Weekly Vulnerabilities Reports > April 13 to 19, 2020

Overview

871 new vulnerabilities reported during this period, including 76 critical vulnerabilities and 149 high severity vulnerabilities. This weekly summary report vulnerabilities in 893 products from 115 vendors including Oracle, Netgear, Microsoft, Fedoraproject, and Opensuse. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Privilege Management", "Out-of-bounds Write", "Information Exposure", and "Improper Input Validation".

  • 613 reported vulnerabilities are remotely exploitables.
  • 190 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 572 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 229 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 23 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

76 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-04-17 CVE-2020-0073 Google Out-of-bounds Write vulnerability in Google Android

In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check.

10.0
2020-04-17 CVE-2020-0072 Google Out-of-bounds Write vulnerability in Google Android

In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check.

10.0
2020-04-17 CVE-2020-0071 Google Out-of-bounds Write vulnerability in Google Android

In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check.

10.0
2020-04-17 CVE-2020-0070 Google Out-of-bounds Write vulnerability in Google Android

In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check.

10.0
2020-04-17 CVE-2019-12002 HPE Unspecified vulnerability in HPE products

A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.

10.0
2020-04-16 CVE-2020-11811 Qdpm Unrestricted Upload of File with Dangerous Type vulnerability in Qdpm 9.1

In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value.

10.0
2020-04-16 CVE-2019-14134 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible out of bound access in WLAN handler when the received value of length in rx path is shorter than the expected value of country IE in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, QCA8081, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130

10.0
2020-04-16 CVE-2019-14132 Qualcomm Out-of-bounds Write vulnerability in Qualcomm Qcs605 Firmware, Sa6155P Firmware and Sm8150 Firmware

Buffer over-write when this 0-byte buffer is typecasted to some other structure and hence memory corruption in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SA6155P, SM8150

10.0
2020-04-16 CVE-2019-14131 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Out of bound write can occur in radio measurement request if STA receives multiple invalid rrm measurement request from AP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, MSM8998, Nicobar, QCA6574AU, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDM660, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

10.0
2020-04-16 CVE-2019-14127 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible buffer overflow while playing mkv clip due to lack of validation of atom size buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

10.0
2020-04-16 CVE-2019-14114 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Buffer overflow in WLAN firmware while parsing GTK IE containing GTK key having length more than the buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130

10.0
2020-04-16 CVE-2019-14113 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Buffer overflow can occur in In WLAN firmware while unwraping data using CCMP cipher suite during parsing of EAPOL handshake frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130

10.0
2020-04-16 CVE-2019-14112 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Potential buffer overflow while processing CBF frames due to lack of check of buffer length before copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ6018, IPQ8074, MSM8998, Nicobar, QCA8081, QCN7605, QCS404, QCS605, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130

10.0
2020-04-16 CVE-2019-14111 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible buffer overflow while handling NAN reception of NMF in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, Rennell, SC7180, SC8180X, SM6150, SM7150, SM8150, SXR2130

10.0
2020-04-16 CVE-2019-14110 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Buffer overflow can occur in function wlan firmware while copying association frame content if frame length is more than the maximum buffer size in case of SAP mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130

10.0
2020-04-16 CVE-2019-10609 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Out of bound write can happen due to lack of check of array index value while calculating it.

10.0
2020-04-16 CVE-2019-10589 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Lack of length check of response buffer can lead to buffer over-flow while GP command response buffer handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8017, APQ8053, APQ8098, MDM9206, MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660

10.0
2020-04-16 CVE-2019-10588 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Copying RTCP messages into the output buffer without checking the destination buffer size which could lead to a remote stack overflow.

10.0
2020-04-15 CVE-2020-3248 Cisco Path Traversal vulnerability in Cisco UCS Director and UCS Director Express FOR BIG Data

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.

10.0
2020-04-15 CVE-2020-3247 Cisco Path Traversal vulnerability in Cisco UCS Director and UCS Director Express FOR BIG Data

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.

10.0
2020-04-15 CVE-2020-3161 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition.

10.0
2020-04-15 CVE-2020-10511 Hgiga OS Command Injection vulnerability in Hgiga Oaklouds Ccm@Il

HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations.

10.0
2020-04-16 CVE-2020-7485 Schneider Electric Unspecified vulnerability in Schneider-Electric Tristation 1131

**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version v4.9.0 and earlier could cause improper access to the TriStation host machine.

9.8
2020-04-16 CVE-2020-1964 Apache Deserialization of Untrusted Data vulnerability in Apache Heron 0.20.0Incubating/0.20.1Incubating/0.20.2Incubating

It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-incubating, and Release v-0.20.0-incubating does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerabilities (CWE-502: Deserialization of Untrusted Data).

9.8
2020-04-15 CVE-2020-2915 Oracle Unspecified vulnerability in Oracle Coherence

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation).

9.8
2020-04-15 CVE-2020-2884 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

9.8
2020-04-15 CVE-2020-2883 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

9.8
2020-04-15 CVE-2020-2801 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

9.8
2020-04-14 CVE-2020-10383 Mbconnectline Unspecified vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0.

9.8
2020-04-16 CVE-2020-3653 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer over-read in windows wlan driver function due to lack of check of length of variable received from userspace in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180, SC8180X, SDM850

9.4
2020-04-16 CVE-2020-3652 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer over-read issue in windows x86 wlan driver function while processing beacon or request frame due to lack of check of length of variable received.

9.4
2020-04-16 CVE-2019-14033 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Multiple Read overflows issue due to improper length check while decoding tau reject/tau accept/detach request/attach reject/attach accept in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

9.4
2020-04-16 CVE-2019-14020 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Multiple Read overflows issue due to improper length check while decoding dedicated_eps_bearer_req/ act_def_context_req/ cs_serv_notification/ emm_info/ guti_realloc_cmd in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

9.4
2020-04-16 CVE-2019-14019 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Multiple Read overflows issue due to improper length check while decoding RAU accept/PDN disconnect Rej/Modify EPS ctxt req/bearer resource alloc Rej/Deact EPs bearer REq in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

9.4
2020-04-16 CVE-2019-14011 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Multiple Read overflows issue due to improper length check while decoding 3G attach accept/ SMS/ pdn connection reject/ esm data transport/ bearer modify context reject in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

9.4
2020-04-16 CVE-2019-10610 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer over read when trying to process SDP message Video media line with frame-size attribute in video Media line in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

9.4
2020-04-16 CVE-2019-10551 Qualcomm Unspecified vulnerability in Qualcomm products

String error while processing non standard SIP messages received can lead to buffer overread and then denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

9.4
2020-04-17 CVE-2020-0080 Google Improper Privilege Management vulnerability in Google Android 10.0

In onOpActiveChanged and related methods of AppOpsControllerImpl.java, there is a possible way to display an app overlaying other apps without the notification icon that it's overlaying.

9.3
2020-04-17 CVE-2020-7085 Autodesk Out-of-bounds Write vulnerability in Autodesk FBX Software Development KIT 2019.0/2019.2

A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution on a system running it.

9.3
2020-04-17 CVE-2020-7082 Autodesk Use After Free vulnerability in Autodesk FBX Software Development KIT 2019.0

A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to code execution on a system running it.

9.3
2020-04-17 CVE-2020-7081 Autodesk Type Confusion vulnerability in Autodesk FBX Software Development KIT

A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it.

9.3
2020-04-17 CVE-2020-7080 Autodesk Classic Buffer Overflow vulnerability in Autodesk FBX Software Development KIT 2019.0

A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it.

9.3
2020-04-15 CVE-2020-3194 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system.

9.3
2020-04-15 CVE-2020-1008 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2020-04-15 CVE-2020-0999 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2020-04-15 CVE-2020-0995 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2020-04-15 CVE-2020-0994 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2020-04-15 CVE-2020-0992 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2020-04-15 CVE-2020-0991 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office and Office 365 Proplus

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'.

9.3
2020-04-15 CVE-2020-0988 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2020-04-15 CVE-2020-0980 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.

9.3
2020-04-15 CVE-2020-0979 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office 365 Proplus

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

9.3
2020-04-15 CVE-2020-0967 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11/9

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.

9.3
2020-04-15 CVE-2020-0966 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11/9

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.

9.3
2020-04-15 CVE-2020-0964 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

9.3
2020-04-15 CVE-2020-0961 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office and Office 365 Proplus

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.

9.3
2020-04-15 CVE-2020-0960 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2020-04-15 CVE-2020-0959 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2020-04-15 CVE-2020-0953 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2020-04-15 CVE-2020-0950 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'.

9.3
2020-04-15 CVE-2020-0949 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'.

9.3
2020-04-15 CVE-2020-0948 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'.

9.3
2020-04-15 CVE-2020-0907 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.

9.3
2020-04-15 CVE-2020-0906 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Excel, Office and Office 365 Proplus

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

9.3
2020-04-15 CVE-2020-0889 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2020-04-15 CVE-2020-0687 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'.

9.3
2020-04-14 CVE-2020-6238 SAP XXE vulnerability in SAP Commerce Cloud

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation.

9.3
2020-04-15 CVE-2020-3251 Cisco Path Traversal vulnerability in Cisco UCS Director and UCS Director Express FOR BIG Data

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.

9.0
2020-04-15 CVE-2020-3239 Cisco Path Traversal vulnerability in Cisco UCS Director and UCS Director Express FOR BIG Data

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.

9.0
2020-04-15 CVE-2020-5350 Dell OS Command Injection vulnerability in Dell EMC Integrated Data Protection Appliance

Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component.

9.0
2020-04-15 CVE-2020-10512 Hgiga SQL Injection vulnerability in Hgiga Oaklouds Ccm@Il

HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands.

9.0
2020-04-14 CVE-2019-18822 Eleveo Improper Privilege Management vulnerability in Eleveo Call Recording 6.3.1

A privilege escalation vulnerability in ZOOM Call Recording 6.3.1 allows its user account (i.e., the account under which the program runs - by default, the callrec account) to elevate privileges to root by abusing the [email protected].

9.0
2020-04-14 CVE-2020-9004 Wowza Missing Authentication for Critical Function vulnerability in Wowza Streaming Engine

A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality.

9.0
2020-04-14 CVE-2020-5739 Grandstream Code Injection vulnerability in Grandstream products

Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface.

9.0
2020-04-14 CVE-2020-5738 Grandstream Link Following vulnerability in Grandstream products

Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface.

9.0
2020-04-13 CVE-2020-9478 Rubrik OS Command Injection vulnerability in Rubrik CDM 5.0.0/5.0.4/5.1.0

An issue was discovered in Rubrik 5.0.3-2296.

9.0

149 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-04-17 CVE-2020-9523 Microfocus Insufficiently Protected Credentials vulnerability in Microfocus Enterprise Developer

Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6.

8.8
2020-04-17 CVE-2020-11793 Wpewebkit
Webkitgtk
Canonical
Fedoraproject
Opensuse
Use After Free vulnerability in multiple products

A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).

8.8
2020-04-16 CVE-2020-2180 Jenkins Deserialization of Untrusted Data vulnerability in Jenkins Amazon web Services Serverless Application Model 1.2.2

Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.

8.8
2020-04-16 CVE-2020-2179 Jenkins Deserialization of Untrusted Data vulnerability in Jenkins Yaml Axis

Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.

8.8
2020-04-16 CVE-2020-11825 Dolibarr Cross-Site Request Forgery (CSRF) vulnerability in Dolibarr Erp/Crm 10.0.6

In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks.

8.8
2020-04-15 CVE-2020-0971 Microsoft Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.

8.8
2020-04-14 CVE-2020-9384 Subex Authorization Bypass Through User-Controlled Key vulnerability in Subex ROC Partner Settlement 10.5

An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex ROC Partner Settlement 10.5 allows remote authenticated users to achieve account takeover via manipulation of POST parameters.

8.8
2020-04-14 CVE-2020-10382 Mbconnectline Unspecified vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0.

8.8
2020-04-14 CVE-2020-11741 XEN
Fedoraproject
Debian
Opensuse
Missing Initialization of Resource vulnerability in multiple products

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges.

8.8
2020-04-13 CVE-2020-6455 Google
Debian
Fedoraproject
Opensuse
Out-of-bounds Read vulnerability in multiple products

Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-04-13 CVE-2020-6454 Google
Fedoraproject
Debian
Opensuse
Use After Free vulnerability in multiple products

Use after free in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

8.8
2020-04-13 CVE-2020-6452 Google
Fedoraproject
Opensuse
Out-of-bounds Write vulnerability in multiple products

Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-04-13 CVE-2020-6451 Google
Fedoraproject
Opensuse
Use After Free vulnerability in multiple products

Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-04-13 CVE-2020-6450 Google
Fedoraproject
Opensuse
Use After Free vulnerability in multiple products

Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-04-13 CVE-2020-6448 Google
Fedoraproject
Debian
Opensuse
Use After Free vulnerability in multiple products

Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-04-13 CVE-2020-6447 Google
Debian
Fedoraproject
Opensuse
Out-of-bounds Write vulnerability in multiple products

Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-04-13 CVE-2020-6443 Google
Debian
Fedoraproject
Opensuse
Insufficient Verification of Data Authenticity vulnerability in multiple products

Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page.

8.8
2020-04-13 CVE-2020-6439 Google
Debian
Fedoraproject
Opensuse
Incorrect Default Permissions vulnerability in multiple products

Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.

8.8
2020-04-13 CVE-2020-6436 Google
Fedoraproject
Debian
Opensuse
Use After Free vulnerability in multiple products

Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-04-13 CVE-2020-6434 Google
Fedoraproject
Debian
Opensuse
Use After Free vulnerability in multiple products

Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-04-13 CVE-2020-6430 Google
Fedoraproject
Debian
Opensuse
Type Confusion vulnerability in multiple products

Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-04-13 CVE-2020-6423 Google
Fedoraproject
Opensuse
Debian
Use After Free vulnerability in multiple products

Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2020-04-15 CVE-2020-3240 Cisco Improper Input Validation vulnerability in Cisco UCS Director and UCS Director Express FOR BIG Data

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.

8.5
2020-04-14 CVE-2020-7800 Mysyngeryss Improper Check for Unusual or Exceptional Conditions vulnerability in Mysyngeryss Husky RTU 6049-E70 Firmware

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability.

8.5
2020-04-15 CVE-2020-2805 Oracle
Netapp
Debian
Fedoraproject
Opensuse
Canonical
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries).
8.3
2020-04-15 CVE-2020-2803 Oracle
Netapp
Debian
Fedoraproject
Opensuse
Canonical
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries).
8.3
2020-04-17 CVE-2020-0081 Google
Fedoraproject
Double Free vulnerability in multiple products

In finalize of AssetManager.java, there is possible memory corruption due to a double free.

7.8
2020-04-17 CVE-2020-11875 Google Improper Handling of Exceptional Conditions vulnerability in Google Android

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) software.

7.8
2020-04-16 CVE-2020-3651 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Active command timeout since WM status change cmd is not removed from active queue if peer sends multiple deauth frames.

7.8
2020-04-16 CVE-2019-14022 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Error occurs While extracting the ipv6_header having an invalid length due to lack of length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8096AU, MDM9205, MDM9206, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

7.8
2020-04-16 CVE-2019-14012 Qualcomm NULL Pointer Dereference vulnerability in Qualcomm products

Possibility of null pointer deference as the array of video codecs from media info is referenced without null checking while processing SDP messages in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, Rennell, SC7180, SC8180X, SDA845, SDM429, SDM439, SDM450, SDM632, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150

7.8
2020-04-15 CVE-2020-3249 Cisco Path Traversal vulnerability in Cisco UCS Director and UCS Director Express FOR BIG Data

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.

7.8
2020-04-15 CVE-2020-1632 Juniper Improper Handling of Exceptional Conditions vulnerability in Juniper Junos

In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition.

7.8
2020-04-15 CVE-2020-1027 Microsoft Out-of-bounds Write vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

7.8
2020-04-15 CVE-2020-10699 Targetcli FB Project Incorrect Permission Assignment for Critical Resource vulnerability in Targetcli-Fb Project Targetcli-Fb 2.1.50/2.1.51

A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targetclid was world-writable.

7.8
2020-04-15 CVE-2020-7250 Mcafee Link Following vulnerability in Mcafee Endpoint Security

Symbolic link manipulation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows authenticated local user to potentially gain an escalation of privileges by pointing the link to files which the user which not normally have permission to alter via carefully creating symbolic links from the ENS log file directory.

7.8
2020-04-15 CVE-2020-7274 Mcafee Improper Privilege Management vulnerability in Mcafee Endpoint Security

Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges).

7.8
2020-04-15 CVE-2020-7259 Mcafee Improper Privilege Management vulnerability in Mcafee Endpoint Security

Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to bypass local security protection via a carefully crafted input file

7.8
2020-04-14 CVE-2020-11739 XEN
Fedoraproject
Debian
Opensuse
Race Condition vulnerability in multiple products

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths.

7.8
2020-04-15 CVE-2020-0910 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.

7.7
2020-04-15 CVE-2020-0970 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.6
2020-04-15 CVE-2020-0969 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.

7.6
2020-04-15 CVE-2020-0968 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11/9

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.6
2020-04-15 CVE-2020-0895 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11/9

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'.

7.6
2020-04-19 CVE-2019-20786 Pion Improper Authentication vulnerability in Pion Dtls

handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion.

7.5
2020-04-17 CVE-2019-6203 Apple Improper Input Validation vulnerability in Apple Iphone OS

A logic issue was addressed with improved state management.

7.5
2020-04-17 CVE-2020-11878 Jitsi Use of Hard-coded Credentials vulnerability in Jitsi Meet

The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts.

7.5
2020-04-17 CVE-2020-11877 Zoom Use of Insufficiently Random Values vulnerability in Zoom Meetings 4.6.11

airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption.

7.5
2020-04-17 CVE-2020-11876 Zoom Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zoom Meetings 4.6.11

airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context.

7.5
2020-04-17 CVE-2020-11873 Google Out-of-bounds Write vulnerability in Google Android

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software.

7.5
2020-04-17 CVE-2019-20782 Google Classic Buffer Overflow vulnerability in Google Android

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software.

7.5
2020-04-17 CVE-2019-20780 Google Improper Input Validation vulnerability in Google Android

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software.

7.5
2020-04-17 CVE-2019-20778 Google Improper Input Validation vulnerability in Google Android

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software.

7.5
2020-04-17 CVE-2019-20777 Google
LG
Unspecified vulnerability in Google Android

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software.

7.5
2020-04-17 CVE-2019-20772 Google Incorrect Authorization vulnerability in Google Android

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software.

7.5
2020-04-17 CVE-2020-10211 Mitel Improper Input Validation vulnerability in Mitel Mivoice Connect and Mivoice Connect Client

A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 could allow an unauthenticated remote attacker to execute arbitrary scripts due to insufficient validation of URL parameters.

7.5
2020-04-16 CVE-2019-20730 Netgear SQL Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by SQL injection.

7.5
2020-04-16 CVE-2020-7224 Aviatrix Unspecified vulnerability in Aviatrix Openvpn

The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load.

7.5
2020-04-16 CVE-2020-7114 Arubanetworks Missing Authentication for Critical Function vulnerability in Arubanetworks Clearpass

A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' management interface, to make changes to certain databases in ClearPass by crafting HTTP packets.

7.5
2020-04-16 CVE-2020-11820 Rukovoditel SQL Injection vulnerability in Rukovoditel 2.5.2

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entities_id parameter.

7.5
2020-04-16 CVE-2020-11819 Rukovoditel Improper Input Validation vulnerability in Rukovoditel 2.5.2

In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution.

7.5
2020-04-16 CVE-2020-11816 Rukovoditel SQL Injection vulnerability in Rukovoditel 2.5.2

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reports_id (POST) parameter.

7.5
2020-04-16 CVE-2020-11812 Rukovoditel SQL Injection vulnerability in Rukovoditel 2.5.2

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters[0][value] or filters[1][value] parameter.

7.5
2020-04-16 CVE-2019-20699 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

7.5
2020-04-16 CVE-2020-4347 IBM Improper Privilege Management vulnerability in IBM Infosphere Information Server 11.3/11.5/11.7

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subject to attacks based on privilege escalation due to inappropriate file permissions for files used by WebSphere Application Server Network Deployment.

7.5
2020-04-15 CVE-2020-3250 Cisco Improper Privilege Management vulnerability in Cisco UCS Director and UCS Director Express FOR BIG Data

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.

7.5
2020-04-15 CVE-2020-3243 Cisco Improper Privilege Management vulnerability in Cisco UCS Director and UCS Director Express FOR BIG Data

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.

7.5
2020-04-15 CVE-2020-11658 Broadcom Authorization Bypass Through User-Controlled Key vulnerability in Broadcom CA API Developer Portal

CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization.

7.5
2020-04-15 CVE-2019-20679 Netgear Improper Input Validation vulnerability in Netgear Mr1100 Firmware 12.05.05.00/12.06.03

NETGEAR MR1100 devices before 12.06.08.00 are affected by lack of access control at the function level.

7.5
2020-04-15 CVE-2019-12519 Squid Cache
Debian
Canonical
Opensuse
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in Squid through 4.7.

7.5
2020-04-15 CVE-2020-6996 Trianglemicroworks Out-of-bounds Write vulnerability in Trianglemicroworks Dnp3 Source Code Library

Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Protocol components and DNP3 Outstation ANSI C source code libraries are affected:3.16.00 through 3.25.01.

7.5
2020-04-15 CVE-2020-11799 Z Cron Improper Privilege Management vulnerability in Z-Cron 5.6

Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privileges by modifying a privileged user's task.

7.5
2020-04-15 CVE-2020-10611 Trianglemicroworks Type Confusion vulnerability in Trianglemicroworks Scada Data Gateway

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition.

7.5
2020-04-15 CVE-2019-12524 Squid Cache
Debian
Canonical
Missing Authentication for Critical Function vulnerability in multiple products

An issue was discovered in Squid through 4.7.

7.5
2020-04-15 CVE-2020-11790 Netgear Improper Input Validation vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers.

7.5
2020-04-15 CVE-2020-11789 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

7.5
2020-04-15 CVE-2020-11729 Davical
Debian
Session Fixation vulnerability in multiple products

An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60.

7.5
2020-04-15 CVE-2020-11537 Onlyoffice SQL Injection vulnerability in Onlyoffice Document Server 5.5.0

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0.

7.5
2020-04-15 CVE-2020-11536 Onlyoffice Improper Input Validation vulnerability in Onlyoffice Document Server 5.5.0

An issue was discovered in ONLYOFFICE Document Server 5.5.0.

7.5
2020-04-15 CVE-2020-11535 Onlyoffice XML Injection (aka Blind XPath Injection) vulnerability in Onlyoffice Document Server 5.5.0

An issue was discovered in ONLYOFFICE Document Server 5.5.0.

7.5
2020-04-15 CVE-2020-11534 Onlyoffice Improper Input Validation vulnerability in Onlyoffice Document Server 5.5.0

An issue was discovered in ONLYOFFICE Document Server 5.5.0.

7.5
2020-04-15 CVE-2020-1026 Microsoft Incorrect Calculation vulnerability in Microsoft Research Javascript Cryptography Library 1.4

A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to learn information about a server’s private ECC key (a key leakage attack) or craft an invalid ECDSA signature that nevertheless passes as valid.The security update addresses the vulnerability by fixing the bugs disclosed in the ECC implementation, aka 'MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability'.

7.5
2020-04-15 CVE-2020-2961 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 13.2.0.0/13.3.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (Oracle OHS)).

7.5
2020-04-15 CVE-2020-2953 Oracle Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 18.0

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions).

7.5
2020-04-15 CVE-2020-2950 Oracle Unspecified vulnerability in Oracle Business Intelligence

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General).

7.5
2020-04-15 CVE-2020-2931 Oracle Unspecified vulnerability in Oracle Knowledge

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter).

7.5
2020-04-15 CVE-2020-2828 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services).

7.5
2020-04-15 CVE-2020-2791 Oracle Unspecified vulnerability in Oracle Knowledge 8.6.0/8.6.1/8.6.2

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console).

7.5
2020-04-15 CVE-2020-2784 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

7.5
2020-04-15 CVE-2020-2733 Oracle Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools 9.2

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics).

7.5
2020-04-15 CVE-2020-10507 THE School Manage System Project Unrestricted Upload of File with Dangerous Type vulnerability in the School Manage System Project the School Manage System

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting machine.

7.5
2020-04-15 CVE-2020-10505 THE School Manage System Project SQL Injection vulnerability in the School Manage System Project the School Manage System

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password.

7.5
2020-04-14 CVE-2020-5260 GIT
GIT SCM
Debian
Canonical
Fedoraproject
Opensuse
Insufficiently Protected Credentials vulnerability in multiple products

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker.

7.5
2020-04-14 CVE-2019-19300 Siemens Resource Exhaustion vulnerability in Siemens products

A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), KTK ATE530S (All versions), SIDOOR ATD430W (All versions), SIDOOR ATE530S COATED (All versions), SIDOOR ATE531S (All versions), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl.

7.5
2020-04-14 CVE-2019-16879 Mysyngeryss Missing Authentication for Critical Function vulnerability in Mysyngeryss Husky RTU 6049-E70 Firmware

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function (CWE-306) vulnerability.

7.5
2020-04-13 CVE-2020-11738 Snapcreek Path Traversal vulnerability in Snapcreek Duplicator

The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.

7.5
2020-04-13 CVE-2020-11673 Total Soft Improper Authentication vulnerability in Total-Soft Responsive Poll

An issue was discovered in the Responsive Poll through 1.3.4 for Wordpress.

7.5
2020-04-13 CVE-2020-11732 Davidlingren Unspecified vulnerability in Davidlingren Media Library Assistant

The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download.

7.5
2020-04-15 CVE-2020-0918 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka 'Windows Hyper-V Elevation of Privilege Vulnerability'.

7.4
2020-04-15 CVE-2020-0917 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka 'Windows Hyper-V Elevation of Privilege Vulnerability'.

7.4
2020-04-15 CVE-2020-2787 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

7.3
2020-04-15 CVE-2020-2786 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

7.3
2020-04-15 CVE-2020-2785 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

7.3
2020-04-17 CVE-2020-0082 Google Deserialization of Untrusted Data vulnerability in Google Android 10.0

In ExternalVibration of ExternalVibration.java, there is a possible activation of an arbitrary intent due to unsafe deserialization.

7.2
2020-04-17 CVE-2019-20773 Google Injection vulnerability in Google Android

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software.

7.2
2020-04-16 CVE-2019-14135 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible integer overflow to buffer overflow in WLAN while parsing nonstandard NAN IE messages.

7.2
2020-04-16 CVE-2019-14122 Qualcomm Improper Handling of Exceptional Conditions vulnerability in Qualcomm products

Memory failure in SKB if it fails to to add the requested padding to the skb in low memory targets or targets with major memory fragmentation in Snapdragon Auto, Snapdragon Mobile in Saipan, SM8150, SM8250, SXR2130

7.2
2020-04-16 CVE-2019-14116 Qualcomm Missing Authorization vulnerability in Qualcomm Ipq6018 Firmware

Privilege escalation by using an altered debug policy image can occur as the XPU protecting the debug policy regions are disabled during the crash dump boot flow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018

7.2
2020-04-16 CVE-2019-14105 Qualcomm Out-of-bounds Write vulnerability in Qualcomm Sda845 Firmware, Sdm845 Firmware and Sm8150 Firmware

Kernel was reading the CSL defined reserved field as uint16 instead of uint32 which could lead to memory overflow in Snapdragon Industrial IOT, Snapdragon Mobile in SDA845, SDM845, SM8150

7.2
2020-04-16 CVE-2019-14021 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible buffer overrun when processing EFS filename and payload sent over diag interface due to lack of check for filename length and payload size received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

7.2
2020-04-16 CVE-2019-14018 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Possible out of bound array access as there is no check on carrier index passed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

7.2
2020-04-16 CVE-2019-14009 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Out of bound memory access while processing TZ command handler due to improper input validation on response length received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, MDM9150, MDM9607, MDM9650, MSM8905, MSM8909, MSM8998, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDM850, SXR2130

7.2
2020-04-16 CVE-2019-10575 Qualcomm Improper Verification of Cryptographic Signature vulnerability in Qualcomm Sda845 Firmware, Sdm845 Firmware and Sdm850 Firmware

Wlan binary which is not signed with OEMs RoT is working on secure device without authentication failure in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in SDA845, SDM845, SDM850

7.2
2020-04-15 CVE-2020-8948 Sierrawireless Improper Privilege Management vulnerability in Sierrawireless Mobile Broadband Driver Package

The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links.

7.2
2020-04-15 CVE-2020-1094 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-1029 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-1017 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-1015 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-1014 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges, aka 'Microsoft Windows Update Client Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-1011 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows System Assessment Tool improperly handles file operations, aka 'Windows Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-1009 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations, aka 'Windows Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-1006 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-1004 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-1003 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-1001 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-1000 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-0996 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-0985 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-0983 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-0958 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-0957 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Windows 7 and Windows Server 2008

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-0956 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-0940 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-0913 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-0888 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-0835 Microsoft Improper Privilege Management vulnerability in Microsoft Windows Defender

An elevation of privilege vulnerability exists when Windows Defender antimalware platform improperly handles hard links, aka 'Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-0784 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.

7.2
2020-04-15 CVE-2020-2963 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services).

7.2
2020-04-15 CVE-2020-2944 Oracle Classic Buffer Overflow vulnerability in Oracle Solaris 10/11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment).

7.2
2020-04-15 CVE-2020-2798 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services).

7.2
2020-04-14 CVE-2020-8327 Lenovo Improper Privilege Management vulnerability in Lenovo Vantage 10.2001.12.0

A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges.

7.2
2020-04-14 CVE-2020-8319 Lenovo Improper Privilege Management vulnerability in Lenovo System Interface Foundation 1.0.66.0/1.1.18.3

A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges.

7.2
2020-04-14 CVE-2020-8318 Lenovo Improper Privilege Management vulnerability in Lenovo System Interface Foundation

A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges.

7.2
2020-04-14 CVE-2019-14326 Andyroid Incorrect Default Permissions vulnerability in Andyroid Andy OS 46.11.113

An issue was discovered in AndyOS Andy versions up to 46.11.113.

7.2
2020-04-14 CVE-2020-10384 Mbconnectline Improper Privilege Management vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1.

7.2
2020-04-13 CVE-2020-10642 Rockwellautomation Incorrect Permission Assignment for Critical Resource vulnerability in Rockwellautomation Rslinx Classic 4.11.00

In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic.

7.2
2020-04-17 CVE-2019-12001 HPE Insufficient Session Expiration vulnerability in HPE products

A remote session reuse vulnerability leading to access restriction bypass was discovered in HPE MSA 2040 SAN Storage; HPE MSA 1040 SAN Storage; HPE MSA 1050 SAN Storage; HPE MSA 2042 SAN Storage; HPE MSA 2050 SAN Storage; HPE MSA 2052 SAN Storage version(s): GL225P001 and earlier; GL225P001 and earlier; VE270R001-01 and earlier; GL225P001 and earlier; VL270R001-01 and earlier; VL270R001-01 and earlier.

7.1
2020-04-16 CVE-2020-2178 Jenkins XXE vulnerability in Jenkins Parasoft Findings

Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

7.1
2020-04-17 CVE-2020-1751 GNU
Redhat
Canonical
Out-of-bounds Write vulnerability in multiple products

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC.

7.0

482 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-04-16 CVE-2019-14070 Qualcomm Use After Free vulnerability in Qualcomm products

Possible use after free issue in pcm volume controls due to race condition exist in private data used in mixer controls in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

6.9
2020-04-16 CVE-2020-11818 Rukovoditel Cross-Site Request Forgery (CSRF) vulnerability in Rukovoditel 2.5.2

In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF attacks.

6.8
2020-04-16 CVE-2020-11815 Rukovoditel Unrestricted Upload of File with Dangerous Type vulnerability in Rukovoditel 2.5.2

In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value.

6.8
2020-04-16 CVE-2019-20691 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

Certain NETGEAR devices are affected by CSRF.

6.8
2020-04-15 CVE-2020-10639 Eaton Classic Buffer Overflow vulnerability in Eaton Hmisoft VU3 Firmware 3.00.23

Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues.

6.8
2020-04-15 CVE-2020-1020 Microsoft Out-of-bounds Write vulnerability in Microsoft products

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'.

6.8
2020-04-15 CVE-2020-0993 Microsoft Resource Exhaustion vulnerability in Microsoft products

A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'.

6.8
2020-04-15 CVE-2020-0938 Microsoft Improper Input Validation vulnerability in Microsoft products

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'.

6.8
2020-04-15 CVE-2020-0760 Microsoft Improper Input Validation vulnerability in Microsoft products

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'.

6.8
2020-04-15 CVE-2020-2782 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query).

6.8
2020-04-14 CVE-2019-10939 Siemens Improper Input Validation vulnerability in Siemens products

A vulnerability has been identified in TIM 3V-IE (incl.

6.8
2020-04-14 CVE-2019-11480 Canonical Insufficient Verification of Data Authenticity vulnerability in Canonical C-Kernel

The pc-kernel snap build process hardcoded the --allow-insecure-repositories and --allow-unauthenticated apt options when creating the build chroot environment.

6.8
2020-04-13 CVE-2020-10646 Fujielectric Out-of-bounds Write vulnerability in Fujielectric V-Server 4.0.3.0

Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow.

6.8
2020-04-13 CVE-2020-1759 Redhat
Linuxfoundation
Fedoraproject
Reusing a Nonce, Key Pair in Encryption vulnerability in multiple products

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session.

6.8
2020-04-15 CVE-2020-7276 Mcafee Improper Authentication vulnerability in Mcafee Endpoint Security

Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool.

6.7
2020-04-16 CVE-2019-14104 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Slab-out-of-bounds access can occur if the context pointer is invalid due to lack of null check on pointer before accessing it in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, SC8180X, SDX55, SM8150

6.6
2020-04-15 CVE-2020-1002 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.

6.6
2020-04-17 CVE-2020-11885 Wso2 XXE vulnerability in Wso2 Enterprise Integrator

WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded file.

6.5
2020-04-17 CVE-2020-10947 Sophos Improper Privilege Management vulnerability in Sophos products

Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation.

6.5
2020-04-16 CVE-2020-7111 Arubanetworks Injection vulnerability in Arubanetworks Clearpass

A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass.

6.5
2020-04-15 CVE-2020-11666 Broadcom Improper Privilege Management vulnerability in Broadcom CA API Developer Portal

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows malicious users to elevate privileges.

6.5
2020-04-15 CVE-2019-20681 Netgear Improper Authentication vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

6.5
2020-04-15 CVE-2019-20659 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

6.5
2020-04-15 CVE-2019-20657 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user.

6.5
2020-04-15 CVE-2020-4294 IBM Server-Side Request Forgery (SSRF) vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF).

6.5
2020-04-15 CVE-2020-4272 IBM Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files.

6.5
2020-04-15 CVE-2020-4271 IBM Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user.

6.5
2020-04-15 CVE-2020-0974 Microsoft Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.

6.5
2020-04-15 CVE-2020-0932 Microsoft Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.

6.5
2020-04-15 CVE-2020-0931 Microsoft Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.

6.5
2020-04-15 CVE-2020-0929 Microsoft Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.

6.5
2020-04-15 CVE-2020-0920 Microsoft Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.

6.5
2020-04-15 CVE-2020-2955 Oracle Unspecified vulnerability in Oracle Flexcube Core Banking 4.0

Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Financial Services Applications (component: Transaction Processing).

6.5
2020-04-15 CVE-2020-2946 Oracle Unspecified vulnerability in Oracle Application Performance Management 12.1.0.5/13.2.0.0/13.3.0.0

Vulnerability in the Application Performance Management product of Oracle Enterprise Manager (component: EM Request Monitoring).

6.5
2020-04-15 CVE-2020-2780 Oracle
Fedoraproject
Canonical
Netapp
Mariadb
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).
6.5
2020-04-15 CVE-2020-11770 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

6.5
2020-04-15 CVE-2019-2880 Oracle Unspecified vulnerability in Oracle Retail Store Inventory Management 16.0

Vulnerability in the Oracle Retail Store Inventory Management product of Oracle Retail Applications (component: Security).

6.5
2020-04-15 CVE-2019-20767 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.5
2020-04-15 CVE-2020-7278 Mcafee Missing Authorization vulnerability in Mcafee Endpoint Security

Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules not being handled correctly when updating to the February 2020 updates.

6.5
2020-04-15 CVE-2020-10514 Icatchinc Command Injection vulnerability in Icatchinc DVR Firmware

iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command.

6.5
2020-04-14 CVE-2020-6225 SAP Path Traversal vulnerability in SAP products

SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal.

6.5
2020-04-14 CVE-2020-6236 SAP Improper Privilege Management vulnerability in SAP Adaptive Extensions and Landscape Management

SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely.

6.5
2020-04-14 CVE-2020-6234 SAP Unspecified vulnerability in SAP Host Agent 7.21

SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation.

6.5
2020-04-14 CVE-2020-6230 SAP Code Injection vulnerability in SAP Orientdb 3.0

SAP OrientDB, version 3.0, allows an authenticated attacker with script execute/write permissions to inject code that can be executed by the application and lead to Code Injection.

6.5
2020-04-14 CVE-2020-6219 SAP Deserialization of Untrusted Data vulnerability in SAP products

SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data.

6.5
2020-04-14 CVE-2020-6214 SAP Incorrect Authorization vulnerability in SAP S/4Hana 100

SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports.

6.5
2020-04-13 CVE-2020-6456 Google
Debian
Fedoraproject
Opensuse
Incorrect Default Permissions vulnerability in multiple products

Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents.

6.5
2020-04-13 CVE-2020-6446 Google
Debian
Fedoraproject
Opensuse
Incorrect Default Permissions vulnerability in multiple products

Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.

6.5
2020-04-13 CVE-2020-6445 Google
Debian
Fedoraproject
Opensuse
Incorrect Default Permissions vulnerability in multiple products

Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page.

6.5
2020-04-19 CVE-2020-11895 Libming Out-of-bounds Read vulnerability in Libming 0.4.8

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) in the function decompileIF() in decompile.c.

6.4
2020-04-19 CVE-2020-11894 Libming Out-of-bounds Read vulnerability in Libming 0.4.8

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) in the function decompileIF() in decompile.c.

6.4
2020-04-17 CVE-2020-11880 KDE Unspecified vulnerability in KDE Kmail

An issue was discovered in KDE KMail before 19.12.3.

6.4
2020-04-17 CVE-2019-20783 Google Improper Authentication vulnerability in Google Android

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (North America CDMA) software.

6.4
2020-04-15 CVE-2020-2952 Oracle Unspecified vulnerability in Oracle Http Server 11.1.1.9.0

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener).

6.4
2020-04-15 CVE-2020-2867 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.1.3.0.0/12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container).

6.4
2020-04-15 CVE-2020-7257 Mcafee Improper Privilege Management vulnerability in Mcafee Endpoint Security

Privilege escalation vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to cause the deletion and creation of files they would not normally have permission to through altering the target of symbolic links whilst an anti-virus scan was in progress.

6.3
2020-04-13 CVE-2020-6444 Google
Fedoraproject
Debian
Opensuse
Use of Uninitialized Resource vulnerability in multiple products

Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.3
2020-04-14 CVE-2020-6217 SAP Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

6.1
2020-04-14 CVE-2020-6215 SAP Open Redirect vulnerability in SAP Netweaver AS Abap Business Server Pages

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.

6.1
2020-04-13 CVE-2020-11731 Davidlingren Cross-site Scripting vulnerability in Davidlingren Media Library Assistant

The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript.

6.1
2020-04-15 CVE-2020-1022 Microsoft Injection vulnerability in Microsoft Dynamics 365 Business Central and Dynamics NAV

A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.

6.0
2020-04-15 CVE-2020-2894 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
6.0
2020-04-15 CVE-2020-2795 Oracle Unspecified vulnerability in Oracle Knowledge 8.6.0/8.6.1/8.6.2

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console).

6.0
2020-04-15 CVE-2020-2594 Oracle Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Project Manager).

6.0
2020-04-15 CVE-2020-2804 Oracle
Fedoraproject
Canonical
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached).
5.9
2020-04-17 CVE-2020-5733 Openmrs Open Redirect vulnerability in Openmrs

In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it.

5.8
2020-04-17 CVE-2020-5732 Openmrs Open Redirect vulnerability in Openmrs

In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it.

5.8
2020-04-16 CVE-2019-20760 Netgear Unspecified vulnerability in Netgear R9000 Firmware

NETGEAR R9000 devices before 1.0.4.26 are affected by authentication bypass.

5.8
2020-04-16 CVE-2019-20753 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-16 CVE-2019-20739 Netgear Classic Buffer Overflow vulnerability in Netgear R8500 Firmware

NETGEAR R8500 devices before v1.0.2.128 are affected by a buffer overflow by an unauthenticated attacker.

5.8
2020-04-16 CVE-2019-20734 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

5.8
2020-04-16 CVE-2020-11814 Qdpm Injection vulnerability in Qdpm 9.1

A Host Header Injection vulnerability in qdPM 9.1 may allow an attacker to spoof a particular header and redirect users to malicious websites.

5.8
2020-04-16 CVE-2019-20697 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-16 CVE-2019-20690 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

5.8
2020-04-16 CVE-2019-20686 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

5.8
2020-04-16 CVE-2019-20685 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-16 CVE-2019-20684 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-16 CVE-2019-20683 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-16 CVE-2019-20682 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-15 CVE-2020-11665 Broadcom Open Redirect vulnerability in Broadcom CA API Developer Portal

CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.

5.8
2020-04-15 CVE-2020-11664 Broadcom Open Redirect vulnerability in Broadcom CA API Developer Portal

CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.

5.8
2020-04-15 CVE-2020-11663 Broadcom Open Redirect vulnerability in Broadcom CA API Developer Portal

CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks.

5.8
2020-04-15 CVE-2020-3954 Vmware Open Redirect vulnerability in VMWare Vrealize LOG Insight

Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.

5.8
2020-04-15 CVE-2020-11788 Netgear Improper Authentication vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

5.8
2020-04-15 CVE-2019-20641 Netgear Unspecified vulnerability in Netgear Rax40 Firmware 1.0.3.62

NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access control at the function level.

5.8
2020-04-15 CVE-2019-20640 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.8
2020-04-15 CVE-2020-0578 Intel Improper Privilege Management vulnerability in Intel Compute Module Mfs2600Ki Firmware

Improper conditions check for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

5.8
2020-04-15 CVE-2020-0577 Intel Improper Privilege Management vulnerability in Intel Compute Module Mfs2600Ki Firmware

Insufficient control flow for Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

5.8
2020-04-15 CVE-2019-4654 IBM
Linux
Improper Certificate Validation vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.

5.8
2020-04-15 CVE-2020-2954 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Candidate Gateway 9.2

Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle PeopleSoft (component: Candidate Gateway).

5.8
2020-04-15 CVE-2020-2920 Oracle Unspecified vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.3/9.3.5/9.3.6

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security).

5.8
2020-04-15 CVE-2020-2890 Oracle Unspecified vulnerability in Oracle Applications Framework

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics).

5.8
2020-04-15 CVE-2020-2885 Oracle Unspecified vulnerability in Oracle Document Management and Collaboration

Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite (component: Attachments).

5.8
2020-04-15 CVE-2020-2881 Oracle Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

5.8
2020-04-15 CVE-2020-2880 Oracle Unspecified vulnerability in Oracle Learning Management

Vulnerability in the Oracle Learning Management product of Oracle E-Business Suite (component: OTA Training Activities).

5.8
2020-04-15 CVE-2020-2879 Oracle Unspecified vulnerability in Oracle Scripting

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous).

5.8
2020-04-15 CVE-2020-2878 Oracle Unspecified vulnerability in Oracle Isupport 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Mail).

5.8
2020-04-15 CVE-2020-2877 Oracle Unspecified vulnerability in Oracle Partner Management 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite (component: Attribute Admin Setup).

5.8
2020-04-15 CVE-2020-2876 Oracle Unspecified vulnerability in Oracle Marketing

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2020-04-15 CVE-2020-2874 Oracle Unspecified vulnerability in Oracle Email Center 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Customer Search).

5.8
2020-04-15 CVE-2020-2873 Oracle Unspecified vulnerability in Oracle Customer Interaction History

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result).

5.8
2020-04-15 CVE-2020-2872 Oracle Unspecified vulnerability in Oracle Isupport 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Profile).

5.8
2020-04-15 CVE-2020-2871 Oracle Unspecified vulnerability in Oracle Advanced Outbound Telephony

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface).

5.8
2020-04-15 CVE-2020-2870 Oracle Unspecified vulnerability in Oracle One-To-One Fulfillment

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server).

5.8
2020-04-15 CVE-2020-2868 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Diagnostic Framework).

5.8
2020-04-15 CVE-2020-2861 Oracle Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2020-04-15 CVE-2020-2860 Oracle Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2020-04-15 CVE-2020-2858 Oracle Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2020-04-15 CVE-2020-2857 Oracle Unspecified vulnerability in Oracle Advanced Outbound Telephony 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface).

5.8
2020-04-15 CVE-2020-2856 Oracle Unspecified vulnerability in Oracle Advanced Outbound Telephony 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface).

5.8
2020-04-15 CVE-2020-2855 Oracle Unspecified vulnerability in Oracle Isupport 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Admin).

5.8
2020-04-15 CVE-2020-2854 Oracle Unspecified vulnerability in Oracle Advanced Outbound Telephony 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface).

5.8
2020-04-15 CVE-2020-2852 Oracle Unspecified vulnerability in Oracle Advanced Outbound Telephony 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Calendar).

5.8
2020-04-15 CVE-2020-2850 Oracle Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges).

5.8
2020-04-15 CVE-2020-2849 Oracle Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges).

5.8
2020-04-15 CVE-2020-2848 Oracle Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges).

5.8
2020-04-15 CVE-2020-2847 Oracle Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges).

5.8
2020-04-15 CVE-2020-2846 Oracle Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges).

5.8
2020-04-15 CVE-2020-2845 Oracle Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges).

5.8
2020-04-15 CVE-2020-2844 Oracle Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges).

5.8
2020-04-15 CVE-2020-2843 Oracle Unspecified vulnerability in Oracle Isupport 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Profile).

5.8
2020-04-15 CVE-2020-2842 Oracle Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges).

5.8
2020-04-15 CVE-2020-2841 Oracle Unspecified vulnerability in Oracle Knowledge Management 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin).

5.8
2020-04-15 CVE-2020-2840 Oracle Unspecified vulnerability in Oracle E-Business Intelligence 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups).

5.8
2020-04-15 CVE-2020-2839 Oracle Unspecified vulnerability in Oracle Service Intelligence 12.1.1/12.1.3

Vulnerability in the Oracle Service Intelligence product of Oracle E-Business Suite (component: Internal Operations- Search).

5.8
2020-04-15 CVE-2020-2837 Oracle Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2020-04-15 CVE-2020-2836 Oracle Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2020-04-15 CVE-2020-2835 Oracle Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2020-04-15 CVE-2020-2834 Oracle Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2020-04-15 CVE-2020-2833 Oracle Unspecified vulnerability in Oracle Quoting 12.1.1/12.1.3

Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: Courseware).

5.8
2020-04-15 CVE-2020-2832 Oracle Unspecified vulnerability in Oracle One-To-One Fulfillment 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server).

5.8
2020-04-15 CVE-2020-2831 Oracle Unspecified vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

5.8
2020-04-15 CVE-2020-2827 Oracle Unspecified vulnerability in Oracle One-To-One Fulfillment 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server).

5.8
2020-04-15 CVE-2020-2826 Oracle Unspecified vulnerability in Oracle One-To-One Fulfillment 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server).

5.8
2020-04-15 CVE-2020-2825 Oracle Unspecified vulnerability in Oracle One-To-One Fulfillment 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server).

5.8
2020-04-15 CVE-2020-2824 Oracle Unspecified vulnerability in Oracle One-To-One Fulfillment 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server).

5.8
2020-04-15 CVE-2020-2823 Oracle Unspecified vulnerability in Oracle Common Applications Calendar 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Notes).

5.8
2020-04-15 CVE-2020-2822 Oracle Unspecified vulnerability in Oracle Trade Management 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claims).

5.8
2020-04-15 CVE-2020-2821 Oracle Unspecified vulnerability in Oracle Trade Management

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Budget).

5.8
2020-04-15 CVE-2020-2820 Oracle Unspecified vulnerability in Oracle Common Applications Calendar

Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Notes).

5.8
2020-04-15 CVE-2020-2819 Oracle Unspecified vulnerability in Oracle Universal Work Queue 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration).

5.8
2020-04-15 CVE-2020-2818 Oracle Unspecified vulnerability in Oracle Universal Work Queue 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration).

5.8
2020-04-15 CVE-2020-2817 Oracle Unspecified vulnerability in Oracle Scripting 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous).

5.8
2020-04-15 CVE-2020-2815 Oracle Unspecified vulnerability in Oracle Isupport 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Profile).

5.8
2020-04-15 CVE-2020-2813 Oracle Unspecified vulnerability in Oracle Email Center

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: KB Search).

5.8
2020-04-15 CVE-2020-2811 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).

5.8
2020-04-15 CVE-2020-2809 Oracle Unspecified vulnerability in Oracle E-Business Intelligence 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups).

5.8
2020-04-15 CVE-2020-2808 Oracle Unspecified vulnerability in Oracle E-Business Intelligence 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups).

5.8
2020-04-15 CVE-2020-2807 Oracle Unspecified vulnerability in Oracle Marketing Encyclopedia System 12.1.1/12.1.3

Vulnerability in the Oracle Marketing Encyclopedia System product of Oracle E-Business Suite (component: Administration).

5.8
2020-04-15 CVE-2020-2797 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Process Scheduler).

5.8
2020-04-15 CVE-2020-2796 Oracle Unspecified vulnerability in Oracle Email Center

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display).

5.8
2020-04-15 CVE-2020-2794 Oracle Unspecified vulnerability in Oracle Email Center

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Email Address list and Message Display).

5.8
2020-04-15 CVE-2020-2751 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).

5.8
2020-04-15 CVE-2020-2706 Oracle Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Project Manager).

5.8
2020-04-15 CVE-2020-2553 Oracle Unspecified vulnerability in Oracle Knowledge

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console).

5.8
2020-04-14 CVE-2020-11003 Fraction Cross-Site Request Forgery (CSRF) vulnerability in Fraction Oasis

Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability.

5.8
2020-04-14 CVE-2020-6211 SAP Open Redirect vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2

SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.

5.8
2020-04-14 CVE-2020-6223 SAP Open Redirect vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2

The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content.

5.8
2020-04-13 CVE-2019-13916 Cypress Out-of-bounds Write vulnerability in Cypress Wiced Studio 6.2

An issue was discovered in Cypress (formerly Broadcom) WICED Studio 6.2 CYW20735B1 and CYW20819A1.

5.8
2020-04-13 CVE-2020-8430 Stormshield Open Redirect vulnerability in Stormshield Network Security

Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal.

5.8
2020-04-17 CVE-2020-11886 Opennms SQL Injection vulnerability in Opennms Horizon and Meridian

OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList.htm (aka the NodeListController) via snmpParm or snmpParmValue to addCriteriaForSnmpParm.

5.5
2020-04-17 CVE-2019-4446 IBM Missing Authorization vulnerability in IBM products

IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters.

5.5
2020-04-15 CVE-2020-11661 Broadcom Improper Privilege Management vulnerability in Broadcom CA API Developer Portal

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view and edit user data.

5.5
2020-04-15 CVE-2020-4274 IBM Incorrect Default Permissions vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks.

5.5
2020-04-15 CVE-2020-2964 Oracle Unspecified vulnerability in Oracle Financial Services Data Foundation 8.0.6/8.0.9

Vulnerability in the Oracle Financial Services Data Foundation product of Oracle Financial Services Applications (component: User Interface).

5.5
2020-04-15 CVE-2020-2956 Oracle Unspecified vulnerability in Oracle Human Resources

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers).

5.5
2020-04-15 CVE-2020-2945 Oracle Unspecified vulnerability in Oracle Financial Services Deposit Insurance Calculations FOR Liquidity Risk Management 8.0.7/8.0.8

Vulnerability in the Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interfaces).

5.5
2020-04-15 CVE-2020-2943 Oracle Unspecified vulnerability in Oracle Financial Services Liquidity Risk Measurement and Management 8.0.7.0.0/8.0.8.0.0

Vulnerability in the Oracle Financial Services Liquidity Risk Measurement and Management product of Oracle Financial Services Applications (component: User Interface).

5.5
2020-04-15 CVE-2020-2942 Oracle Unspecified vulnerability in Oracle Financial Services Price Creation and Discovery 8.0.7

Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface).

5.5
2020-04-15 CVE-2020-2941 Oracle Unspecified vulnerability in Oracle Financial Services Funds Transfer Pricing 8.0.6/8.0.7

Vulnerability in the Oracle Financial Services Funds Transfer Pricing product of Oracle Financial Services Applications (component: User Interface).

5.5
2020-04-15 CVE-2020-2940 Oracle Unspecified vulnerability in Oracle Financial Services Profitability Management 8.0.6/8.0.7

Vulnerability in the Oracle Financial Services Profitability Management product of Oracle Financial Services Applications (component: User Interface).

5.5
2020-04-15 CVE-2020-2939 Oracle Unspecified vulnerability in Oracle Financial Services Asset Liability Management 8.0.6/8.0.7

Vulnerability in the Oracle Financial Services Asset Liability Management product of Oracle Financial Services Applications (component: User Interface).

5.5
2020-04-15 CVE-2020-2938 Oracle Unspecified vulnerability in Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.6/8.0.8

Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: User Interface).

5.5
2020-04-15 CVE-2020-2937 Oracle Unspecified vulnerability in Oracle Insurance Accounting Analyzer 8.0.6/8.0.9

Vulnerability in the Oracle Insurance Accounting Analyzer product of Oracle Financial Services Applications (component: User Interface).

5.5
2020-04-15 CVE-2020-2936 Oracle Unspecified vulnerability in Oracle Financial Services Balance Sheet Planning 8.0.8

Vulnerability in the Oracle Financial Services Balance Sheet Planning product of Oracle Financial Services Applications (component: User Interface).

5.5
2020-04-15 CVE-2020-2935 Oracle Unspecified vulnerability in Oracle Financial Services Hedge Management and Ifrs Valuations 8.0.6/8.0.8

Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations product of Oracle Financial Services Applications (component: User Interface).

5.5
2020-04-15 CVE-2020-2891 Oracle Unspecified vulnerability in Oracle Financial Services Liquidity Risk Management 8.0.6

Vulnerability in the Oracle Financial Services Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interfaces).

5.5
2020-04-15 CVE-2020-2882 Oracle Unspecified vulnerability in Oracle Human Resources

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers).

5.5
2020-04-15 CVE-2020-2863 Oracle Unspecified vulnerability in Oracle Advanced Outbound Telephony 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface).

5.5
2020-04-15 CVE-2020-2793 Oracle Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure).

5.5
2020-04-15 CVE-2020-2760 Oracle
Opensuse
Fedoraproject
Netapp
Canonical
Mariadb
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
5.5
2020-04-15 CVE-2020-2746 Oracle Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications.

5.5
2020-04-15 CVE-2020-7273 Mcafee Improper Privilege Management vulnerability in Mcafee Endpoint Security

Accessing functionality not properly constrained by ACLs vulnerability in the autorun start-up protection in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to delete or rename programs in the autorun key via manipulation of some parameters.

5.5
2020-04-15 CVE-2020-7261 Mcafee Classic Buffer Overflow vulnerability in Mcafee Endpoint Security

Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input.

5.5
2020-04-14 CVE-2020-11765 Openexr
Fedoraproject
Opensuse
Debian
Canonical
Apple
Off-by-one Error vulnerability in multiple products

An issue was discovered in OpenEXR before 2.4.1.

5.5
2020-04-14 CVE-2020-11764 Openexr
Fedoraproject
Canonical
Opensuse
Debian
Apple
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in OpenEXR before 2.4.1.

5.5
2020-04-14 CVE-2020-11763 Openexr
Fedoraproject
Canonical
Opensuse
Debian
Apple
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in OpenEXR before 2.4.1.

5.5
2020-04-14 CVE-2020-11762 Openexr
Fedoraproject
Canonical
Opensuse
Debian
Apple
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in OpenEXR before 2.4.1.

5.5
2020-04-14 CVE-2020-11761 Openexr
Fedoraproject
Canonical
Debian
Apple
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in OpenEXR before 2.4.1.

5.5
2020-04-14 CVE-2020-11760 Openexr
Fedoraproject
Canonical
Opensuse
Debian
Apple
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in OpenEXR before 2.4.1.

5.5
2020-04-14 CVE-2020-11759 Openexr
Fedoraproject
Canonical
Debian
Apple
Integer Overflow or Wraparound vulnerability in multiple products

An issue was discovered in OpenEXR before 2.4.1.

5.5
2020-04-14 CVE-2020-11758 Openexr
Fedoraproject
Canonical
Opensuse
Debian
Apple
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in OpenEXR before 2.4.1.

5.5
2020-04-14 CVE-2020-11743 XEN
Fedoraproject
Improper Handling of Exceptional Conditions vulnerability in multiple products

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant.

5.5
2020-04-14 CVE-2020-11742 XEN
Fedoraproject
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy.
5.5
2020-04-14 CVE-2020-11740 XEN
Debian
Fedoraproject
Opensuse
Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests.

5.5
2020-04-16 CVE-2020-11823 Dolibarr Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.6

In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored XSS vulnerability on the admin tools --> audit page.

5.4
2020-04-15 CVE-2020-2830 Oracle
Netapp
Debian
Fedoraproject
Opensuse
Mcafee
Canonical
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency).
5.3
2020-04-15 CVE-2020-2783 Oracle Unspecified vulnerability in Oracle Outside in Technology 8.5.4

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters).

5.3
2020-04-15 CVE-2020-2781 Oracle
Debian
Canonical
Opensuse
Fedoraproject
Mcafee
Netapp
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE).
5.3
2020-04-15 CVE-2020-2752 Oracle
Mariadb
Fedoraproject
Opensuse
Netapp
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API).
5.3
2020-04-15 CVE-2020-7277 Mcafee Unspecified vulnerability in Mcafee Endpoint Security

Protection mechanism failure in all processes in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the protection offered.

5.3
2020-04-15 CVE-2020-7275 Mcafee Unquoted Search Path or Element vulnerability in Mcafee Endpoint Security

Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security (ENS) for Windows Prior to 10.7.0 April 2020 Update allows local users to execute arbitrary code via a carefully crafted input file.

5.3
2020-04-14 CVE-2020-10381 Mbconnectline SQL Injection vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0.

5.3
2020-04-13 CVE-2020-1730 Libssh
Canonical
Netapp
Redhat
Fedoraproject
Oracle
NULL Pointer Dereference vulnerability in multiple products

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers.

5.3
2020-04-16 CVE-2019-20766 Netgear Out-of-bounds Write vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-16 CVE-2019-20765 Netgear Out-of-bounds Write vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-16 CVE-2019-20764 Netgear Out-of-bounds Write vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-16 CVE-2019-20763 Netgear Out-of-bounds Write vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-16 CVE-2019-20762 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user.

5.2
2020-04-16 CVE-2019-20761 Netgear OS Command Injection vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.62 are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20758 Netgear Classic Buffer Overflow vulnerability in Netgear R7000 Firmware

NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflow by an authenticated user.

5.2
2020-04-16 CVE-2019-20757 Netgear OS Command Injection vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.62 are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20755 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-16 CVE-2019-20754 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user.

5.2
2020-04-16 CVE-2019-20751 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-16 CVE-2019-20748 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-16 CVE-2019-20747 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-16 CVE-2019-20745 Netgear OS Command Injection vulnerability in Netgear Wac505 Firmware and Wac510 Firmware

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20740 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-16 CVE-2019-20736 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-16 CVE-2019-20735 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-16 CVE-2019-20727 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20726 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20725 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-16 CVE-2019-20724 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20723 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-16 CVE-2019-20722 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20719 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user.

5.2
2020-04-16 CVE-2019-20718 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20716 Netgear Out-of-bounds Write vulnerability in Netgear Dgn2200 Firmware and Dgnd2200B Firmware

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

5.2
2020-04-16 CVE-2019-20713 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-04-16 CVE-2019-20712 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user.

5.2
2020-04-16 CVE-2019-20711 Netgear OS Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20710 Netgear OS Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20709 Netgear OS Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20708 Netgear OS Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20707 Netgear OS Command Injection vulnerability in Netgear R7800 Firmware and Xr500 Firmware

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20706 Netgear OS Command Injection vulnerability in Netgear R7800 Firmware and Xr500 Firmware

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20705 Netgear OS Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20704 Netgear OS Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20703 Netgear OS Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20702 Netgear OS Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20701 Netgear OS Command Injection vulnerability in Netgear D3600 Firmware, D6000 Firmware and Xr500 Firmware

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20689 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-16 CVE-2019-20688 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-15 CVE-2019-20680 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-04-15 CVE-2019-20642 Netgear Unspecified vulnerability in Netgear Rax40 Firmware 1.0.3.62

NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication bypass.

5.2
2020-04-17 CVE-2020-11883 Divante Information Exposure vulnerability in Divante Storefront-Api and Vue-Storefront-Api

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names.

5.0
2020-04-17 CVE-2020-4277 IBM Information Exposure vulnerability in IBM Tririga Application Platform 3.5.3/3.6.1.0

IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive information in error messages that could aid an attacker formulate future attacks.

5.0
2020-04-17 CVE-2020-11874 Google Unspecified vulnerability in Google Android

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software.

5.0
2020-04-17 CVE-2019-20771 Google Improper Authentication vulnerability in Google Android

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software.

5.0
2020-04-17 CVE-2020-10813 Ftpdmin Project Classic Buffer Overflow vulnerability in Ftpdmin Project Ftpdmin 0.96

A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to crash the server via a crafted packet.

5.0
2020-04-17 CVE-2020-10377 Mitel Inadequate Encryption Strength vulnerability in Mitel Mivoice Connect and Mivoice Connect Client

A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials.

5.0
2020-04-17 CVE-2020-11872 Bluetrace Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Bluetrace Opentrace 1.0

The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs.

5.0
2020-04-17 CVE-2020-11868 NTP
Redhat
Netapp
Debian
Opensuse
Origin Validation Error vulnerability in multiple products

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.

5.0
2020-04-17 CVE-2019-7306 Byobu
Canonical
Information Exposure vulnerability in multiple products

Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords.

5.0
2020-04-16 CVE-2020-7486 Schneider Electric Resource Exhaustion vulnerability in Schneider-Electric products

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x.

5.0
2020-04-16 CVE-2020-7483 Schneider Electric Cleartext Transmission of Sensitive Information vulnerability in Schneider-Electric Tristation 1131

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on the network when the 'password' feature is enabled.

5.0
2020-04-16 CVE-2020-11826 Appinghouse Missing Encryption of Sensitive Data vulnerability in Appinghouse Memono 3.8

Users can lock their notes with a password in Memono version 3.8.

5.0
2020-04-16 CVE-2019-20696 Netgear Information Exposure vulnerability in Netgear Wac505 Firmware and Wac510 Firmware

Certain NETGEAR devices are affected by disclosure of sensitive information.

5.0
2020-04-16 CVE-2019-20695 Netgear Information Exposure vulnerability in Netgear Srk60 Firmware, Srr60 Firmware and Srs60 Firmware

Certain NETGEAR devices are affected by disclosure of sensitive information.

5.0
2020-04-16 CVE-2019-20694 Netgear Information Exposure vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of sensitive information.

5.0
2020-04-16 CVE-2019-20687 Netgear Improper Input Validation vulnerability in Netgear products

Certain NETGEAR devices are affected by denial of service.

5.0
2020-04-16 CVE-2019-18948 Arista Improper Input Validation vulnerability in Arista EOS

An issue was found in Arista EOS.

5.0
2020-04-16 CVE-2019-4762 IBM Unspecified vulnerability in IBM MQ

IBM MQ 9.0 and 9.1 is vulnerable to a denial of service attack due to an error in the Channel processing function.

5.0
2020-04-15 CVE-2020-9280 Silverstripe Unrestricted Upload of File with Dangerous Type vulnerability in Silverstripe

In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead.

5.0
2020-04-15 CVE-2020-3273 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products

A vulnerability in the 802.11 Generic Advertisement Service (GAS) frame processing function of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS).

5.0
2020-04-15 CVE-2020-3262 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol handler of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

5.0
2020-04-15 CVE-2020-3177 Cisco Path Traversal vulnerability in Cisco products

A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device.

5.0
2020-04-15 CVE-2020-3162 Cisco Improper Input Validation vulnerability in Cisco IOT Field Network Director

A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device.

5.0
2020-04-15 CVE-2020-11662 Broadcom Information Exposure vulnerability in Broadcom CA API Developer Portal

CA API Developer Portal 4.3.1 and earlier handles requests insecurely, which allows remote attackers to exploit a Cross-Origin Resource Sharing flaw and access sensitive information.

5.0
2020-04-15 CVE-2019-12520 Squid Cache
Canonical
Debian
Improper Input Validation vulnerability in multiple products

An issue was discovered in Squid through 4.7 and 5.

5.0
2020-04-15 CVE-2020-10615 Trianglemicroworks Out-of-bounds Write vulnerability in Trianglemicroworks Scada Data Gateway

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based buffer.

5.0
2020-04-15 CVE-2020-10613 Trianglemicroworks Out-of-bounds Read vulnerability in Trianglemicroworks Scada Data Gateway

Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure.

5.0
2020-04-15 CVE-2019-20654 Netgear Improper Input Validation vulnerability in Netgear Wac505 Firmware and Wac510 Firmware

Certain NETGEAR devices are affected by incorrect configuration of security settings.

5.0
2020-04-15 CVE-2020-11792 Netgear Improper Certificate Validation vulnerability in Netgear products

NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are affected by Transport Layer Security (TLS) certificate private key disclosure.

5.0
2020-04-15 CVE-2019-20650 Netgear Improper Input Validation vulnerability in Netgear products

Certain NETGEAR devices are affected by denial of service.

5.0
2020-04-15 CVE-2019-20649 Netgear Information Exposure vulnerability in Netgear Mr1100 Firmware 12.05.05.00/12.06.03

NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of sensitive information.

5.0
2020-04-15 CVE-2019-20646 Netgear Information Exposure vulnerability in Netgear Rax40 Firmware 1.0.3.62

NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials.

5.0
2020-04-15 CVE-2019-20643 Netgear Information Exposure vulnerability in Netgear Rax40 Firmware 1.0.3.62

NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of sensitive information.

5.0
2020-04-15 CVE-2020-4269 IBM Use of Hard-coded Credentials vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

5.0
2020-04-15 CVE-2020-11728 Davical
Debian
Session Fixation vulnerability in multiple products

An issue was discovered in DAViCal Andrew's Web Libraries (AWL) through 0.60.

5.0
2020-04-15 CVE-2020-1018 Microsoft Information Exposure vulnerability in Microsoft Dynamics 365 Business Central and Dynamics NAV

An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka 'Microsoft Dynamics Business Central/NAV Information Disclosure'.

5.0
2020-04-15 CVE-2020-2959 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
5.0
2020-04-15 CVE-2020-2949 Oracle Unspecified vulnerability in Oracle Coherence

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation).

5.0
2020-04-15 CVE-2020-2934 Oracle
Fedoraproject
Debian
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).
5.0
2020-04-15 CVE-2020-2889 Oracle Information Exposure vulnerability in Oracle Customer Relationship Management Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

5.0
2020-04-15 CVE-2020-2888 Oracle Information Exposure vulnerability in Oracle Marketing

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Partners).

5.0
2020-04-15 CVE-2020-2887 Oracle Unspecified vulnerability in Oracle Customer Interaction History

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result).

5.0
2020-04-15 CVE-2020-2866 Oracle Unspecified vulnerability in Oracle Applications Framework

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload).

5.0
2020-04-15 CVE-2020-2865 Oracle Unspecified vulnerability in Oracle Configurator 12.1/12.2

Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: Installation).

5.0
2020-04-15 CVE-2020-2864 Oracle Information Exposure vulnerability in Oracle Isupplier Portal

Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Accounts).

5.0
2020-04-15 CVE-2020-2859 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: nVision).

5.0
2020-04-15 CVE-2020-2838 Oracle Information Exposure vulnerability in Oracle Customer Relationship Management Gateway for Mobile Devices 12.1.1/12.1.3

Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications).

5.0
2020-04-15 CVE-2020-2816 Oracle
Netapp
Canonical
Debian
Opensuse
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE).
5.0
2020-04-15 CVE-2020-2776 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security).

5.0
2020-04-15 CVE-2020-2775 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).

5.0
2020-04-15 CVE-2020-2766 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).

5.0
2020-04-15 CVE-2020-2753 Oracle Unspecified vulnerability in Oracle Workflow

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer).

5.0
2020-04-15 CVE-2020-2750 Oracle Unspecified vulnerability in Oracle General Ledger

Vulnerability in the Oracle General Ledger product of Oracle E-Business Suite (component: Account Hierarchy Manager).

5.0
2020-04-15 CVE-2020-3932 Draytek Information Exposure vulnerability in Draytek Vigorap 910C Firmware 1.3.1

A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage.

5.0
2020-04-15 CVE-2020-10506 THE School Manage System Project Path Traversal vulnerability in the School Manage System Project the School Manage System

The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files.

5.0
2020-04-14 CVE-2020-6195 SAP Cleartext Transmission of Sensitive Information vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2

SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure.

5.0
2020-04-14 CVE-2019-19301 Siemens Resource Exhaustion vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, SCALANCE X202-2P IRT, SCALANCE X202-2P IRT PRO, SCALANCE X204-2, SCALANCE X204-2FM, SCALANCE X204-2LD, SCALANCE X204-2LD TS, SCALANCE X204-2TS, SCALANCE X204IRT, SCALANCE X204IRT PRO, SCALANCE X206-1, SCALANCE X206-1LD, SCALANCE X208, SCALANCE X208PRO, SCALANCE X212-2, SCALANCE X212-2LD, SCALANCE X216, SCALANCE X224, SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XF201-3P IRT, SCALANCE XF202-2P IRT, SCALANCE XF204, SCALANCE XF204-2, SCALANCE XF204-2BA IRT, SCALANCE XF204IRT, SCALANCE XF206-1, SCALANCE XF208, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIMATIC CP 343-1 Advanced, SIMATIC CP 442-1 RNA, SIMATIC CP 443-1, SIMATIC CP 443-1 Advanced, SIMATIC CP 443-1 RNA, SIMATIC RF180C, SIMATIC RF182C, SIPLUS NET CP 343-1 Advanced, SIPLUS NET CP 443-1, SIPLUS NET CP 443-1 Advanced, SIPLUS NET SCALANCE X308-2.

5.0
2020-04-14 CVE-2020-6237 SAP Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2

Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

5.0
2020-04-14 CVE-2020-6235 SAP Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.2

SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to Missing Authentication.

5.0
2020-04-14 CVE-2020-6232 SAP Missing Authorization vulnerability in SAP Commerce Cloud 1811/1905

SAP Commerce, versions 1811, 1905, does not perform necessary authorization checks for an anonymous user, due to Missing Authorization Check.

5.0
2020-04-14 CVE-2020-6227 SAP Improper Input Validation vulnerability in SAP Businessobjects Business Intelligence Platform 4.2

SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files.

5.0
2020-04-14 CVE-2020-7802 S3India Incorrect Default Permissions vulnerability in S3India Husky RTU 6049-E70 Firmware 5.0

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Incorrect Default Permissions (CWE-276) vulnerability.

5.0
2020-04-14 CVE-2020-7801 Mysyngeryss Information Exposure vulnerability in Mysyngeryss Husky RTU 6049-E70 Firmware

The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability.

5.0
2020-04-13 CVE-2020-8148 UI Improper Authentication vulnerability in UI Cloud KEY Gen2 and Cloud KEY Gen2 Plus

UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to change a device hostname by sending a malicious API request.

5.0
2020-04-17 CVE-2019-2056 Google Information Exposure vulnerability in Google Android 10.0

There is a possible disclosure of RAM using a shared crypto key due to improperly used crypto.

4.9
2020-04-16 CVE-2019-11999 HPE Cross-site Scripting vulnerability in HPE Opencall Media Platform

Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP) resulting in remote arbitrary file download and cross site scripting.

4.9
2020-04-16 CVE-2019-14075 Qualcomm NULL Pointer Dereference vulnerability in Qualcomm products

Null pointer dereference issue in radio interface layer due to lack of null check in sapmodule destructor in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCS605, Rennell, Saipan, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR2130

4.9
2020-04-16 CVE-2019-14007 Qualcomm Information Exposure vulnerability in Qualcomm products

Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, SC7180, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130

4.9
2020-04-15 CVE-2020-0794 Microsoft Improper Input Validation vulnerability in Microsoft products

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'.

4.9
2020-04-15 CVE-2020-2928 Oracle
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2020-04-15 CVE-2020-2925 Oracle
Fedoraproject
Netapp
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS).
4.9
2020-04-15 CVE-2020-2924 Oracle
Fedoraproject
Canonical
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2020-04-15 CVE-2020-2923 Oracle
Fedoraproject
Netapp
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2020-04-15 CVE-2020-2904 Oracle
Fedoraproject
Canonical
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2020-04-15 CVE-2020-2903 Oracle
Fedoraproject
Canonical
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling).
4.9
2020-04-15 CVE-2020-2901 Oracle
Fedoraproject
Canonical
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2020-04-15 CVE-2020-2899 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise SCM Purchasing 9.2

Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing).

4.9
2020-04-15 CVE-2020-2898 Oracle
Fedoraproject
Canonical
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets).
4.9
2020-04-15 CVE-2020-2897 Oracle
Fedoraproject
Netapp
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2020-04-15 CVE-2020-2896 Oracle
Fedoraproject
Canonical
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).
4.9
2020-04-15 CVE-2020-2895 Oracle
Fedoraproject
Netapp
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.9
2020-04-15 CVE-2020-2893 Oracle
Fedoraproject
Netapp
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.9
2020-04-15 CVE-2020-2892 Oracle
Fedoraproject
Netapp
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2020-04-15 CVE-2020-2853 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
4.9
2020-04-15 CVE-2020-2814 Oracle
Netapp
Debian
Fedoraproject
Opensuse
Mariadb
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.9
2020-04-15 CVE-2020-2812 Oracle
Netapp
Debian
Fedoraproject
Opensuse
Canonical
Mariadb
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure).
4.9
2020-04-15 CVE-2020-2779 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
4.9
2020-04-15 CVE-2020-2774 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
4.9
2020-04-15 CVE-2020-2770 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging).
4.9
2020-04-15 CVE-2020-2768 Oracle
Netapp
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).
4.9
2020-04-15 CVE-2020-2765 Oracle
Fedoraproject
Netapp
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2020-04-15 CVE-2020-2763 Oracle
Fedoraproject
Netapp
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).
4.9
2020-04-15 CVE-2020-2762 Oracle
Fedoraproject
Netapp
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.9
2020-04-15 CVE-2020-2761 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
4.9
2020-04-15 CVE-2020-2759 Oracle
Fedoraproject
Canonical
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).
4.9
2020-04-15 CVE-2020-2747 Oracle Unspecified vulnerability in Oracle Access Manager 11.1.2.3.0/12.2.1.3.0

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: SSO Engine).

4.9
2020-04-15 CVE-2020-2744 Oracle Unspecified vulnerability in Oracle Transportation Management 6.3.7/6.4.2/6.4.3

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Security).

4.9
2020-04-15 CVE-2020-2740 Oracle Unspecified vulnerability in Oracle Access Manager 11.1.2.3.0/12.2.1.3.0

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine).

4.9
2020-04-15 CVE-2020-2514 Oracle Unspecified vulnerability in Oracle Application Express

Vulnerability in the Oracle Application Express component of Oracle Database Server.

4.9
2020-04-16 CVE-2019-20693 Netgear Incorrect Permission Assignment for Critical Resource vulnerability in Netgear Wac505 Firmware and Wac510 Firmware

Certain NETGEAR devices are affected by incorrect configuration of security settings.

4.8
2020-04-15 CVE-2020-5346 EMC Cross-site Scripting vulnerability in EMC RSA Authentication Manager

RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console.

4.8
2020-04-15 CVE-2020-2800 Oracle
Netapp
Debian
Fedoraproject
Opensuse
Canonical
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server).
4.8
2020-04-15 CVE-2020-2767 Oracle
Netapp
Debian
Canonical
Opensuse
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE).
4.8
2020-04-15 CVE-2020-10951 Westerndigital Improper Restriction of Rendered UI Layers or Frames vulnerability in Westerndigital IBI and MY Cloud Home

Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages.

4.7
2020-04-15 CVE-2020-2875 Oracle
Fedoraproject
Debian
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).
4.7
2020-04-15 CVE-2020-10932 ARM
Fedoraproject
Debian
Information Exposure Through Discrepancy vulnerability in multiple products

An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15.

4.7
2020-04-17 CVE-2020-0079 Google Out-of-bounds Write vulnerability in Google Android 10.0/9.0

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer.

4.6
2020-04-17 CVE-2020-0078 Google Out-of-bounds Write vulnerability in Google Android 10.0/9.0

In releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a missing bounds check.

4.6
2020-04-17 CVE-2020-0076 Google Out-of-bounds Write vulnerability in Google Android

In get_auth_result of the FPC IRIS TrustZone app, there is a possible out of bounds write due to a missing bounds check.

4.6
2020-04-17 CVE-2019-20785 Google Use of Uninitialized Resource vulnerability in Google Android 8.0/8.1

An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier.

4.6
2020-04-17 CVE-2019-20770 Google Classic Buffer Overflow vulnerability in Google Android 9.0

An issue was discovered on LG mobile devices with Android OS 9.0 software.

4.6
2020-04-16 CVE-2019-20737 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

4.6
2020-04-16 CVE-2019-20733 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

4.6
2020-04-16 CVE-2019-20732 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

4.6
2020-04-16 CVE-2019-20731 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user.

4.6
2020-04-16 CVE-2019-20728 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user.

4.6
2020-04-16 CVE-2019-20700 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

4.6
2020-04-16 CVE-2019-20692 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

4.6
2020-04-16 CVE-2019-14001 Qualcomm Use of a Broken or Risky Cryptographic Algorithm vulnerability in Qualcomm products

Wrong public key usage from existing oem_keystore for hash generation in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, QM215, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDX20

4.6
2020-04-16 CVE-2019-10624 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

While handling the vendor command there is an integer truncation issue that could yield a buffer overflow due to int data type copied to u8 data type in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, MSM8996AU, QCA6574AU, QCN7605, Rennell, SC8180X, SDM710, SDX55, SM7150, SM8150, SM8250, SXR2130

4.6
2020-04-16 CVE-2019-10621 Qualcomm Use After Free vulnerability in Qualcomm products

Use after free issue when MAP and UNMAP calls at same time as data structure used my MAP may be freed by UNMAP function in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in Nicobar, QCS405, Rennell, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

4.6
2020-04-16 CVE-2019-10620 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Kernel memory error in debug module due to improper check of user data length before copying into memory in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, APQ8098, MSM8996AU, QCN7605, SDM439, SDX24, SM8150

4.6
2020-04-16 CVE-2019-10556 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Missing length check before copying the data from kernel space to userspace through the copy function can lead to buffer overflow in some cases in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8909W, MSM8917, MSM8953, Nicobar, QCN7605, QCS405, QCS605, QM215, Rennell, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

4.6
2020-04-16 CVE-2019-10547 Qualcomm Resource Exhaustion vulnerability in Qualcomm products

When issuing IOCTL calls to ION, Memory leak can occur due to failure in unassign pages under certain conditions in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCN7605, QCS605, Rennell, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDX24, SDX55, SM7150, SM8150, SM8250, SXR2130

4.6
2020-04-15 CVE-2019-20655 Netgear Command Injection vulnerability in Netgear Xr500 Firmware and Xr700 Firmware

Certain NETGEAR devices are affected by command injection by an authenticated user.

4.6
2020-04-15 CVE-2019-20651 Netgear Command Injection vulnerability in Netgear Wac505 Firmware and Wac510 Firmware

Certain NETGEAR devices are affected by command injection by an authenticated user.

4.6
2020-04-15 CVE-2020-6992 GE Improper Privilege Management vulnerability in GE Cimplicity

A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior.

4.6
2020-04-15 CVE-2020-0600 Intel Improper Privilege Management vulnerability in Intel products

Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2020-04-15 CVE-2020-0557 Intel Improper Privilege Management vulnerability in Intel Proset/Wireless Wifi

Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2020-04-15 CVE-2020-0547 Intel Incorrect Default Permissions vulnerability in Intel Data Migration 3.3

Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2020-04-15 CVE-2020-4270 IBM Incorrect Default Permissions vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions.

4.6
2020-04-15 CVE-2020-1019 Microsoft Improper Privilege Management vulnerability in Microsoft RMS Sharing

An elevation of privilege vulnerability exists in RMS Sharing App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability'.

4.6
2020-04-15 CVE-2020-0984 Microsoft Improper Privilege Management vulnerability in Microsoft Autoupdate

An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka 'Microsoft (MAU) Office Elevation of Privilege Vulnerability'.

4.6
2020-04-15 CVE-2020-0981 Microsoft Injection vulnerability in Microsoft Windows 10 and Windows Server 2016

A security feature bypass vulnerability exists when Windows fails to properly handle token relationships.An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.The update addresses the vulnerability by correcting how Windows handles token relationships, aka 'Windows Token Security Feature Bypass Vulnerability'.

4.6
2020-04-15 CVE-2020-0965 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'.

4.6
2020-04-15 CVE-2020-0944 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'.

4.6
2020-04-15 CVE-2020-0934 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows WpcDesktopMonSvc improperly manages memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'.

4.6
2020-04-15 CVE-2020-0919 Microsoft Improper Privilege Management vulnerability in Microsoft Remote Desktop

An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability'.

4.6
2020-04-15 CVE-2020-2929 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
4.6
2020-04-15 CVE-2020-2908 Oracle
Opensuse
Improper Privilege Management vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.6
2020-04-15 CVE-2020-2907 Oracle
Opensuse
Improper Privilege Management vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.6
2020-04-15 CVE-2020-2905 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
4.6
2020-04-15 CVE-2020-2902 Oracle
Opensuse
Out-of-bounds Write vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.6
2020-04-15 CVE-2020-2758 Oracle
Opensuse
Use After Free vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.6
2020-04-15 CVE-2020-2742 Oracle
Opensuse
Integer Overflow or Wraparound vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.6
2020-04-15 CVE-2020-2737 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Core RDBMS component of Oracle Database Server.

4.6
2020-04-15 CVE-2020-2735 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Java VM component of Oracle Database Server.

4.6
2020-04-17 CVE-2020-7079 Autodesk Untrusted Search Path vulnerability in Autodesk Dynamo BIM 2.5.0/2.5.1

An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files.

4.4
2020-04-17 CVE-2019-20769 LG Untrusted Search Path vulnerability in LG PC Suite 5.3.27

An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG PC Suite v5.3.27 and earlier).

4.4
2020-04-15 CVE-2019-12522 Squid Cache Improper Privilege Management vulnerability in Squid-Cache Squid

An issue was discovered in Squid through 4.7.

4.4
2020-04-15 CVE-2020-0598 Intel Untrusted Search Path vulnerability in Intel Binary Configuration Tool

Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.

4.4
2020-04-15 CVE-2020-2958 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
4.4
2020-04-15 CVE-2020-2930 Oracle
Fedoraproject
Canonical
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser).
4.4
2020-04-15 CVE-2020-2927 Oracle Unspecified vulnerability in Oracle Solaris 10/11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment).

4.4
2020-04-15 CVE-2020-2926 Oracle
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS).
4.4
2020-04-15 CVE-2020-2921 Oracle
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).
4.4
2020-04-15 CVE-2020-2914 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
4.4
2020-04-15 CVE-2020-2913 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
4.4
2020-04-15 CVE-2020-2911 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
4.4
2020-04-15 CVE-2020-2851 Oracle Unspecified vulnerability in Oracle Solaris 10/11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment).

4.4
2020-04-15 CVE-2020-7255 Mcafee Improper Privilege Management vulnerability in Mcafee Endpoint Security

Privilege escalation vulnerability in the administrative user interface in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2020 Update allows local users to gain elevated privileges via ENS not checking user permissions when editing configuration in the ENS client interface.

4.4
2020-04-17 CVE-2020-11887 Svg2Png Project Cross-site Scripting vulnerability in Svg2Png Project Svg2Png 4.1.1

svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document.

4.3
2020-04-17 CVE-2020-5731 Openmrs Cross-site Scripting vulnerability in Openmrs

In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting.

4.3
2020-04-17 CVE-2020-5730 Openmrs Cross-site Scripting vulnerability in Openmrs

In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting.

4.3
2020-04-17 CVE-2020-5729 Openmrs Cross-site Scripting vulnerability in Openmrs

In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS.

4.3
2020-04-17 CVE-2020-5728 Openmrs Improper Input Validation vulnerability in Openmrs

OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm).

4.3
2020-04-17 CVE-2020-7084 Autodesk NULL Pointer Dereference vulnerability in Autodesk FBX Software Development KIT 2019.0

A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.

4.3
2020-04-17 CVE-2020-7083 Autodesk Integer Overflow or Wraparound vulnerability in Autodesk FBX Software Development KIT 2019.0

An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.

4.3
2020-04-17 CVE-2020-11879 Gnome Unspecified vulnerability in Gnome Evolution

An issue was discovered in GNOME Evolution before 3.35.91.

4.3
2020-04-17 CVE-2019-4644 IBM Cross-site Scripting vulnerability in IBM products

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting.

4.3
2020-04-16 CVE-2019-20756 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by reflected XSS.

4.3
2020-04-16 CVE-2020-7484 Schneider Electric Unspecified vulnerability in Schneider-Electric Tristation 1131

**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could allow a denial of service attack if the user is not following documented guidelines pertaining to dedicated TriStation connection and key-switch protection.

4.3
2020-04-16 CVE-2020-2177 Jenkins Cleartext Storage of Sensitive Information vulnerability in Jenkins Copr 0.1/0.2/0.3

Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

4.3
2020-04-16 CVE-2019-19394 Northern Tech Cross-site Scripting vulnerability in Northern.Tech Cfengine 3.12.1/3.12.2/3.7

Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS.

4.3
2020-04-15 CVE-2020-3261 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.

4.3
2020-04-15 CVE-2019-12521 Squid Cache
Canonical
Debian
Opensuse
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in Squid through 4.7.

4.3
2020-04-15 CVE-2020-11791 Netgear Cross-site Scripting vulnerability in Netgear Jgs516Pe Firmware 2.6.0.35

NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS.

4.3
2020-04-15 CVE-2020-10637 Eaton Out-of-bounds Read vulnerability in Eaton Hmisoft VU3 Firmware 3.00.23

Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues.

4.3
2020-04-15 CVE-2019-4594 IBM
Linux
Cleartext Transmission of Sensitive Information vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

4.3
2020-04-15 CVE-2020-1050 Microsoft Cross-site Scripting vulnerability in Microsoft Dynamics 365 Server 9.0

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.

4.3
2020-04-15 CVE-2020-0952 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

4.3
2020-04-15 CVE-2020-0947 Microsoft Information Exposure vulnerability in Microsoft Windows 10 and Windows Server 2016

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'.

4.3
2020-04-15 CVE-2020-0946 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'.

4.3
2020-04-15 CVE-2020-0945 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'.

4.3
2020-04-15 CVE-2020-0939 Microsoft Information Exposure vulnerability in Microsoft Windows 10 and Windows Server 2016

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'.

4.3
2020-04-15 CVE-2020-0937 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'.

4.3
2020-04-15 CVE-2020-2932 Oracle Unspecified vulnerability in Oracle Knowledge

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console).

4.3
2020-04-15 CVE-2020-2909 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
4.3
2020-04-15 CVE-2020-2886 Oracle Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

4.3
2020-04-15 CVE-2020-2869 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).

4.3
2020-04-15 CVE-2020-2862 Oracle Information Exposure vulnerability in Oracle One-To-One Fulfillment

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server).

4.3
2020-04-15 CVE-2020-2810 Oracle Unspecified vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart).

4.3
2020-04-15 CVE-2020-2789 Oracle Unspecified vulnerability in Oracle Isupport

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: User Interface).

4.3
2020-04-15 CVE-2020-2772 Oracle Unspecified vulnerability in Oracle Human Resources 12.2.6/12.2.7/12.2.9

Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Absence Recording, Maintenance).

4.3
2020-04-15 CVE-2020-2764 Oracle Unspecified vulnerability in Oracle Java Advanced Management Console 2.16

Vulnerability in the Java SE product of Oracle Java SE (component: Advanced Management Console).

4.3
2020-04-15 CVE-2020-2745 Oracle Unspecified vulnerability in Oracle Access Manager 11.1.2.3.0/12.2.1.3.0

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Federation).

4.3
2020-04-15 CVE-2020-2739 Oracle Unspecified vulnerability in Oracle Webcenter Sites 12.2.1.3.0

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI).

4.3
2020-04-15 CVE-2020-2524 Oracle Unspecified vulnerability in Oracle Knowledge

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: InQuira Search).

4.3
2020-04-15 CVE-2020-2522 Oracle Unspecified vulnerability in Oracle Knowledge 8.6.0/8.6.1

Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console).

4.3
2020-04-14 CVE-2020-7575 Siemens Cross-site Scripting vulnerability in Siemens Climatix Pol908 Firmware and Climatix Pol909 Firmware

A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32).

4.3
2020-04-14 CVE-2020-7574 Siemens Cross-site Scripting vulnerability in Siemens Climatix Pol908 Firmware and Climatix Pol909 Firmware

A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32).

4.3
2020-04-14 CVE-2020-6229 SAP Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages

SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME), versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not sufficiently encode user controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

4.3
2020-04-14 CVE-2020-6228 SAP Improper Validation of Integrity Check Value vulnerability in SAP Business Client 6.5/7.0

SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer.

4.3
2020-04-14 CVE-2020-6216 SAP Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2

SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

4.3
2020-04-13 CVE-2020-6442 Google
Debian
Fedoraproject
Opensuse
Exposure of Resource to Wrong Sphere vulnerability in multiple products

Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

4.3
2020-04-13 CVE-2020-6441 Google
Debian
Fedoraproject
Opensuse
Incorrect Default Permissions vulnerability in multiple products

Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.

4.3
2020-04-13 CVE-2020-6440 Google
Debian
Fedoraproject
Opensuse
Inappropriate implementation in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.
4.3
2020-04-13 CVE-2020-6438 Google
Debian
Fedoraproject
Opensuse
Information Exposure Through an Error Message vulnerability in multiple products

Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension.

4.3
2020-04-13 CVE-2020-6437 Google
Debian
Fedoraproject
Opensuse
Inappropriate implementation in WebView in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted application.
4.3
2020-04-13 CVE-2020-6435 Google
Debian
Fedoraproject
Opensuse
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.
4.3
2020-04-13 CVE-2020-6433 Google
Debian
Fedoraproject
Opensuse
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
4.3
2020-04-13 CVE-2020-6432 Google
Debian
Fedoraproject
Opensuse
Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
4.3
2020-04-13 CVE-2020-6431 Google
Debian
Fedoraproject
Opensuse
Incorrect Default Permissions vulnerability in multiple products

Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page.

4.3
2020-04-13 CVE-2020-11734 Cybersolutions Cross-site Scripting vulnerability in Cybersolutions Cybermail 5.0/6.0/7.0

cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the ACTION parameter.

4.3
2020-04-13 CVE-2019-1866 Cisco Insufficient Verification of Data Authenticity vulnerability in Cisco Webex Business Suite 39

Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application.

4.3
2020-04-16 CVE-2019-20741 Netgear Information Exposure vulnerability in Netgear Wac510 Firmware 1.3.0.10/5.0.0.17/5.0.5.4

NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of sensitive information.

4.0
2020-04-16 CVE-2020-7113 Arubanetworks Information Exposure vulnerability in Arubanetworks Clearpass

A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts.

4.0
2020-04-16 CVE-2020-11007 Shopizer Improper Input Validation vulnerability in Shopizer

In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total.

4.0
2020-04-16 CVE-2020-4260 IBM Information Exposure vulnerability in IBM Urbancode Deploy

IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permissions to obtain sensitive information via generic processes.

4.0
2020-04-15 CVE-2020-3252 Cisco Path Traversal vulnerability in Cisco UCS Director and UCS Director Express FOR BIG Data

Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device.

4.0
2020-04-15 CVE-2020-11660 Broadcom Information Exposure vulnerability in Broadcom CA API Developer Portal

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to view restricted sensitive information.

4.0
2020-04-15 CVE-2020-11659 Broadcom Authorization Bypass Through User-Controlled Key vulnerability in Broadcom CA API Developer Portal

CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action.

4.0
2020-04-15 CVE-2019-20638 Netgear Information Exposure vulnerability in Netgear Mr1100 Firmware

NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of administrative credentials.

4.0
2020-04-15 CVE-2019-4593 IBM
Linux
Information Exposure Through an Error Message vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that includes sensitive information that could be used in further attacks against the system.

4.0
2020-04-15 CVE-2020-2947 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Absence Management 9.2

Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft (component: Absence Management).

4.0
2020-04-15 CVE-2020-2912 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise CS Campus Community 9.2

Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Self-Service).

4.0
2020-04-15 CVE-2020-2906 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise SCM Purchasing 9.2

Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Supplier Change).

4.0
2020-04-15 CVE-2020-2829 Oracle Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Management Services).

4.0
2020-04-15 CVE-2020-2802 Oracle Unspecified vulnerability in Oracle Graalvm 19.3.1/20.0.0

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler).

4.0
2020-04-15 CVE-2020-2790 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth).
4.0
2020-04-15 CVE-2020-2738 Oracle Unspecified vulnerability in Oracle Siebel UI Framework

Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI, SWSE).

4.0
2020-04-15 CVE-2020-10513 Icatchinc Incorrect Permission Assignment for Critical Resource vulnerability in Icatchinc DVR Interface

The file management interface of iCatch DVR firmware before 20200103 contains broken access control which allows the attacker to remotely manipulate arbitrary file.

4.0
2020-04-14 CVE-2020-6233 SAP Missing Authorization vulnerability in SAP products

SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system.

4.0
2020-04-14 CVE-2020-6218 SAP Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2

Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to access information that should otherwise be restricted, leading to Information Disclosure.

4.0
2020-04-14 CVE-2020-4151 IBM Missing Authorization vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1/7.3.2

IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attacker to perform unauthorized actions due to improper input validation.

4.0

164 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-04-15 CVE-2020-2922 Oracle
Mariadb
Canonical
Netapp
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API).
3.7
2020-04-15 CVE-2020-2778 Oracle
Netapp
Debian
Canonical
Opensuse
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE).
3.7
2020-04-15 CVE-2020-2773 Oracle
Fedoraproject
Opensuse
Debian
Canonical
Mcafee
Netapp
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security).
3.7
2020-04-15 CVE-2020-2757 Oracle
Netapp
Fedoraproject
Opensuse
Canonical
Debian
Mcafee
Improper Handling of Exceptional Conditions vulnerability in multiple products

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).

3.7
2020-04-15 CVE-2020-2756 Oracle
Netapp
Fedoraproject
Debian
Canonical
Opensuse
Mcafee
Improper Handling of Exceptional Conditions vulnerability in multiple products

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).

3.7
2020-04-15 CVE-2020-2755 Oracle
Netapp
Fedoraproject
Opensuse
Debian
Canonical
Mcafee
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting).
3.7
2020-04-15 CVE-2020-2754 Oracle
Netapp
Fedoraproject
Opensuse
Canonical
Debian
Mcafee
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting).
3.7
2020-04-16 CVE-2019-10625 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Out of bound access in diag services when DCI command buffer reallocation is not done properly with required capacity in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCS605, Rennell, SC8180X, SDM429W, SDM710, SDX55, SM7150, SM8150

3.6
2020-04-16 CVE-2019-10623 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Possible integer overflow can happen in host driver while processing user controlled string due to improper validation on data received.

3.6
2020-04-16 CVE-2019-10622 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Out of bound memory access can happen while parsing ADSP message due to lack of check of size of payload received from userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCN7605, QCS605, SC8180X, SDM710, SDX24, SDX55, SM8150, SM8250, SXR2130

3.6
2020-04-16 CVE-2019-10574 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Lack of boundary checks for data offsets received from HLOS can lead to out-of-bound read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCM2150, QCS605, QM215, Rennell, SC7180, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130

3.6
2020-04-15 CVE-2019-20676 Netgear Missing Authorization vulnerability in Netgear products

Certain NETGEAR devices are affected by lack of access control at the function level.

3.6
2020-04-15 CVE-2020-0942 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'.

3.6
2020-04-15 CVE-2020-0936 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections, aka 'Windows Scheduled Task Elevation of Privilege Vulnerability'.

3.6
2020-04-15 CVE-2020-0900 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'.

3.6
2020-04-15 CVE-2020-0899 Microsoft Improper Privilege Management vulnerability in Microsoft Visual Studio 2017 and Visual Studio 2019

An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions, aka 'Microsoft Visual Studio Elevation of Privilege Vulnerability'.

3.6
2020-04-15 CVE-2020-2900 Oracle Unspecified vulnerability in Oracle Graalvm 19.3.1/20.0.0

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Tools).

3.6
2020-04-17 CVE-2020-5737 Tenable Cross-site Scripting vulnerability in Tenable Tenable.Sc 5.14.0/5.14.1

Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session.

3.5
2020-04-17 CVE-2019-4749 IBM Cross-site Scripting vulnerability in IBM products

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting.

3.5
2020-04-16 CVE-2020-5294 Prestashop Cross-site Scripting vulnerability in Prestashop Socialfollow

PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflected XSS with social networks fields The problem is fixed in 2.1.0

3.5
2020-04-16 CVE-2020-5273 Prestashop Cross-site Scripting vulnerability in Prestashop Linklist

In PrestaShop module ps_linklist versions before 3.1.0, there is a stored XSS when using custom URLs.

3.5
2020-04-16 CVE-2020-5266 Prestashop Cross-site Scripting vulnerability in Prestashop Link

In the ps_link module for PrestaShop before version 3.1.0, there is a stored XSS when you create or edit a link list block with the title field.

3.5
2020-04-16 CVE-2019-20752 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-16 CVE-2019-20750 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-16 CVE-2019-20749 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-16 CVE-2019-20746 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by reflected XSS.

3.5
2020-04-16 CVE-2019-20738 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-16 CVE-2020-7110 Arubanetworks Cross-site Scripting vulnerability in Arubanetworks Clearpass

ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack.

3.5
2020-04-16 CVE-2020-11813 Rukovoditel Cross-site Scripting vulnerability in Rukovoditel 2.5.2

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input.

3.5
2020-04-16 CVE-2019-20721 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-16 CVE-2019-20720 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-16 CVE-2019-20715 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-16 CVE-2019-20714 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2019-20678 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2019-20677 Netgear Cross-site Scripting vulnerability in Netgear Rbk50 Firmware, Rbr50 Firmware and Rbs50 Firmware

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2019-20675 Netgear Cross-site Scripting vulnerability in Netgear Rbk50 Firmware, Rbr50 Firmware and Rbs50 Firmware

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2019-20674 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2019-20673 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2019-20672 Netgear Cross-site Scripting vulnerability in Netgear Rbk50 Firmware, Rbr50 Firmware and Rbs50 Firmware

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2019-20671 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2019-20670 Netgear Cross-site Scripting vulnerability in Netgear Rbk50 Firmware, Rbr50 Firmware and Rbs50 Firmware

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2019-20669 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2019-20668 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2019-20667 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2019-20666 Netgear Cross-site Scripting vulnerability in Netgear Rbk50 Firmware, Rbr50 Firmware and Rbs50 Firmware

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2019-20665 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2019-20664 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2019-20660 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2020-3953 Vmware Cross-site Scripting vulnerability in VMWare Vrealize LOG Insight

Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.

3.5
2020-04-15 CVE-2020-11787 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2019-20645 Netgear Cross-site Scripting vulnerability in Netgear Rax40 Firmware

NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS.

3.5
2020-04-15 CVE-2019-20644 Netgear Cross-site Scripting vulnerability in Netgear Rax40 Firmware

NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS.

3.5
2020-04-15 CVE-2019-20639 Netgear Cross-site Scripting vulnerability in Netgear Rbk50 Firmware, Rbr50 Firmware and Rbs50 Firmware

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2020-11786 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2020-11785 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2020-11784 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2019-19390 Matrix42 Cross-site Scripting vulnerability in Matrix42 Workspace Management 9.1.2.2765

The Search parameter of the Software Catalogue section of Matrix42 Workspace Management 9.1.2.2765 and below accepts unfiltered parameters that lead to multiple reflected XSS issues.

3.5
2020-04-15 CVE-2020-4268 IBM Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scripting.

3.5
2020-04-15 CVE-2020-11783 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2020-11782 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2020-11781 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2020-11780 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2020-11779 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2020-1049 Microsoft Cross-site Scripting vulnerability in Microsoft Dynamics 365 Server 9.0

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.

3.5
2020-04-15 CVE-2020-0978 Microsoft Cross-site Scripting vulnerability in Microsoft products

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

3.5
2020-04-15 CVE-2020-0977 Microsoft Improper Input Validation vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.

3.5
2020-04-15 CVE-2020-0976 Microsoft Improper Input Validation vulnerability in Microsoft products

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.

3.5
2020-04-15 CVE-2020-0975 Microsoft Improper Input Validation vulnerability in Microsoft products

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.

3.5
2020-04-15 CVE-2020-0973 Microsoft Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

3.5
2020-04-15 CVE-2020-0972 Microsoft Improper Input Validation vulnerability in Microsoft products

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.

3.5
2020-04-15 CVE-2020-0954 Microsoft Cross-site Scripting vulnerability in Microsoft products

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

3.5
2020-04-15 CVE-2020-0933 Microsoft Cross-site Scripting vulnerability in Microsoft products

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

3.5
2020-04-15 CVE-2020-0930 Microsoft Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

3.5
2020-04-15 CVE-2020-0927 Microsoft Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

3.5
2020-04-15 CVE-2020-0926 Microsoft Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

3.5
2020-04-15 CVE-2020-0925 Microsoft Cross-site Scripting vulnerability in Microsoft products

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

3.5
2020-04-15 CVE-2020-0924 Microsoft Cross-site Scripting vulnerability in Microsoft products

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

3.5
2020-04-15 CVE-2020-0923 Microsoft Cross-site Scripting vulnerability in Microsoft products

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

3.5
2020-04-15 CVE-2020-2806 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling).
3.5
2020-04-15 CVE-2020-2799 Oracle Unspecified vulnerability in Oracle Graalvm 19.3.1/20.0.0

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler).

3.5
2020-04-15 CVE-2020-2769 Oracle Unspecified vulnerability in Oracle Hyperion Financial Reporting 11.1.2.4

Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Web Based Report Designer).

3.5
2020-04-15 CVE-2020-2734 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the RDBMS/Optimizer component of Oracle Database Server.

3.5
2020-04-15 CVE-2020-11778 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2020-11777 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by Stored XSS.

3.5
2020-04-15 CVE-2020-11776 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2020-11775 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2020-11774 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2020-11773 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2020-11772 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2020-11771 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2020-11769 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-04-15 CVE-2020-11768 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by Stored XSS.

3.5
2020-04-15 CVE-2019-19500 Matrix42 Cross-site Scripting vulnerability in Matrix42 Workspace Management 9.1.2.2765

Matrix42 Workspace Management 9.1.2.2765 and below allows stored XSS via unfiltered description parameters, as demonstrated by the comment field of a special order for individual software.

3.5
2020-04-14 CVE-2020-11001 Torchbox Cross-site Scripting vulnerability in Torchbox Wagtail

In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XSS) vulnerability exists on the page revision comparison view within the Wagtail admin interface.

3.5
2020-04-14 CVE-2020-6231 SAP Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2

SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

3.5
2020-04-14 CVE-2020-6226 SAP Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2

SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

3.5
2020-04-14 CVE-2020-6224 SAP Information Exposure vulnerability in SAP Netweaver Application Server Java

SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure.

3.5
2020-04-14 CVE-2020-6222 SAP Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2

SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface), versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

3.5
2020-04-14 CVE-2020-6221 SAP Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2

Web Intelligence HTML interface in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

3.5
2020-04-14 CVE-2020-9461 Octech Cross-site Scripting vulnerability in Octech Oempro

Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user.

3.5
2020-04-14 CVE-2020-9460 Octech Cross-site Scripting vulnerability in Octech Oempro

Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user.

3.5
2020-04-13 CVE-2020-3126 Cisco Improper Input Validation vulnerability in Cisco Webex Meetings Server T39.3

vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections.

3.5
2020-04-16 CVE-2019-20717 Netgear Improper Input Validation vulnerability in Netgear products

Certain NETGEAR devices are affected by denial of service.

3.3
2020-04-16 CVE-2019-20698 Netgear Information Exposure vulnerability in Netgear Wac505 Firmware and Wac510 Firmware

Certain NETGEAR devices are affected by disclosure of sensitive information.

3.3
2020-04-15 CVE-2020-3260 Cisco Resource Exhaustion vulnerability in Cisco products

A vulnerability in Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device.

3.3
2020-04-15 CVE-2019-20658 Netgear Information Exposure vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of sensitive information.

3.3
2020-04-15 CVE-2019-20656 Netgear Use of Hard-coded Credentials vulnerability in Netgear products

Certain NETGEAR devices are affected by a hardcoded password.

3.3
2020-04-15 CVE-2019-20653 Netgear Improper Input Validation vulnerability in Netgear Wac505 Firmware and Wac510 Firmware

Certain NETGEAR devices are affected by denial of service.

3.3
2020-04-15 CVE-2020-0576 Intel Classic Buffer Overflow vulnerability in Intel Compute Module Mfs2600Ki Firmware

Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable denial of service via adjacent access.

3.3
2020-04-15 CVE-2020-0558 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Proset/Wireless Wifi

Improper buffer restrictions in kernel mode driver for Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an unprivileged user to potentially enable denial of service via adjacent access.

3.3
2020-04-13 CVE-2020-11736 Gnome
Debian
Canonical
Link Following vulnerability in multiple products

fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

3.3
2020-04-16 CVE-2019-20759 Netgear Cross-site Scripting vulnerability in Netgear R9000 Firmware

NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS.

2.9
2020-04-16 CVE-2019-20743 Netgear Cross-site Scripting vulnerability in Netgear Wac510 Firmware

NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.

2.9
2020-04-16 CVE-2019-20742 Netgear Cross-site Scripting vulnerability in Netgear Wac510 Firmware

NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.

2.9
2020-04-14 CVE-2018-6402 Ecobee Use of a Broken or Risky Cryptographic Algorithm vulnerability in Ecobee Ecobee4 Firmware 4.2.0.171

Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal.

2.9
2020-04-16 CVE-2019-20744 Netgear Information Exposure vulnerability in Netgear Wac510 Firmware 1.3.0.10/5.0.0.17/5.0.5.4

NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of sensitive information.

2.7
2020-04-15 CVE-2019-20648 Netgear Improper Input Validation vulnerability in Netgear Rn42400 Firmware

NETGEAR RN42400 devices before 6.10.2 are affected by incorrect configuration of security settings.

2.7
2020-04-15 CVE-2019-20647 Netgear Unspecified vulnerability in Netgear Rax40 Firmware 1.0.3.62

NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of service.

2.7
2020-04-15 CVE-2020-11767 Envoyproxy
Istio
Information Exposure vulnerability in multiple products

Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue.

2.6
2020-04-15 CVE-2020-2771 Oracle Unspecified vulnerability in Oracle Solaris 10/11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Whodo).

2.5
2020-04-15 CVE-2019-20663 Netgear Cross-site Scripting vulnerability in Netgear Rbk50 Firmware, Rbr50 Firmware and Rbs50 Firmware

Certain NETGEAR devices are affected by stored XSS.

2.3
2020-04-15 CVE-2019-20662 Netgear Cross-site Scripting vulnerability in Netgear Rbk50 Firmware, Rbr50 Firmware and Rbs50 Firmware

Certain NETGEAR devices are affected by stored XSS.

2.3
2020-04-15 CVE-2019-20661 Netgear Cross-site Scripting vulnerability in Netgear Rbk50 Firmware, Rbr50 Firmware and Rbs50 Firmware

Certain NETGEAR devices are affected by stored XSS.

2.3
2020-04-15 CVE-2020-2933 Oracle
Fedoraproject
Debian
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).
2.2
2020-04-17 CVE-2020-0077 Google Out-of-bounds Read vulnerability in Google Android

In authorize_enroll of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check.

2.1
2020-04-17 CVE-2020-0075 Google Out-of-bounds Read vulnerability in Google Android

In set_shared_key of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check.

2.1
2020-04-17 CVE-2020-0068 Google Out-of-bounds Read vulnerability in Google Android

In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds read due to an integer overflow.

2.1
2020-04-17 CVE-2020-0067 Google
Canonical
Out-of-bounds Read vulnerability in multiple products

In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check.

2.1
2020-04-17 CVE-2019-20784 Google Unspecified vulnerability in Google Android

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (MTK chipsets) software.

2.1
2020-04-17 CVE-2019-20779 Google Improper Input Validation vulnerability in Google Android

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software.

2.1
2020-04-17 CVE-2019-20776 Google Improper Input Validation vulnerability in Google Android

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software.

2.1
2020-04-17 CVE-2019-20775 Google Inadequate Encryption Strength vulnerability in Google Android 9.0

An issue was discovered on LG mobile devices with Android OS 9.0 (Qualcomm SDM450, SDM845, SM6150, and SM8150 chipsets) software.

2.1
2020-04-17 CVE-2019-20774 Google Information Exposure vulnerability in Google Android

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software.

2.1
2020-04-16 CVE-2019-20729 Netgear Improper Input Validation vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

2.1
2020-04-16 CVE-2020-4338 IBM Information Exposure vulnerability in IBM MQ

IBM MQ 9.1.4 could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data.

2.1
2020-04-16 CVE-2019-10608 Qualcomm Unspecified vulnerability in Qualcomm products

Information disclosure issue occurs as there is no binding between the secure keypad session and the secure display session that allows user to take control of the REE to stop the secure keypad session and read the keypad input.

2.1
2020-04-16 CVE-2019-10523 Qualcomm Information Exposure vulnerability in Qualcomm products

Target specific data is being sent to remote server and leads to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCA6574AU, QCS605, Rennell, SDA660, SDM429W, SDM439, SDM450, SDM710, SDM845, SM7150, SM8150, SM8250, SXR2130

2.1
2020-04-16 CVE-2019-10483 Qualcomm Information Exposure vulnerability in Qualcomm products

Side channel issue in QTEE due to usage of non-time-constant comparison function such as memcmp or strcmp in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130

2.1
2020-04-15 CVE-2020-5721 Mikrotik Insufficiently Protected Credentials vulnerability in Mikrotik Winbox

MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set.

2.1
2020-04-15 CVE-2019-20652 Netgear Information Exposure vulnerability in Netgear Wac505 Firmware

NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of sensitive information.

2.1
2020-04-15 CVE-2020-1016 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows Push Notification Service improperly handles objects in memory, aka 'Windows Push Notification Service Information Disclosure Vulnerability'.

2.1
2020-04-15 CVE-2020-1007 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'.

2.1
2020-04-15 CVE-2020-1005 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'.

2.1
2020-04-15 CVE-2020-0987 Microsoft Out-of-bounds Read vulnerability in Microsoft products

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'.

2.1
2020-04-15 CVE-2020-0982 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'.

2.1
2020-04-15 CVE-2020-0962 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.

2.1
2020-04-15 CVE-2020-0955 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure in CPU Memory Access'.

2.1
2020-04-15 CVE-2020-0943 Microsoft Improper Authentication vulnerability in Microsoft Your Phone Companion

An authentication bypass vulnerability exists in Microsoft YourPhoneCompanion application for Android, in the way the application processes notifications generated by work profiles.This could allow an unauthenticated attacker to view notifications, aka 'Microsoft YourPhone Application for Android Authentication Bypass Vulnerability'.

2.1
2020-04-15 CVE-2020-0935 Microsoft Improper Privilege Management vulnerability in Microsoft Onedrive

An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links, aka 'OneDrive for Windows Elevation of Privilege Vulnerability'.

2.1
2020-04-15 CVE-2020-0821 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'.

2.1
2020-04-15 CVE-2020-0699 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.

2.1
2020-04-15 CVE-2020-2951 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
2.1
2020-04-15 CVE-2020-2910 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
2.1
2020-04-15 CVE-2020-2777 Oracle Unspecified vulnerability in Oracle Hyperion Financial Management 11.1.2.4

Vulnerability in the Hyperion Financial Management product of Oracle Hyperion (component: Security).

2.1
2020-04-15 CVE-2020-2749 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF command svcbundle).

2.1
2020-04-15 CVE-2020-2748 Oracle
Opensuse
Out-of-bounds Read vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2020-04-15 CVE-2020-2743 Oracle
Opensuse
Out-of-bounds Read vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2020-04-15 CVE-2020-2741 Oracle
Opensuse
Out-of-bounds Read vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

2.1
2020-04-14 CVE-2020-11005 Windowshello Project Use of a Broken or Risky Cryptographic Algorithm vulnerability in Windowshello Project Windowshello

The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication.

2.1
2020-04-14 CVE-2020-8324 Lenovo Improper Input Validation vulnerability in Lenovo System Interface Foundation 1.1.18.3/1.1.19.3/1.1.19.5

A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed.

2.1
2020-04-14 CVE-2020-8316 Lenovo Unspecified vulnerability in Lenovo Vantage 10.2001.12.0

A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges.

2.1
2020-04-14 CVE-2020-11723 Cellebrite Use of Hard-coded Credentials vulnerability in Cellebrite Ufed Firmware 5.0/7.5.0.845

Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB daemon on target devices.

2.1
2020-04-14 CVE-2020-7958 Oneplus Information Exposure vulnerability in Oneplus 7 PRO Firmware

An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA.

2.1
2020-04-15 CVE-2020-0568 Intel Race Condition vulnerability in Intel Driver & Support Assistant

Race condition in the Intel(R) Driver and Support Assistant before version 20.1.5 may allow an authenticated user to potentially enable denial of service via local access.

1.9