensitive information. | 7.5 |
2020-04-15 | CVE-2020-4269 | IBM | Use of Hard-coded Credentials vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
2020-04-15 | CVE-2020-11728 | Davical Debian | Session Fixation vulnerability in multiple products An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60. | 7.5 |
2020-04-15 | CVE-2020-1018 | Microsoft | Information Exposure vulnerability in Microsoft Dynamics 365 Business Central and Dynamics NAV An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka 'Microsoft Dynamics Business Central/NAV Information Disclosure'. | 7.5 |
2020-04-15 | CVE-2020-0970 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-04-15 | CVE-2020-0969 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Chakracore and Edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-04-15 | CVE-2020-0968 | Microsoft | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
2020-04-15 | CVE-2020-0895 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer 11/9 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. | 7.5 |
2020-04-15 | CVE-2020-2958 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 7.5 |
2020-04-15 | CVE-2020-2911 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 7.5 |
2020-04-15 | CVE-2020-2907 | Oracle Opensuse | Type Confusion vulnerability in multiple products Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 7.5 |
2020-04-15 | CVE-2020-2859 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: nVision). | 7.5 |
2020-04-15 | CVE-2020-2828 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services). | 7.5 |
2020-04-15 | CVE-2020-2816 | Oracle Netapp Canonical Debian Opensuse | Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). | 7.5 |
2020-04-15 | CVE-2020-2750 | Oracle | Unspecified vulnerability in Oracle General Ledger Vulnerability in the Oracle General Ledger product of Oracle E-Business Suite (component: Account Hierarchy Manager). | 7.5 |
2020-04-15 | CVE-2020-3932 | Draytek | Unspecified vulnerability in Draytek Vigorap 910C Firmware 1.3.1 A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage. | 7.5 |
2020-04-15 | CVE-2020-10506 | THE School Manage System Project | Path Traversal vulnerability in the School Manage System Project the School Manage System The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files. | 7.5 |
2020-04-14 | CVE-2020-5260 | GIT GIT SCM Debian Canonical Fedoraproject Opensuse | Insufficiently Protected Credentials vulnerability in multiple products Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. | 7.5 |
2020-04-14 | CVE-2019-19300 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0), SIMATIC ET 200pro IM 154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM 154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM 154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM 151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM 151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0), SIMATIC ET 200SP IM 155-6 PN HA (incl. | 7.5 |
2020-04-14 | CVE-2020-6237 | SAP | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | 7.5 |
2020-04-14 | CVE-2020-6228 | SAP | Improper Validation of Integrity Check Value vulnerability in SAP Business Client 6.5/7.0 SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer. | 7.5 |
2020-04-14 | CVE-2020-6227 | SAP | Improper Encoding or Escaping of Output vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files. | 7.5 |
2020-04-14 | CVE-2018-6402 | Ecobee | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Ecobee Ecobee4 Firmware 4.2.0.171 Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. | 7.5 |
2020-04-13 | CVE-2020-11738 | Snapcreek | Path Traversal vulnerability in Snapcreek Duplicator The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init. | 7.5 |
2020-04-13 | CVE-2020-11732 | Davidlingren | Unspecified vulnerability in Davidlingren Media Library Assistant The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download. | 7.5 |
2020-04-15 | CVE-2020-2739 | Oracle | Unspecified vulnerability in Oracle Webcenter Sites 12.2.1.3.0 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). | 7.4 |
2020-04-16 | CVE-2020-4347 | IBM | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Infosphere Information Server 11.3/11.5/11.7 IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment. | 7.3 |
2020-04-15 | CVE-2020-3240 | Cisco | Improper Input Validation vulnerability in Cisco UCS Director and UCS Director Express for BIG Data Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. | 7.3 |
2020-04-15 | CVE-2020-2787 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 7.3 |
2020-04-15 | CVE-2020-2786 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 7.3 |
2020-04-15 | CVE-2020-2785 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 7.3 |
2020-04-15 | CVE-2020-2784 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 7.3 |
2020-04-17 | CVE-2020-11885 | Wso2 | Server-Side Request Forgery (SSRF) vulnerability in Wso2 Enterprise Integrator WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded file. | 7.2 |
2020-04-16 | CVE-2020-7111 | Arubanetworks | Injection vulnerability in Arubanetworks Clearpass A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. | 7.2 |
2020-04-15 | CVE-2019-20659 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 7.2 |
2020-04-15 | CVE-2020-5350 | Dell | OS Command Injection vulnerability in Dell EMC Integrated Data Protection Appliance Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. | 7.2 |
2020-04-15 | CVE-2020-2963 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). | 7.2 |
2020-04-15 | CVE-2020-2798 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services). | 7.2 |
2020-04-15 | CVE-2019-20767 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 7.2 |
2020-04-14 | CVE-2020-6236 | SAP | Improper Privilege Management vulnerability in SAP Adaptive Extensions and Landscape Management SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. | 7.2 |
2020-04-14 | CVE-2020-6234 | SAP | Unspecified vulnerability in SAP Host Agent 7.21 SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation. | 7.2 |
2020-04-14 | CVE-2020-6230 | SAP | Unspecified vulnerability in SAP Orientdb 3.0 SAP OrientDB, version 3.0, allows an authenticated attacker with script execute/write permissions to inject code that can be executed by the application and lead to Code Injection. | 7.2 |
2020-04-16 | CVE-2020-2178 | Jenkins | XXE vulnerability in Jenkins Parasoft Findings Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 7.1 |
2020-04-16 | CVE-2019-14104 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Slab-out-of-bounds access can occur if the context pointer is invalid due to lack of null check on pointer before accessing it in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, SC8180X, SDX55, SM8150 | 7.1 |
2020-04-16 | CVE-2019-10625 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Out of bound access in diag services when DCI command buffer reallocation is not done properly with required capacity in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCS605, Rennell, SC8180X, SDM429W, SDM710, SDX55, SM7150, SM8150 | 7.1 |
2020-04-16 | CVE-2019-10623 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Possible integer overflow can happen in host driver while processing user controlled string due to improper validation on data received. | 7.1 |
2020-04-16 | CVE-2019-10574 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Lack of boundary checks for data offsets received from HLOS can lead to out-of-bound read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCM2150, QCS605, QM215, Rennell, SC7180, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 7.1 |
2020-04-15 | CVE-2020-1002 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'. | 7.1 |
2020-04-15 | CVE-2020-0942 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. | 7.1 |
2020-04-15 | CVE-2020-0936 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections, aka 'Windows Scheduled Task Elevation of Privilege Vulnerability'. | 7.1 |
2020-04-15 | CVE-2020-2964 | Oracle | Unspecified vulnerability in Oracle Financial Services Data Foundation 8.0.6/8.0.9 Vulnerability in the Oracle Financial Services Data Foundation product of Oracle Financial Services Applications (component: User Interface). | 7.1 |
2020-04-15 | CVE-2020-2945 | Oracle | Unspecified vulnerability in Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management 8.0.7/8.0.8 Vulnerability in the Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interfaces). | 7.1 |
2020-04-15 | CVE-2020-2943 | Oracle | Unspecified vulnerability in Oracle Financial Services Liquidity Risk Measurement and Management 8.0.7.0.0/8.0.8.0.0 Vulnerability in the Oracle Financial Services Liquidity Risk Measurement and Management product of Oracle Financial Services Applications (component: User Interface). | 7.1 |
2020-04-15 | CVE-2020-2942 | Oracle | Unspecified vulnerability in Oracle Financial Services Price Creation and Discovery 8.0.7 Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface). | 7.1 |
2020-04-15 | CVE-2020-2941 | Oracle | Unspecified vulnerability in Oracle Financial Services Funds Transfer Pricing 8.0.6/8.0.7 Vulnerability in the Oracle Financial Services Funds Transfer Pricing product of Oracle Financial Services Applications (component: User Interface). | 7.1 |
2020-04-15 | CVE-2020-2940 | Oracle | Unspecified vulnerability in Oracle Financial Services Profitability Management 8.0.6/8.0.7 Vulnerability in the Oracle Financial Services Profitability Management product of Oracle Financial Services Applications (component: User Interface). | 7.1 |
2020-04-15 | CVE-2020-2939 | Oracle | Unspecified vulnerability in Oracle Financial Services Asset Liability Management 8.0.6/8.0.7 Vulnerability in the Oracle Financial Services Asset Liability Management product of Oracle Financial Services Applications (component: User Interface). | 7.1 |
2020-04-15 | CVE-2020-2938 | Oracle | Unspecified vulnerability in Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.6/8.0.7/8.0.8 Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: User Interface). | 7.1 |
2020-04-15 | CVE-2020-2937 | Oracle | Unspecified vulnerability in Oracle Insurance Accounting Analyzer 8.0.6/8.0.9 Vulnerability in the Oracle Insurance Accounting Analyzer product of Oracle Financial Services Applications (component: User Interface). | 7.1 |
2020-04-15 | CVE-2020-2936 | Oracle | Unspecified vulnerability in Oracle Financial Services Balance Sheet Planning 8.0.8 Vulnerability in the Oracle Financial Services Balance Sheet Planning product of Oracle Financial Services Applications (component: User Interface). | 7.1 |
2020-04-15 | CVE-2020-2935 | Oracle | Unspecified vulnerability in Oracle Financial Services Hedge Management and Ifrs Valuations 8.0.6/8.0.7/8.0.8 Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations product of Oracle Financial Services Applications (component: User Interface). | 7.1 |
2020-04-15 | CVE-2020-2891 | Oracle | Unspecified vulnerability in Oracle Financial Services Liquidity Risk Management 8.0.6 Vulnerability in the Oracle Financial Services Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interfaces). | 7.1 |
2020-04-15 | CVE-2020-2793 | Oracle | Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). | 7.1 |
2020-04-15 | CVE-2020-2782 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). | 7.1 |
2020-04-17 | CVE-2020-1751 | GNU Redhat Canonical | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. | 7.0 |
2020-04-16 | CVE-2019-14070 | Qualcomm | Use After Free vulnerability in Qualcomm products Possible use after free issue in pcm volume controls due to race condition exist in private data used in mixer controls in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.0 |
2020-04-15 | CVE-2020-2914 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 7.0 |
2020-04-15 | CVE-2020-2913 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 7.0 |
379 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-04-16 | CVE-2019-11999 | HPE | Cross-site Scripting vulnerability in HPE Opencall Media Platform Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting. | 6.9 |
2020-04-17 | CVE-2019-20785 | Use of Uninitialized Resource vulnerability in Google Android 8.0/8.1 An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. | 6.8 | |
2020-04-16 | CVE-2019-20766 | Netgear | Out-of-bounds Write vulnerability in Netgear R7800 Firmware NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20765 | Netgear | Out-of-bounds Write vulnerability in Netgear R7800 Firmware NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20764 | Netgear | Out-of-bounds Write vulnerability in Netgear R7800 Firmware NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20763 | Netgear | Out-of-bounds Write vulnerability in Netgear R7800 Firmware NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20762 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20757 | Netgear | Command Injection vulnerability in Netgear R7800 Firmware NETGEAR R7800 devices before 1.0.2.62 are affected by command injection by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20755 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20754 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20751 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20748 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20747 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20745 | Netgear | Command Injection vulnerability in Netgear Wac505 Firmware and Wac510 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20740 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20736 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20735 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20727 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20726 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20725 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20724 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20723 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20722 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20719 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20718 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20716 | Netgear | Out-of-bounds Write vulnerability in Netgear Dgn2200 Firmware and Dgnd2200B Firmware Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 6.8 |
2020-04-16 | CVE-2019-20713 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20712 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20689 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
2020-04-16 | CVE-2019-20688 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
2020-04-15 | CVE-2020-0918 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka 'Windows Hyper-V Elevation of Privilege Vulnerability'. | 6.8 |
2020-04-15 | CVE-2020-0917 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka 'Windows Hyper-V Elevation of Privilege Vulnerability'. | 6.8 |
2020-04-14 | CVE-2020-11001 | Torchbox | Unspecified vulnerability in Torchbox Wagtail In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision comparison view within the Wagtail admin interface. | 6.8 |
2020-04-13 | CVE-2020-1759 | Redhat Linuxfoundation Fedoraproject | A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. | 6.8 |
2020-04-17 | CVE-2020-0076 | Out-of-bounds Write vulnerability in Google Android In get_auth_result of the FPC IRIS TrustZone app, there is a possible out of bounds write due to a missing bounds check. | 6.7 | |
2020-04-16 | CVE-2019-20737 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 6.7 |
2020-04-16 | CVE-2019-20733 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 6.7 |
2020-04-16 | CVE-2019-20732 | Netgear | Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.7 |
2020-04-16 | CVE-2019-20731 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. | 6.7 |
2020-04-16 | CVE-2019-20728 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. | 6.7 |
2020-04-16 | CVE-2019-20700 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 6.7 |
2020-04-16 | CVE-2019-20692 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 6.7 |
2020-04-15 | CVE-2019-20651 | Netgear | Command Injection vulnerability in Netgear Wac505 Firmware and Wac510 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.7 |
2020-04-15 | CVE-2020-6992 | GE | Improper Privilege Management vulnerability in GE Cimplicity A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. | 6.7 |
2020-04-15 | CVE-2020-7276 | Mcafee | Improper Authentication vulnerability in Mcafee Endpoint Security Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool. | 6.7 |
2020-04-17 | CVE-2020-7083 | Autodesk | Integer Overflow or Wraparound vulnerability in Autodesk FBX Software Development KIT An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application. | 6.5 |
2020-04-17 | CVE-2020-11880 | KDE | Unspecified vulnerability in KDE Kmail An issue was discovered in KDE KMail before 19.12.3. | 6.5 |
2020-04-17 | CVE-2020-11879 | Gnome | Unspecified vulnerability in Gnome Evolution An issue was discovered in GNOME Evolution before 3.35.91. | 6.5 |
2020-04-16 | CVE-2019-20741 | Netgear | Unspecified vulnerability in Netgear Wac510 Firmware 1.3.0.10/5.0.0.17/5.0.5.4 NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of sensitive information. | 6.5 |
2020-04-16 | CVE-2020-11007 | Shopizer | Improper Input Validation vulnerability in Shopizer In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. | 6.5 |
2020-04-16 | CVE-2019-20717 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by denial of service. | 6.5 |
2020-04-16 | CVE-2019-20698 | Netgear | Unspecified vulnerability in Netgear Wac505 Firmware and Wac510 Firmware Certain NETGEAR devices are affected by disclosure of sensitive information. | 6.5 |
2020-04-15 | CVE-2020-3261 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. | 6.5 |
2020-04-15 | CVE-2020-3260 | Cisco | Resource Exhaustion vulnerability in Cisco products A vulnerability in Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. | 6.5 |
2020-04-15 | CVE-2020-3252 | Cisco | Path Traversal vulnerability in Cisco UCS Director and UCS Director Express for BIG Data Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. | 6.5 |
2020-04-15 | CVE-2020-11660 | Broadcom | Unspecified vulnerability in Broadcom CA API Developer Portal CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information. | 6.5 |
2020-04-15 | CVE-2019-20658 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of sensitive information. | 6.5 |
2020-04-15 | CVE-2019-20653 | Netgear | Unspecified vulnerability in Netgear Wac505 Firmware and Wac510 Firmware Certain NETGEAR devices are affected by denial of service. | 6.5 |
2020-04-15 | CVE-2019-20652 | Netgear | Unspecified vulnerability in Netgear Wac505 Firmware NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of sensitive information. | 6.5 |
2020-04-15 | CVE-2019-20638 | Netgear | Information Exposure vulnerability in Netgear Mr1100 Firmware 12.05.05.00/12.06.03 NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of administrative credentials. | 6.5 |
2020-04-15 | CVE-2020-0576 | Intel | Classic Buffer Overflow vulnerability in Intel Compute Module Mfs2600Ki Firmware Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 6.5 |
2020-04-15 | CVE-2020-0558 | Intel | Unspecified vulnerability in Intel Proset/Wireless Wifi Improper buffer restrictions in kernel mode driver for Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an unprivileged user to potentially enable denial of service via adjacent access. | 6.5 |
2020-04-15 | CVE-2020-0993 | Microsoft | Unspecified vulnerability in Microsoft products A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'. | 6.5 |
2020-04-15 | CVE-2020-0952 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 6.5 |
2020-04-15 | CVE-2020-2952 | Oracle | Unspecified vulnerability in Oracle Http Server 11.1.1.9.0 Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). | 6.5 |
2020-04-15 | CVE-2020-2951 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.5 |
2020-04-15 | CVE-2020-2910 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.5 |
2020-04-15 | CVE-2020-2906 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise SCM Purchasing 9.2 Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Supplier Change). | 6.5 |
2020-04-15 | CVE-2020-2790 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). | 6.5 |
2020-04-15 | CVE-2020-2780 | Oracle Fedoraproject Canonical Netapp Mariadb | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 6.5 |
2020-04-15 | CVE-2020-2594 | Oracle | Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Project Manager). | 6.5 |
2020-04-15 | CVE-2020-7278 | Mcafee | Missing Authorization vulnerability in Mcafee Endpoint Security Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates. | 6.5 |
2020-04-15 | CVE-2020-10513 | Icatchinc | Incorrect Permission Assignment for Critical Resource vulnerability in Icatchinc DVR Interface The file management interface of iCatch DVR firmware before 20200103 contains broken access control which allows the attacker to remotely manipulate arbitrary file. | 6.5 |
2020-04-14 | CVE-2020-4151 | IBM | Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1/7.3.2 IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attacker to perform unauthorized actions due to improper input validation. | 6.5 |
2020-04-13 | CVE-2020-6456 | Google Debian Fedoraproject Opensuse | Incorrect Default Permissions vulnerability in multiple products Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents. | 6.5 |
2020-04-13 | CVE-2020-6446 | Google Debian Fedoraproject Opensuse | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 6.5 |
2020-04-13 | CVE-2020-6445 | Google Debian Fedoraproject Opensuse | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. | 6.5 |
2020-04-17 | CVE-2019-12001 | HPE | Insufficient Session Expiration vulnerability in HPE products A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier. | 6.4 |
2020-04-15 | CVE-2020-2737 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Core RDBMS component of Oracle Database Server. | 6.4 |
2020-04-15 | CVE-2020-4294 | IBM | Server-Side Request Forgery (SSRF) vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). | 6.3 |
2020-04-15 | CVE-2020-4271 | IBM | Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. | 6.3 |
2020-04-15 | CVE-2020-2955 | Oracle | Unspecified vulnerability in Oracle Flexcube Core Banking 4.0 Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Financial Services Applications (component: Transaction Processing). | 6.3 |
2020-04-15 | CVE-2020-2799 | Oracle | Unspecified vulnerability in Oracle Graalvm 19.3.1/20.0.0 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). | 6.3 |
2020-04-15 | CVE-2020-2795 | Oracle | Unspecified vulnerability in Oracle Knowledge 8.6.0/8.6.1/8.6.2 Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). | 6.3 |
2020-04-15 | CVE-2020-2768 | Oracle Netapp | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). | 6.3 |
2020-04-15 | CVE-2020-7257 | Mcafee | Improper Privilege Management vulnerability in Mcafee Endpoint Security Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress. | 6.3 |
2020-04-13 | CVE-2020-6444 | Google Fedoraproject Debian Opensuse | Use of Uninitialized Resource vulnerability in multiple products Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.3 |
2020-04-14 | CVE-2020-6224 | SAP | Information Exposure Through Log Files vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure. | 6.2 |
2020-04-17 | CVE-2020-11887 | Svg2Png Project | Cross-site Scripting vulnerability in Svg2Png Project Svg2Png 4.1.1 svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document. | 6.1 |
2020-04-17 | CVE-2020-5733 | Openmrs | Open Redirect vulnerability in Openmrs In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. | 6.1 |
2020-04-17 | CVE-2020-5732 | Openmrs | Open Redirect vulnerability in Openmrs In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. | 6.1 |
2020-04-17 | CVE-2020-5731 | Openmrs | Cross-site Scripting vulnerability in Openmrs In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting. | 6.1 |
2020-04-17 | CVE-2020-5730 | Openmrs | Cross-site Scripting vulnerability in Openmrs In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting. | 6.1 |
2020-04-17 | CVE-2020-5729 | Openmrs | Cross-site Scripting vulnerability in Openmrs In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. | 6.1 |
2020-04-17 | CVE-2020-5728 | Openmrs | Improper Input Validation vulnerability in Openmrs OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). | 6.1 |
2020-04-17 | CVE-2019-4644 | IBM | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 6.1 |
2020-04-16 | CVE-2019-20756 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by reflected XSS. | 6.1 |
2020-04-16 | CVE-2019-19394 | Northern Tech | Cross-site Scripting vulnerability in Northern.Tech Cfengine 3.12.1/3.12.2/3.7 Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. | 6.1 |
2020-04-15 | CVE-2020-11665 | Broadcom | Open Redirect vulnerability in Broadcom CA API Developer Portal CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | 6.1 |
2020-04-15 | CVE-2020-11664 | Broadcom | Open Redirect vulnerability in Broadcom CA API Developer Portal CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | 6.1 |
2020-04-15 | CVE-2020-11663 | Broadcom | Open Redirect vulnerability in Broadcom CA API Developer Portal CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks. | 6.1 |
2020-04-15 | CVE-2020-3954 | Vmware | Open Redirect vulnerability in VMWare Vrealize LOG Insight Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. | 6.1 |
2020-04-15 | CVE-2020-11791 | Netgear | Cross-site Scripting vulnerability in Netgear Jgs516Pe Firmware 2.6.0.35 NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS. | 6.1 |
2020-04-15 | CVE-2020-1050 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 Server 9.0 A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | 6.1 |
2020-04-15 | CVE-2020-2954 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Candidate Gateway 9.2 Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle PeopleSoft (component: Candidate Gateway). | 6.1 |
2020-04-15 | CVE-2020-2920 | Oracle | Unspecified vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.3/9.3.5/9.3.6 Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security). | 6.1 |
2020-04-15 | CVE-2020-2868 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Diagnostic Framework). | 6.1 |
2020-04-15 | CVE-2020-2811 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 6.1 |
2020-04-15 | CVE-2020-2797 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Process Scheduler). | 6.1 |
2020-04-15 | CVE-2020-2751 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). | 6.1 |
2020-04-14 | CVE-2020-7575 | Siemens | Cross-site Scripting vulnerability in Siemens Climatix Pol908 Firmware and Climatix Pol909 Firmware A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). | 6.1 |
2020-04-14 | CVE-2020-7574 | Siemens | Cross-site Scripting vulnerability in Siemens Climatix Pol908 Firmware and Climatix Pol909 Firmware A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). | 6.1 |
2020-04-14 | CVE-2020-6217 | SAP | Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2020-04-14 | CVE-2020-6215 | SAP | Open Redirect vulnerability in SAP Netweaver AS Abap Business Server Pages SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. | 6.1 |
2020-04-14 | CVE-2020-6211 | SAP | Open Redirect vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. | 6.1 |
2020-04-14 | CVE-2020-6229 | SAP | Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2020-04-14 | CVE-2020-6223 | SAP | Open Redirect vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. | 6.1 |
2020-04-14 | CVE-2020-6216 | SAP | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2020-04-13 | CVE-2020-11734 | Cybersolutions | Cross-site Scripting vulnerability in Cybersolutions Cybermail 5.0/6.0/7.0 cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the ACTION parameter. | 6.1 |
2020-04-13 | CVE-2020-8430 | Stormshield | Open Redirect vulnerability in Stormshield Network Security Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. | 6.1 |
2020-04-13 | CVE-2020-11731 | Davidlingren | Cross-site Scripting vulnerability in Davidlingren Media Library Assistant The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript. | 6.1 |
2020-04-15 | CVE-2019-20676 | Netgear | Missing Authorization vulnerability in Netgear products Certain NETGEAR devices are affected by lack of access control at the function level. | 6.0 |
2020-04-15 | CVE-2020-2946 | Oracle | Unspecified vulnerability in Oracle Application Performance Management 12.1.0.5/13.2.0.0/13.3.0.0 Vulnerability in the Application Performance Management product of Oracle Enterprise Manager (component: EM Request Monitoring). | 6.0 |
2020-04-15 | CVE-2020-2894 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.0 |
2020-04-15 | CVE-2020-2743 | Oracle Opensuse | Out-of-bounds Read vulnerability in multiple products Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.0 |
2020-04-15 | CVE-2020-2741 | Oracle Opensuse | Out-of-bounds Read vulnerability in multiple products Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 6.0 |
2020-04-14 | CVE-2020-7958 | Oneplus | Unspecified vulnerability in Oneplus 7 PRO Firmware An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. | 6.0 |
2020-04-15 | CVE-2019-12521 | Squid Cache Canonical Debian Opensuse | Off-by-one Error vulnerability in multiple products An issue was discovered in Squid through 4.7. | 5.9 |
2020-04-15 | CVE-2019-4594 | IBM | Cleartext Transmission of Sensitive Information vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
2020-04-15 | CVE-2020-2932 | Oracle | Unspecified vulnerability in Oracle Knowledge Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). | 5.9 |
2020-04-15 | CVE-2020-2804 | Oracle Fedoraproject Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). | 5.9 |
2020-04-15 | CVE-2020-2524 | Oracle | Unspecified vulnerability in Oracle Knowledge Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: InQuira Search). | 5.9 |
2020-04-15 | CVE-2019-20647 | Netgear | Unspecified vulnerability in Netgear Rax40 Firmware 1.0.3.62 NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of service. | 5.7 |
2020-04-17 | CVE-2019-2056 | Unspecified vulnerability in Google Android 10.0 There is a possible disclosure of RAM using a shared crypto key due to improperly used crypto. | 5.5 | |
2020-04-17 | CVE-2020-7084 | Autodesk | NULL Pointer Dereference vulnerability in Autodesk FBX Software Development KIT A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application. | 5.5 |
2020-04-17 | CVE-2019-20784 | Unspecified vulnerability in Google Android An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (MTK chipsets) software. | 5.5 | |
2020-04-17 | CVE-2019-20779 | Unspecified vulnerability in Google Android An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. | 5.5 | |
2020-04-17 | CVE-2019-20776 | Unspecified vulnerability in Google Android An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. | 5.5 | |
2020-04-17 | CVE-2019-20775 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Google Android 9.0 An issue was discovered on LG mobile devices with Android OS 9.0 (Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets) software. | 5.5 | |
2020-04-17 | CVE-2019-20774 | Unspecified vulnerability in Google Android An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. | 5.5 | |
2020-04-16 | CVE-2020-4338 | IBM | Information Exposure vulnerability in IBM MQ IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. | 5.5 |
2020-04-16 | CVE-2019-14075 | Qualcomm | NULL Pointer Dereference vulnerability in Qualcomm products Null pointer dereference issue in radio interface layer due to lack of null check in sapmodule destructor in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS605, Rennell, Saipan, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR2130 | 5.5 |
2020-04-16 | CVE-2019-14007 | Qualcomm | Information Exposure Through Discrepancy vulnerability in Qualcomm products Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, SC7180, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 5.5 |
2020-04-16 | CVE-2019-10608 | Qualcomm | Unspecified vulnerability in Qualcomm products Information disclosure issue occurs as there is no binding between the secure keypad session and the secure display session that allows user to take control of the REE to stop the secure keypad session and read the keypad input. | 5.5 |
2020-04-16 | CVE-2019-10523 | Qualcomm | Information Exposure vulnerability in Qualcomm products Target specific data is being sent to remote server and leads to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6574AU, QCS605, Rennell, SDA660, SDM429W, SDM439, SDM450, SDM710, SDM845, SM7150, SM8150, SM8250, SXR2130 | 5.5 |
2020-04-16 | CVE-2019-10483 | Qualcomm | Information Exposure Through Discrepancy vulnerability in Qualcomm products Side channel issue in QTEE due to usage of non-time-constant comparison function such as memcmp or strcmp in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 5.5 |
2020-04-15 | CVE-2020-5721 | Mikrotik | Insufficiently Protected Credentials vulnerability in Mikrotik Winbox MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. | 5.5 |
2020-04-15 | CVE-2020-10637 | Eaton | Out-of-bounds Read vulnerability in Eaton Hmisoft VU3 Firmware 3.00.23 Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. | 5.5 |
2020-04-15 | CVE-2020-1016 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows Push Notification Service improperly handles objects in memory, aka 'Windows Push Notification Service Information Disclosure Vulnerability'. | 5.5 |
2020-04-15 | CVE-2020-1007 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. | 5.5 |
2020-04-15 | CVE-2020-1005 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. | 5.5 |
2020-04-15 | CVE-2020-0987 | Microsoft | Out-of-bounds Read vulnerability in Microsoft products An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. | 5.5 |
2020-04-15 | CVE-2020-0982 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. | 5.5 |
2020-04-15 | CVE-2020-0962 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 |
2020-04-15 | CVE-2020-0955 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure in CPU Memory Access'. | 5.5 |
2020-04-15 | CVE-2020-0947 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. | 5.5 |
2020-04-15 | CVE-2020-0946 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. | 5.5 |
2020-04-15 | CVE-2020-0945 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. | 5.5 |
2020-04-15 | CVE-2020-0939 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016 An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. | 5.5 |
2020-04-15 | CVE-2020-0937 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'. | 5.5 |
2020-04-15 | CVE-2020-0935 | Microsoft | Improper Privilege Management vulnerability in Microsoft Onedrive An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'. | 5.5 |
2020-04-15 | CVE-2020-0900 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'. | 5.5 |
2020-04-15 | CVE-2020-0899 | Microsoft | Unspecified vulnerability in Microsoft Visual Studio 2017 and Visual Studio 2019 An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'. | 5.5 |
2020-04-15 | CVE-2020-0821 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. | 5.5 |
2020-04-15 | CVE-2020-0794 | Microsoft | Unspecified vulnerability in Microsoft products A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. | 5.5 |
2020-04-15 | CVE-2020-0699 | Microsoft | Unspecified vulnerability in Microsoft products An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. | 5.5 |
2020-04-15 | CVE-2020-2760 | Oracle Opensuse Fedoraproject Netapp Canonical Mariadb | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 5.5 |
2020-04-15 | CVE-2020-7273 | Mcafee | Improper Privilege Management vulnerability in Mcafee Endpoint Security Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters. | 5.5 |
2020-04-15 | CVE-2020-7261 | Mcafee | Classic Buffer Overflow vulnerability in Mcafee Endpoint Security Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input. | 5.5 |
2020-04-14 | CVE-2020-11765 | Openexr Fedoraproject Opensuse Debian Canonical Apple | Off-by-one Error vulnerability in multiple products An issue was discovered in OpenEXR before 2.4.1. | 5.5 |
2020-04-14 | CVE-2020-11764 | Openexr Fedoraproject Canonical Opensuse Debian Apple | Out-of-bounds Write vulnerability in multiple products An issue was discovered in OpenEXR before 2.4.1. | 5.5 |
2020-04-14 | CVE-2020-11763 | Openexr Fedoraproject Canonical Opensuse Debian Apple | Out-of-bounds Write vulnerability in multiple products An issue was discovered in OpenEXR before 2.4.1. | 5.5 |
2020-04-14 | CVE-2020-11762 | Openexr Fedoraproject Canonical Opensuse Debian Apple | Out-of-bounds Write vulnerability in multiple products An issue was discovered in OpenEXR before 2.4.1. | 5.5 |
2020-04-14 | CVE-2020-11761 | Openexr Fedoraproject Canonical Debian Apple | Out-of-bounds Read vulnerability in multiple products An issue was discovered in OpenEXR before 2.4.1. | 5.5 |
2020-04-14 | CVE-2020-11760 | Openexr Fedoraproject Canonical Opensuse Debian Apple | Out-of-bounds Read vulnerability in multiple products An issue was discovered in OpenEXR before 2.4.1. | 5.5 |
2020-04-14 | CVE-2020-11759 | Openexr Fedoraproject Canonical Debian Apple | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in OpenEXR before 2.4.1. | 5.5 |
2020-04-14 | CVE-2020-11758 | Openexr Fedoraproject Canonical Opensuse Debian Apple | Out-of-bounds Read vulnerability in multiple products An issue was discovered in OpenEXR before 2.4.1. | 5.5 |
2020-04-14 | CVE-2020-11005 | Windowshello Project | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Windowshello Project Windowshello The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. | 5.5 |
2020-04-14 | CVE-2020-8324 | Lenovo | Improper Input Validation vulnerability in Lenovo System Interface Foundation A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed. | 5.5 |
2020-04-14 | CVE-2020-11723 | Cellebrite | Use of Hard-coded Credentials vulnerability in Cellebrite Ufed Firmware Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. | 5.5 |
2020-04-14 | CVE-2020-11743 | XEN Fedoraproject | Improper Handling of Exceptional Conditions vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. | 5.5 |
2020-04-14 | CVE-2020-11742 | XEN Fedoraproject | An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. | 5.5 |
2020-04-14 | CVE-2020-11740 | XEN Debian Fedoraproject Opensuse | Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. | 5.5 |
2020-04-17 | CVE-2020-5737 | Tenable | Cross-site Scripting vulnerability in Tenable Tenable.Sc 5.14.0/5.14.1 Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. | 5.4 |
2020-04-17 | CVE-2019-4749 | IBM | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 5.4 |
2020-04-17 | CVE-2019-4446 | IBM | Unspecified vulnerability in IBM products IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. | 5.4 |
2020-04-16 | CVE-2020-5294 | Prestashop | Cross-site Scripting vulnerability in Prestashop Socialfollow PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0 | 5.4 |
2020-04-16 | CVE-2020-5273 | Prestashop | Cross-site Scripting vulnerability in Prestashop Linklist In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs. | 5.4 |
2020-04-16 | CVE-2020-5266 | Prestashop | Cross-site Scripting vulnerability in Prestashop Link In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field. | 5.4 |
2020-04-16 | CVE-2019-20738 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 5.4 |
2020-04-16 | CVE-2020-11823 | Dolibarr | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.6 In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page. | 5.4 |
2020-04-16 | CVE-2020-11814 | Qdpm | Injection vulnerability in Qdpm 9.1 A Host Header Injection vulnerability in qdPM 9.1 may allow an attacker to spoof a particular header and redirect users to malicious websites. | 5.4 |
2020-04-16 | CVE-2020-11813 | Rukovoditel | Cross-site Scripting vulnerability in Rukovoditel 2.5.2 In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. | 5.4 |
2020-04-16 | CVE-2019-20693 | Netgear | Incorrect Permission Assignment for Critical Resource vulnerability in Netgear Wac505 Firmware and Wac510 Firmware Certain NETGEAR devices are affected by incorrect configuration of security settings. | 5.4 |
2020-04-15 | CVE-2019-19390 | Matrix42 | Cross-site Scripting vulnerability in Matrix42 Workspace Management 9.1.2.2765 The Search parameter of the Software Catalogue section of Matrix42 Workspace Management 9.1.2.2765 and below accepts unfiltered parameters that lead to multiple reflected XSS issues. | 5.4 |
2020-04-15 | CVE-2020-4274 | IBM | Incorrect Default Permissions vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. | 5.4 |
2020-04-15 | CVE-2020-4268 | IBM | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scripting. | 5.4 |
2020-04-15 | CVE-2020-1049 | Microsoft | Cross-site Scripting vulnerability in Microsoft Dynamics 365 Server 9.0 A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | 5.4 |
2020-04-15 | CVE-2020-0978 | Microsoft | Cross-site Scripting vulnerability in Microsoft products A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |
2020-04-15 | CVE-2020-0977 | Microsoft | Unspecified vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. | 5.4 |
2020-04-15 | CVE-2020-0976 | Microsoft | Unspecified vulnerability in Microsoft products A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. | 5.4 |
2020-04-15 | CVE-2020-0975 | Microsoft | Unspecified vulnerability in Microsoft products A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. | 5.4 |
2020-04-15 | CVE-2020-0973 | Microsoft | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |
2020-04-15 | CVE-2020-0972 | Microsoft | Unspecified vulnerability in Microsoft products A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. | 5.4 |
2020-04-15 | CVE-2020-0954 | Microsoft | Cross-site Scripting vulnerability in Microsoft products A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |
2020-04-15 | CVE-2020-0933 | Microsoft | Cross-site Scripting vulnerability in Microsoft products A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |
2020-04-15 | CVE-2020-0930 | Microsoft | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |
2020-04-15 | CVE-2020-0927 | Microsoft | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |
2020-04-15 | CVE-2020-0926 | Microsoft | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |
2020-04-15 | CVE-2020-0925 | Microsoft | Cross-site Scripting vulnerability in Microsoft products A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |
2020-04-15 | CVE-2020-0924 | Microsoft | Cross-site Scripting vulnerability in Microsoft products A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |
2020-04-15 | CVE-2020-0923 | Microsoft | Cross-site Scripting vulnerability in Microsoft products A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 5.4 |
2020-04-15 | CVE-2020-2747 | Oracle | Unspecified vulnerability in Oracle Access Manager 11.1.2.3.0/12.2.1.3.0 Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: SSO Engine). | 5.4 |
2020-04-15 | CVE-2020-2744 | Oracle | Unspecified vulnerability in Oracle Transportation Management 6.3.7/6.4.2/6.4.3 Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Security). | 5.4 |
2020-04-15 | CVE-2020-2706 | Oracle | Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Project Manager). | 5.4 |
2020-04-15 | CVE-2019-19500 | Matrix42 | Cross-site Scripting vulnerability in Matrix42 Workspace Management 9.1.2.2765 Matrix42 Workspace Management 9.1.2.2765 and below allows stored XSS via unfiltered description parameters, as demonstrated by the comment field of a special order for individual software. | 5.4 |
2020-04-14 | CVE-2020-6231 | SAP | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2020-04-14 | CVE-2020-6226 | SAP | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2020-04-14 | CVE-2020-6222 | SAP | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2020-04-14 | CVE-2020-6221 | SAP | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 Web Intelligence HTML interface in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2020-04-14 | CVE-2020-9461 | Octech | Cross-site Scripting vulnerability in Octech Oempro Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. | 5.4 |
2020-04-14 | CVE-2020-9460 | Octech | Cross-site Scripting vulnerability in Octech Oempro Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. | 5.4 |
2020-04-17 | CVE-2020-11883 | Divante | Information Exposure Through an Error Message vulnerability in Divante Storefront-Api and Vue-Storefront-Api In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names. | 5.3 |
2020-04-15 | CVE-2020-2949 | Oracle | Unspecified vulnerability in Oracle Coherence Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). | 5.3 |
2020-04-15 | CVE-2020-2889 | Oracle | Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). | 5.3 |
2020-04-15 | CVE-2020-2888 | Oracle | Unspecified vulnerability in Oracle Marketing Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Partners). | 5.3 |
2020-04-15 | CVE-2020-2887 | Oracle | Unspecified vulnerability in Oracle Customer Interaction History Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). | 5.3 |
2020-04-15 | CVE-2020-2866 | Oracle | Unspecified vulnerability in Oracle Applications Framework Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). | 5.3 |
2020-04-15 | CVE-2020-2865 | Oracle | Unspecified vulnerability in Oracle Configurator 12.1/12.2 Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: Installation). | 5.3 |
2020-04-15 | CVE-2020-2864 | Oracle | Unspecified vulnerability in Oracle Isupplier Portal Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Accounts). | 5.3 |
2020-04-15 | CVE-2020-2830 | Oracle Netapp Debian Fedoraproject Opensuse Mcafee Canonical | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). | 5.3 |
2020-04-15 | CVE-2020-2806 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). | 5.3 |
2020-04-15 | CVE-2020-2783 | Oracle | Unspecified vulnerability in Oracle Outside in Technology 8.5.4 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). | 5.3 |
2020-04-15 | CVE-2020-2781 | Oracle Debian Canonical Opensuse Fedoraproject Mcafee Netapp | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). | 5.3 |
2020-04-15 | CVE-2020-2775 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). | 5.3 |
2020-04-15 | CVE-2020-2766 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 5.3 |
2020-04-15 | CVE-2020-2753 | Oracle | Unspecified vulnerability in Oracle Workflow Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer). | 5.3 |
2020-04-15 | CVE-2020-2752 | Oracle Mariadb Fedoraproject Opensuse Netapp | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). | 5.3 |
2020-04-15 | CVE-2020-7277 | Mcafee | Unspecified vulnerability in Mcafee Endpoint Security Protection mechanism failure in all processes in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the protection offered. | 5.3 |
2020-04-15 | CVE-2020-7275 | Mcafee | Unquoted Search Path or Element vulnerability in Mcafee Endpoint Security Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to execute arbitrary code via a carefully crafted input file. | 5.3 |
2020-04-14 | CVE-2020-6232 | SAP | Missing Authorization vulnerability in SAP Commerce Cloud 1811/1905 SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check. | 5.3 |
2020-04-14 | CVE-2020-7802 | S3India | Incorrect Default Permissions vulnerability in S3India Husky RTU 6049-E70 Firmware 5.0 The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Incorrect Default Permissions (CWE-276) vulnerability. | 5.3 |
2020-04-14 | CVE-2020-7801 | Mysyngeryss | Information Exposure vulnerability in Mysyngeryss Husky RTU 6049-E70 Firmware The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability. | 5.3 |
2020-04-14 | CVE-2020-10381 | Mbconnectline | SQL Injection vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24 An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. | 5.3 |
2020-04-13 | CVE-2020-1730 | Libssh Canonical Netapp Redhat Fedoraproject Oracle | NULL Pointer Dereference vulnerability in multiple products A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. | 5.3 |
2020-04-13 | CVE-2020-8148 | UI | Improper Authentication vulnerability in UI Cloud KEY Gen2 and Cloud KEY Gen2 Plus UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request. | 5.3 |
2020-04-16 | CVE-2019-20759 | Netgear | Cross-site Scripting vulnerability in Netgear R9000 Firmware NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS. | 5.2 |
2020-04-16 | CVE-2019-20743 | Netgear | Cross-site Scripting vulnerability in Netgear Wac510 Firmware NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS. | 5.2 |
2020-04-16 | CVE-2019-20742 | Netgear | Cross-site Scripting vulnerability in Netgear Wac510 Firmware NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS. | 5.2 |
2020-04-15 | CVE-2020-2934 | Oracle Fedoraproject Debian | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). | 5.0 |
2020-04-15 | CVE-2020-2912 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise CS Campus Community 9.2 Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Self-Service). | 5.0 |
2020-04-14 | CVE-2020-6218 | SAP | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to access information that should otherwise be restricted, leading to Information Disclosure. | 5.0 |
2020-04-16 | CVE-2020-7113 | Arubanetworks | Unspecified vulnerability in Arubanetworks Clearpass A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. | 4.9 |
2020-04-15 | CVE-2020-2928 | Oracle Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2020-04-15 | CVE-2020-2925 | Oracle Fedoraproject Netapp Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). | 4.9 |
2020-04-15 | CVE-2020-2924 | Oracle Fedoraproject Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2020-04-15 | CVE-2020-2923 | Oracle Fedoraproject Netapp Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2020-04-15 | CVE-2020-2904 | Oracle Fedoraproject Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2020-04-15 | CVE-2020-2903 | Oracle Fedoraproject Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). | 4.9 |
2020-04-15 | CVE-2020-2901 | Oracle Fedoraproject Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2020-04-15 | CVE-2020-2898 | Oracle Fedoraproject Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). | 4.9 |
2020-04-15 | CVE-2020-2897 | Oracle Fedoraproject Netapp Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2020-04-15 | CVE-2020-2896 | Oracle Fedoraproject Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). | 4.9 |
2020-04-15 | CVE-2020-2895 | Oracle Fedoraproject Netapp Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
2020-04-15 | CVE-2020-2893 | Oracle Fedoraproject Netapp Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
2020-04-15 | CVE-2020-2892 | Oracle Fedoraproject Netapp Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2020-04-15 | CVE-2020-2853 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). | 4.9 |
2020-04-15 | CVE-2020-2829 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Management Services). | 4.9 |
2020-04-15 | CVE-2020-2814 | Oracle Netapp Debian Fedoraproject Opensuse Mariadb | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
2020-04-15 | CVE-2020-2812 | Oracle Netapp Debian Fedoraproject Opensuse Canonical Mariadb | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). | 4.9 |
2020-04-15 | CVE-2020-2779 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). | 4.9 |
2020-04-15 | CVE-2020-2774 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). | 4.9 |
2020-04-15 | CVE-2020-2770 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). | 4.9 |
2020-04-15 | CVE-2020-2765 | Oracle Fedoraproject Netapp Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2020-04-15 | CVE-2020-2763 | Oracle Fedoraproject Netapp Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). | 4.9 |
2020-04-15 | CVE-2020-2762 | Oracle Fedoraproject Netapp Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
2020-04-15 | CVE-2020-2761 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). | 4.9 |
2020-04-15 | CVE-2020-2759 | Oracle Fedoraproject Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). | 4.9 |
2020-04-16 | CVE-2019-20752 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-16 | CVE-2019-20750 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-16 | CVE-2019-20749 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-16 | CVE-2019-20746 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by reflected XSS. | 4.8 |
2020-04-16 | CVE-2020-7110 | Arubanetworks | Cross-site Scripting vulnerability in Arubanetworks Clearpass ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. | 4.8 |
2020-04-16 | CVE-2019-20721 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-16 | CVE-2019-20720 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-16 | CVE-2019-20715 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-16 | CVE-2019-20714 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-20678 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-20677 | Netgear | Cross-site Scripting vulnerability in Netgear Rbk50 Firmware, Rbr50 Firmware and Rbs50 Firmware Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-20675 | Netgear | Cross-site Scripting vulnerability in Netgear Rbk50 Firmware, Rbr50 Firmware and Rbs50 Firmware Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-20674 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-20673 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-20672 | Netgear | Cross-site Scripting vulnerability in Netgear Rbk50 Firmware, Rbr50 Firmware and Rbs50 Firmware Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-20671 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-20670 | Netgear | Cross-site Scripting vulnerability in Netgear Rbk50 Firmware, Rbr50 Firmware and Rbs50 Firmware Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-20669 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-20668 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-20667 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-20666 | Netgear | Cross-site Scripting vulnerability in Netgear Rbk50 Firmware, Rbr50 Firmware and Rbs50 Firmware Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-20665 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-20664 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-20661 | Netgear | Cross-site Scripting vulnerability in Netgear Rbk50 Firmware, Rbr50 Firmware and Rbs50 Firmware Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-20660 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2020-5346 | EMC | Cross-site Scripting vulnerability in EMC RSA Authentication Manager RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. | 4.8 |
2020-04-15 | CVE-2020-3953 | Vmware | Improper Input Validation vulnerability in VMWare Vrealize LOG Insight Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. | 4.8 |
2020-04-15 | CVE-2020-11787 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-20645 | Netgear | Cross-site Scripting vulnerability in Netgear Rax40 Firmware NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-20644 | Netgear | Cross-site Scripting vulnerability in Netgear Rax40 Firmware NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-20639 | Netgear | Cross-site Scripting vulnerability in Netgear Rbk50 Firmware, Rbr50 Firmware and Rbs50 Firmware Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2020-11786 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2020-11785 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2020-11784 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2020-11783 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2020-11782 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2020-11781 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2020-11780 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2020-11779 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2019-4654 | IBM | Improper Certificate Validation vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | 4.8 |
2020-04-15 | CVE-2020-2899 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise SCM Purchasing 9.2 Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing). | 4.8 |
2020-04-15 | CVE-2020-2800 | Oracle Netapp Debian Fedoraproject Opensuse Canonical | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). | 4.8 |
2020-04-15 | CVE-2020-2767 | Oracle Netapp Debian Canonical Opensuse | Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). | 4.8 |
2020-04-15 | CVE-2020-2553 | Oracle | Unspecified vulnerability in Oracle Knowledge Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). | 4.8 |
2020-04-15 | CVE-2020-11778 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2020-11777 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by Stored XSS. | 4.8 |
2020-04-15 | CVE-2020-11776 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2020-11775 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2020-11774 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2020-11773 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2020-11772 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2020-11771 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2020-11769 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-15 | CVE-2020-11768 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by Stored XSS. | 4.8 |
2020-04-15 | CVE-2020-10951 | Westerndigital | Improper Restriction of Rendered UI Layers or Frames vulnerability in Westerndigital IBI and MY Cloud Home Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages. | 4.7 |
2020-04-15 | CVE-2020-0568 | Intel | Race Condition vulnerability in Intel Driver & Support Assistant Race condition in the Intel(R) Driver and Support Assistant before version 20.1.5 may allow an authenticated user to potentially enable denial of service via local access. | 4.7 |
2020-04-15 | CVE-2020-2886 | Oracle | Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). | 4.7 |
2020-04-15 | CVE-2020-2875 | Oracle Fedoraproject Debian | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). | 4.7 |
2020-04-15 | CVE-2020-2862 | Oracle | Unspecified vulnerability in Oracle One-To-One Fulfillment Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). | 4.7 |
2020-04-15 | CVE-2020-2810 | Oracle | Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). | 4.7 |
2020-04-15 | CVE-2020-2789 | Oracle | Unspecified vulnerability in Oracle Isupport Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: User Interface). | 4.7 |
2020-04-15 | CVE-2020-10932 | ARM Fedoraproject Debian | Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. | 4.7 |
2020-04-14 | CVE-2020-6214 | SAP | Incorrect Authorization vulnerability in SAP S/4Hana 100 SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. | 4.7 |
2020-04-15 | CVE-2020-0943 | Microsoft | Unspecified vulnerability in Microsoft Your Phone Companion An authentication bypass vulnerability exists in Microsoft YourPhoneCompanion application for Android, in the way the application processes notifications generated by work profiles.This could allow an unauthenticated attacker to view notifications, aka 'Microsoft YourPhone Application for Android Authentication Bypass Vulnerability'. | 4.6 |
2020-04-15 | CVE-2020-2740 | Oracle | Unspecified vulnerability in Oracle Access Manager 11.1.2.3.0/12.2.1.3.0 Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). | 4.6 |
2020-04-15 | CVE-2020-2514 | Oracle | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express component of Oracle Database Server. | 4.6 |
2020-04-16 | CVE-2019-20744 | Netgear | Unspecified vulnerability in Netgear Wac510 Firmware 1.3.0.10/5.0.0.17/5.0.5.4 NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of sensitive information. | 4.5 |
2020-04-15 | CVE-2019-12522 | Squid Cache | Improper Privilege Management vulnerability in Squid-Cache Squid An issue was discovered in Squid through 4.7. | 4.5 |
2020-04-17 | CVE-2020-0077 | Out-of-bounds Read vulnerability in Google Android In authorize_enroll of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2020-04-17 | CVE-2020-0075 | Out-of-bounds Read vulnerability in Google Android In set_shared_key of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. | 4.4 | |
2020-04-17 | CVE-2020-0068 | Integer Overflow or Wraparound vulnerability in Google Android In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds read due to an integer overflow. | 4.4 | |
2020-04-17 | CVE-2020-0067 | Google Canonical | Out-of-bounds Read vulnerability in multiple products In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. | 4.4 |
2020-04-16 | CVE-2019-20729 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 4.4 |
2020-04-15 | CVE-2020-2930 | Oracle Fedoraproject Canonical Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). | 4.4 |
2020-04-15 | CVE-2020-2926 | Oracle Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). | 4.4 |
2020-04-15 | CVE-2020-2921 | Oracle Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). | 4.4 |
2020-04-15 | CVE-2020-7255 | Mcafee | Improper Privilege Management vulnerability in Mcafee Endpoint Security Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface. | 4.4 |
2020-04-14 | CVE-2020-8316 | Lenovo | Unspecified vulnerability in Lenovo Vantage 10.2001.12.0/4.0.49.0 A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges. | 4.4 |
2020-04-16 | CVE-2020-2177 | Jenkins | Cleartext Storage of Sensitive Information vulnerability in Jenkins Copr 0.1/0.2/0.3 Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | 4.3 |
2020-04-16 | CVE-2020-4260 | IBM | Unspecified vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes. | 4.3 |
2020-04-15 | CVE-2020-11659 | Broadcom | Authorization Bypass Through User-Controlled Key vulnerability in Broadcom CA API Developer Portal CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action. | 4.3 |
2020-04-15 | CVE-2019-20663 | Netgear | Cross-site Scripting vulnerability in Netgear Rbk50 Firmware, Rbr50 Firmware and Rbs50 Firmware Certain NETGEAR devices are affected by stored XSS. | 4.3 |
2020-04-15 | CVE-2019-20662 | Netgear | Cross-site Scripting vulnerability in Netgear Rbk50 Firmware, Rbr50 Firmware and Rbs50 Firmware Certain NETGEAR devices are affected by stored XSS. | 4.3 |
2020-04-15 | CVE-2019-4593 | IBM | Information Exposure Through an Error Message vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that includes sensitive information that could be used in further attacks against the system. | 4.3 |
2020-04-15 | CVE-2020-2947 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Absence Management 9.2 Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft (component: Absence Management). | 4.3 |
2020-04-15 | CVE-2020-2869 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 4.3 |
2020-04-15 | CVE-2020-2745 | Oracle | Unspecified vulnerability in Oracle Access Manager 11.1.2.3.0/12.2.1.3.0 Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Federation). | 4.3 |
2020-04-15 | CVE-2020-2738 | Oracle | Unspecified vulnerability in Oracle Siebel UI Framework Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI, SWSE). | 4.3 |
2020-04-15 | CVE-2020-2522 | Oracle | Unspecified vulnerability in Oracle Knowledge 8.6.0/8.6.1 Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). | 4.3 |
2020-04-14 | CVE-2020-6233 | SAP | Missing Authorization vulnerability in SAP products SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system. | 4.3 |
2020-04-13 | CVE-2020-6442 | Google Debian Fedoraproject Opensuse | Exposure of Resource to Wrong Sphere vulnerability in multiple products Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 4.3 |
2020-04-13 | CVE-2020-6441 | Google Debian Fedoraproject Opensuse | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. | 4.3 |
2020-04-13 | CVE-2020-6440 | Google Debian Fedoraproject Opensuse | Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension. | 4.3 |
2020-04-13 | CVE-2020-6438 | Google Debian Fedoraproject Opensuse | Information Exposure Through an Error Message vulnerability in multiple products Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. | 4.3 |
2020-04-13 | CVE-2020-6437 | Google Debian Fedoraproject Opensuse | Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application. | 4.3 |
2020-04-13 | CVE-2020-6435 | Google Debian Fedoraproject Opensuse | Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | 4.3 |
2020-04-13 | CVE-2020-6433 | Google Debian Fedoraproject Opensuse | Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 4.3 |
2020-04-13 | CVE-2020-6432 | Google Debian Fedoraproject Opensuse | Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 4.3 |
2020-04-13 | CVE-2020-6431 | Google Debian Fedoraproject Opensuse | Incorrect Default Permissions vulnerability in multiple products Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page. | 4.3 |
2020-04-15 | CVE-2020-2777 | Oracle | Unspecified vulnerability in Oracle Hyperion Financial Management 11.1.2.4 Vulnerability in the Hyperion Financial Management product of Oracle Hyperion (component: Security). | 4.2 |
2020-04-15 | CVE-2020-2772 | Oracle | Unspecified vulnerability in Oracle Human Resources 12.2.6/12.2.7/12.2.9 Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Absence Recording, Maintenance). | 4.1 |