Weekly Vulnerabilities Reports > April 20 to 26, 2020
Overview
423 new vulnerabilities reported during this period, including 43 critical vulnerabilities and 185 high severity vulnerabilities. This weekly summary report vulnerabilities in 309 products from 104 vendors including Netgear, Foxitsoftware, Canonical, Prestashop, and Jetbrains. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "Injection", "Information Exposure", and "Cross-Site Request Forgery (CSRF)".
- 214 reported vulnerabilities are remotely exploitables.
- 126 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 276 reported vulnerabilities are exploitable by an anonymous user.
- Netgear has the most reported vulnerabilities, with 212 reported vulnerabilities.
- Netgear has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
43 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-04-23 | CVE-2020-12079 | Beakerbrowser | Unspecified vulnerability in Beakerbrowser Beaker Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. | 10.0 |
2020-04-22 | CVE-2020-7055 | Elementor | Unrestricted Upload of File with Dangerous Type vulnerability in Elementor Page Builder An issue was discovered in Elementor 2.7.4. | 9.9 |
2020-04-26 | CVE-2020-12265 | Decompress Project | Link Following vulnerability in Decompress Project Decompress The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal. | 9.8 |
2020-04-24 | CVE-2020-7133 | HP | Unspecified vulnerability in HP HPE IOT + GCP A unauthorized remote access vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. | 9.8 |
2020-04-24 | CVE-2020-6826 | Mozilla | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. | 9.8 |
2020-04-24 | CVE-2020-6825 | Mozilla | Out-of-bounds Write vulnerability in Mozilla Firefox Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. | 9.8 |
2020-04-24 | CVE-2020-6823 | Mozilla | Missing Authorization vulnerability in Mozilla Firefox A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. | 9.8 |
2020-04-24 | CVE-2020-5868 | F5 | OS Command Injection vulnerability in F5 Big-Iq Centralized Management In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discovered that may allow a remote user to execute shell commands on affected systems using HTTP requests to the BIG-IQ user interface. | 9.8 |
2020-04-24 | CVE-2020-12134 | Nanometrics | Missing Release of Resource after Effective Lifetime vulnerability in Nanometrics Centaur and Titansma Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log. | 9.8 |
2020-04-23 | CVE-2018-21162 | Netgear | OS Command Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 9.8 |
2020-04-23 | CVE-2018-21161 | Netgear | Unspecified vulnerability in Netgear D7800 Firmware, R7800 Firmware and R9000 Firmware Certain NETGEAR devices are affected by incorrect configuration of security settings. | 9.8 |
2020-04-23 | CVE-2018-21137 | Netgear | Use of Hard-coded Credentials vulnerability in Netgear D3600 Firmware and D6000 Firmware Certain NETGEAR devices are affected by a hardcoded password. | 9.8 |
2020-04-23 | CVE-2018-21134 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 9.8 |
2020-04-23 | CVE-2018-21133 | Netgear | Out-of-bounds Write vulnerability in Netgear Wac505 Firmware and Wac510 Firmware Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 9.8 |
2020-04-23 | CVE-2018-21132 | Netgear | Missing Authentication for Critical Function vulnerability in Netgear Wac505 Firmware and Wac510 Firmware Certain NETGEAR devices are affected by authentication bypass. | 9.8 |
2020-04-23 | CVE-2019-20788 | Libvnc Project Canonical Debian Siemens | Integer Overflow or Wraparound vulnerability in multiple products libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. | 9.8 |
2020-04-23 | CVE-2020-4415 | IBM | Out-of-bounds Write vulnerability in IBM Spectrum Protect IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. | 9.8 |
2020-04-23 | CVE-2020-11945 | Squid Cache Debian Opensuse Fedoraproject Canonical | Integer Overflow or Wraparound vulnerability in multiple products An issue was discovered in Squid before 5.0.2. | 9.8 |
2020-04-23 | CVE-2020-11939 | Ntop | Integer Overflow or Wraparound vulnerability in Ntop Ndpi In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. | 9.8 |
2020-04-23 | CVE-2019-8359 | Contiki OS Contiki NG | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. | 9.8 |
2020-04-22 | CVE-2020-10915 | Veeam | Deserialization of Untrusted Data vulnerability in Veeam ONE 9.5.4.4587 This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. | 9.8 |
2020-04-22 | CVE-2020-10914 | Veeam | Deserialization of Untrusted Data vulnerability in Veeam ONE 9.5.4.4587 This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. | 9.8 |
2020-04-22 | CVE-2020-7489 | Schneider Electric | Injection vulnerability in Schneider-Electric products A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notification). | 9.8 |
2020-04-22 | CVE-2020-7487 | Schneider Electric | Insufficient Verification of Data Authenticity vulnerability in Schneider-Electric products A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. | 9.8 |
2020-04-22 | CVE-2019-20787 | Teeworlds Opensuse | Integer Overflow or Wraparound vulnerability in multiple products Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size. | 9.8 |
2020-04-22 | CVE-2019-19104 | ABB Busch Jaeger | Missing Authentication for Critical Function vulnerability in multiple products The web server in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows access to different endpoints of the application without authenticating by accessing a specific uniform resource locator (URL) , violating the access-control (ACL) rules. | 9.8 |
2020-04-22 | CVE-2020-11796 | Jetbrains | Improper Authentication vulnerability in Jetbrains Space In JetBrains Space through 2020-04-22, the password authentication implementation was insecure. | 9.8 |
2020-04-22 | CVE-2020-11690 | Jetbrains | Unspecified vulnerability in Jetbrains Intellij Idea In JetBrains IntelliJ IDEA before 2020.1, the license server could be resolved to an untrusted host in some cases. | 9.8 |
2020-04-21 | CVE-2020-10569 | Sysaid | Unrestricted Upload of File with Dangerous Type vulnerability in Sysaid On-Premise 20.1.11 SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. | 9.8 |
2020-04-21 | CVE-2020-11967 | Evenroute | Missing Authorization vulnerability in Evenroute Iqrouter Firmware 3.3.1 In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. | 9.8 |
2020-04-21 | CVE-2020-11966 | Evenroute | Weak Password Requirements vulnerability in Evenroute Iqrouter Firmware 3.3.1 In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote attackers to change the root password arbitrarily. | 9.8 |
2020-04-21 | CVE-2020-11965 | Evenroute | Improper Authentication vulnerability in Evenroute Iqrouter Firmware 3.3.1 In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. | 9.8 |
2020-04-21 | CVE-2020-11963 | Evenroute | OS Command Injection vulnerability in Evenroute Iqrouter Firmware 3.3.1 IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. | 9.8 |
2020-04-20 | CVE-2020-9279 | Dlink | Use of Hard-coded Credentials vulnerability in Dlink Dsl-2640B Firmware Eu4.01B An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. | 9.8 |
2020-04-20 | CVE-2020-9277 | Dlink | Improper Authentication vulnerability in Dlink Dsl-2640B Firmware Eu4.01B An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. | 9.8 |
2020-04-20 | CVE-2020-9275 | Dlink | Missing Authentication for Critical Function vulnerability in Dlink Dsl-2640B Firmware Eu4.01B An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. | 9.8 |
2020-04-20 | CVE-2020-11928 | Davidlingren | Unspecified vulnerability in Davidlingren Media Library Assistant In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin. | 9.8 |
2020-04-20 | CVE-2019-19108 | BR Automation | Use of Hard-coded Credentials vulnerability in Br-Automation Automation Studio An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP. | 9.4 |
2020-04-24 | CVE-2020-5869 | F5 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in F5 Big-Iq Centralized Management In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / modify confidential data in transit. | 9.1 |
2020-04-23 | CVE-2018-21131 | Netgear | Unspecified vulnerability in Netgear Wac505 Firmware and Wac510 Firmware Certain NETGEAR devices are affected by unauthenticated firmware downgrade. | 9.1 |
2020-04-22 | CVE-2019-19106 | ABB Busch Jaeger | Improper implementation of Access Control in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway allows an unauthorized user to access data marked as restricted, such as viewing or editing user profiles and application settings. | 9.1 |
2020-04-20 | CVE-2020-9278 | Dlink | Missing Authentication for Critical Function vulnerability in Dlink Dsl-2640B Firmware Eu4.01B An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. | 9.1 |
2020-04-24 | CVE-2020-7131 | HP | Out-of-bounds Write vulnerability in HP products This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products. | 9.0 |
185 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-04-24 | CVE-2020-6822 | Mozilla | Out-of-bounds Write vulnerability in Mozilla Firefox On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. | 8.8 |
2020-04-24 | CVE-2019-4750 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cloud APP Management 2019.3.0/2019.4.0 IBM Cloud App Management 2019.3.0 and 2019.4.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
2020-04-24 | CVE-2017-18705 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 8.8 |
2020-04-24 | CVE-2017-18703 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF. | 8.8 |
2020-04-24 | CVE-2017-18727 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-24 | CVE-2017-18726 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-24 | CVE-2017-18725 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-24 | CVE-2017-18724 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-24 | CVE-2017-18723 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-24 | CVE-2017-18722 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-24 | CVE-2017-18721 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-24 | CVE-2017-18720 | Netgear | Improper Authentication vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 8.8 |
2020-04-24 | CVE-2017-18719 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-24 | CVE-2017-18718 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-24 | CVE-2017-18717 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-24 | CVE-2017-18716 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-24 | CVE-2017-18711 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 8.8 |
2020-04-24 | CVE-2017-18708 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear R8300 Firmware and R8500 Firmware Certain NETGEAR devices are affected by CSRF. | 8.8 |
2020-04-24 | CVE-2017-18731 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 8.8 |
2020-04-24 | CVE-2017-18730 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-24 | CVE-2017-18729 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-24 | CVE-2017-18728 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-24 | CVE-2019-15793 | Linux Canonical | Incorrect Default Permissions vulnerability in multiple products In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. | 8.8 |
2020-04-23 | CVE-2018-21160 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Readynas OS NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF. | 8.8 |
2020-04-23 | CVE-2018-21138 | Netgear | Unspecified vulnerability in Netgear D3600 Firmware and D6000 Firmware Certain NETGEAR devices are affected by incorrect configuration of security settings. | 8.8 |
2020-04-23 | CVE-2018-21102 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Readynas OS Firmware NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF. | 8.8 |
2020-04-23 | CVE-2017-18739 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-23 | CVE-2017-18738 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-23 | CVE-2017-18737 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
2020-04-23 | CVE-2017-18736 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
2020-04-23 | CVE-2017-18735 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
2020-04-23 | CVE-2017-18734 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
2020-04-23 | CVE-2017-18733 | Netgear | Improper Authentication vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 8.8 |
2020-04-23 | CVE-2017-18732 | Netgear | Improper Authentication vulnerability in Netgear Plw1000 Firmware, Plw1010 Firmware and R6300 Firmware Certain NETGEAR devices are affected by authentication bypass. | 8.8 |
2020-04-23 | CVE-2017-18751 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-23 | CVE-2017-18750 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-23 | CVE-2017-18749 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF. | 8.8 |
2020-04-23 | CVE-2017-18748 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 8.8 |
2020-04-23 | CVE-2017-18744 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. | 8.8 |
2020-04-23 | CVE-2017-18743 | Netgear | Improper Authentication vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 8.8 |
2020-04-23 | CVE-2017-18742 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF. | 8.8 |
2020-04-23 | CVE-2020-4202 | IBM | Unspecified vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). | 8.8 |
2020-04-23 | CVE-2020-12077 | Mappresspro | Unrestricted Upload of File with Dangerous Type vulnerability in Mappresspro Mappress The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution. | 8.8 |
2020-04-23 | CVE-2020-12076 | Supsystic | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Data Tables Generator The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. | 8.8 |
2020-04-23 | CVE-2020-12075 | Supsystic | Incorrect Default Permissions vulnerability in Supsystic Data Tables Generator The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions. | 8.8 |
2020-04-23 | CVE-2020-12074 | Webtoffee | Improper Privilege Management vulnerability in Webtoffee Import Export Wordpress Users The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV. | 8.8 |
2020-04-23 | CVE-2020-12073 | Cyberchimps | Unspecified vulnerability in Cyberchimps Gutenberg & Elementor Templates Importer for Responsive The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/admin-ajax.php?action= requests. | 8.8 |
2020-04-22 | CVE-2020-10892 | Foxitsoftware | Cross-Site Request Forgery (CSRF) vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. | 8.8 |
2020-04-22 | CVE-2020-10890 | Foxitsoftware | Cross-Site Request Forgery (CSRF) vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. | 8.8 |
2020-04-22 | CVE-2018-21130 | Netgear | OS Command Injection vulnerability in Netgear Wac505 Firmware and Wac510 Firmware Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
2020-04-22 | CVE-2018-21128 | Netgear | Improper Authentication vulnerability in Netgear Wac505 Firmware and Wac510 Firmware Certain NETGEAR devices are affected by authentication bypass. | 8.8 |
2020-04-22 | CVE-2018-21127 | Netgear | OS Command Injection vulnerability in Netgear Wac505 Firmware and Wac510 Firmware Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
2020-04-22 | CVE-2020-11011 | Phproject | Unrestricted Upload of File with Dangerous Type vulnerability in PHProject In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. | 8.8 |
2020-04-22 | CVE-2017-18756 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 8.8 |
2020-04-22 | CVE-2017-18755 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF. | 8.8 |
2020-04-22 | CVE-2018-21126 | Netgear | OS Command Injection vulnerability in Netgear Wac505 Firmware and Wac510 Firmware Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
2020-04-22 | CVE-2018-21125 | Netgear | Improper Authentication vulnerability in Netgear Wac510 Firmware 1.3.0.10 NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication bypass. | 8.8 |
2020-04-22 | CVE-2018-21124 | Netgear | Improper Privilege Management vulnerability in Netgear Wac505 Firmware and Wac510 Firmware NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escalation. | 8.8 |
2020-04-22 | CVE-2018-21123 | Netgear | Injection vulnerability in Netgear Wc7500 Firmware, Wc7520 Firmware and Wc7600 Firmware Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
2020-04-22 | CVE-2018-21121 | Netgear | Improper Authentication vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 8.8 |
2020-04-22 | CVE-2018-21118 | Netgear | Improper Authentication vulnerability in Netgear Xr500 Firmware 2.3.2.22 NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass. | 8.8 |
2020-04-22 | CVE-2017-18768 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF. | 8.8 |
2020-04-22 | CVE-2017-18764 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
2020-04-22 | CVE-2017-18762 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
2020-04-22 | CVE-2020-8477 | ABB | Cross-site Scripting vulnerability in ABB 800Xa Information Manager The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. | 8.8 |
2020-04-22 | CVE-2018-21117 | Netgear | Unspecified vulnerability in Netgear Xr500 Firmware 2.3.2.22 NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers via the traceroute handler. | 8.8 |
2020-04-22 | CVE-2018-21116 | Netgear | Unspecified vulnerability in Netgear Xr500 Firmware 2.3.2.22 NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers. | 8.8 |
2020-04-22 | CVE-2018-21115 | Netgear | Improper Input Validation vulnerability in Netgear Xr500 Firmware 2.3.2.22 NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers. | 8.8 |
2020-04-22 | CVE-2018-21113 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. | 8.8 |
2020-04-22 | CVE-2017-18782 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF. | 8.8 |
2020-04-22 | CVE-2017-18781 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF. | 8.8 |
2020-04-22 | CVE-2017-18775 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF. | 8.8 |
2020-04-22 | CVE-2017-18772 | Netgear | Improper Authentication vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 8.8 |
2020-04-21 | CVE-2019-17525 | Dlink | Improper Restriction of Excessive Authentication Attempts vulnerability in Dlink Dir-615 Firmware 20.10 The login page on D-Link DIR-615 T1 20.10 devices allows remote attackers to bypass the CAPTCHA protection mechanism and conduct brute-force attacks. | 8.8 |
2020-04-21 | CVE-2017-18791 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF. | 8.8 |
2020-04-21 | CVE-2020-10787 | Vestacp | Unspecified vulnerability in Vestacp Vesta Control Panel An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script). | 8.8 |
2020-04-21 | CVE-2020-10786 | Vestacp | Incorrect Authorization vulnerability in Vestacp Vesta Control Panel A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs. | 8.8 |
2020-04-20 | CVE-2020-9276 | Dlink | Out-of-bounds Write vulnerability in Dlink Dsl-2640B Firmware Eu4.01B An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. | 8.8 |
2020-04-20 | CVE-2020-11010 | Tortoise ORM Project | SQL Injection vulnerability in Tortoise ORM Project Tortoise ORM In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. | 8.8 |
2020-04-20 | CVE-2020-11753 | Sonatype | Incorrect Authorization vulnerability in Sonatype Nexus Repository Manager 3 3.21.1/3.22.0 An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. | 8.8 |
2020-04-20 | CVE-2017-18848 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF. | 8.8 |
2020-04-20 | CVE-2017-18842 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF. | 8.8 |
2020-04-20 | CVE-2017-18852 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF and authentication bypass. | 8.8 |
2020-04-22 | CVE-2017-18776 | Netgear | Improper Authentication vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 8.4 |
2020-04-21 | CVE-2017-18794 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection. | 8.4 |
2020-04-21 | CVE-2017-18792 | Netgear | Injection vulnerability in Netgear D6100 Firmware NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command injection. | 8.4 |
2020-04-20 | CVE-2017-18850 | Netgear | Improper Authentication vulnerability in Netgear products Certain NETGEAR devices are affected by authentication bypass. | 8.4 |
2020-04-20 | CVE-2020-5569 | Toshiba | Unquoted Search Path or Element vulnerability in Toshiba Password Tool for Windows 1.20.6620 An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. | 8.4 |
2020-04-23 | CVE-2020-12118 | Binance | Incorrect Default Permissions vulnerability in Binance Tss-Lib 1.0.0/1.1.0/1.1.1 The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from other parties. | 8.2 |
2020-04-22 | CVE-2020-10712 | Redhat | Unspecified vulnerability in Redhat Openshift Container Platform A flaw was found in OpenShift Container Platform version 4.1 and later. | 8.2 |
2020-04-24 | CVE-2020-6820 | Mozilla | Race Condition vulnerability in Mozilla Thunderbird Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. | 8.1 |
2020-04-24 | CVE-2020-6819 | Mozilla | Use After Free vulnerability in Mozilla Thunderbird Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. | 8.1 |
2020-04-24 | CVE-2020-5870 | F5 | Missing Authentication for Critical Function vulnerability in F5 Big-Iq Centralized Management In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanisms do not use any form of authentication for connecting to the peer. | 8.1 |
2020-04-23 | CVE-2020-5867 | F5 Netapp | Download of Code Without Integrity Check vulnerability in multiple products In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages | 8.1 |
2020-04-22 | CVE-2020-11539 | Titan | Cleartext Transmission of Sensitive Information vulnerability in Titan SF Rush Smart Band Firmware 1.12 An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. | 8.1 |
2020-04-21 | CVE-2020-1757 | Redhat | Improper Input Validation vulnerability in Redhat products A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass. | 8.1 |
2020-04-23 | CVE-2018-21101 | Netgear | OS Command Injection vulnerability in Netgear R7800 Firmware NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | 8.0 |
2020-04-22 | CVE-2017-18758 | Netgear | Out-of-bounds Write vulnerability in Netgear R6700 Firmware, R6800 Firmware and R6900 Firmware Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 8.0 |
2020-04-22 | CVE-2018-21120 | Netgear | Cross-Site Request Forgery (CSRF) vulnerability in Netgear products Certain NETGEAR devices are affected by CSRF. | 8.0 |
2020-04-26 | CVE-2020-12254 | Avira | Link Following vulnerability in Avira Antivirus 1.0.2303.633 Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink. | 7.8 |
2020-04-24 | CVE-2017-18709 | Netgear | Unspecified vulnerability in Netgear R8300 Firmware and R8500 Firmware Certain NETGEAR devices are affected by incorrect configuration of security settings. | 7.8 |
2020-04-24 | CVE-2019-15792 | Linux Canonical | Type Confusion vulnerability in multiple products In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() calls fdget(oldfd), then without further checks passes the resulting file* into shiftfs_real_fdget(), which casts file->private_data, a void* that points to a filesystem-dependent type, to a "struct shiftfs_file_info *". | 7.8 |
2020-04-24 | CVE-2019-15791 | Linux Canonical | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. | 7.8 |
2020-04-22 | CVE-2020-7350 | Rapid7 | OS Command Injection vulnerability in Rapid7 Metasploit Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. | 7.8 |
2020-04-22 | CVE-2020-10913 | Foxitsoftware | Type Confusion vulnerability in Foxitsoftware Foxit Reader This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. | 7.8 |
2020-04-22 | CVE-2020-10912 | Foxitsoftware | Type Confusion vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. | 7.8 |
2020-04-22 | CVE-2020-10911 | Foxitsoftware | Type Confusion vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. | 7.8 |
2020-04-22 | CVE-2020-10910 | Foxitsoftware | Type Confusion vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. | 7.8 |
2020-04-22 | CVE-2020-10909 | Foxitsoftware | Type Confusion vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. | 7.8 |
2020-04-22 | CVE-2020-10908 | Foxitsoftware | Type Confusion vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. | 7.8 |
2020-04-22 | CVE-2020-10907 | Foxitsoftware | Use After Free vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. | 7.8 |
2020-04-22 | CVE-2020-10906 | Foxitsoftware | Use After Free vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. | 7.8 |
2020-04-22 | CVE-2020-10904 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. | 7.8 |
2020-04-22 | CVE-2020-10902 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. | 7.8 |
2020-04-22 | CVE-2020-10900 | Foxitsoftware | Use After Free vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. | 7.8 |
2020-04-22 | CVE-2020-10899 | Foxitsoftware | Use After Free vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. | 7.8 |
2020-04-22 | CVE-2020-10898 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. | 7.8 |
2020-04-22 | CVE-2020-10897 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. | 7.8 |
2020-04-22 | CVE-2020-10896 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. | 7.8 |
2020-04-22 | CVE-2020-10895 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. | 7.8 |
2020-04-22 | CVE-2020-10893 | Foxitsoftware | Out-of-bounds Write vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. | 7.8 |
2020-04-22 | CVE-2020-10891 | Foxitsoftware | Type Confusion vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. | 7.8 |
2020-04-22 | CVE-2020-10889 | Foxitsoftware | Type Confusion vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. | 7.8 |
2020-04-22 | CVE-2020-7490 | Schneider Electric | Untrusted Search Path vulnerability in Schneider-Electric Vijeo Designer A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and prior) and Vijeo Designer (V6.9 SP9 and prior), which could cause arbitrary code execution on the system running Vijeo Basic when a malicious DLL library is loaded by the Product. | 7.8 |
2020-04-22 | CVE-2020-5740 | Plex | Uncontrolled Search Path Element vulnerability in Plex Media Server Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges. | 7.8 |
2020-04-22 | CVE-2020-8474 | ABB | Improper Privilege Management vulnerability in ABB 800Xa Base System 5.1/6.0/6.0.0 Weak Registry permissions in ABB System 800xA Base allow low privileged users to read and modify registry settings related to control system functionality, allowing an authenticated attacker to cause system functions to stop or malfunction. | 7.8 |
2020-04-22 | CVE-2017-18787 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection. | 7.8 |
2020-04-22 | CVE-2017-18786 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection. | 7.8 |
2020-04-22 | CVE-2017-18779 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow. | 7.8 |
2020-04-22 | CVE-2017-18777 | Netgear | Insufficiently Protected Credentials vulnerability in Netgear products Certain NETGEAR devices are affected by administrative password disclosure. | 7.8 |
2020-04-21 | CVE-2020-8895 | Untrusted Search Path vulnerability in Google Earth Untrusted Search Path vulnerability in the windows installer of Google Earth Pro versions prior to 7.3.3 allows an attacker to insert malicious local files to execute unauthenticated remote code on the targeted system. | 7.8 | |
2020-04-21 | CVE-2020-11958 | Re2C Canonical | Out-of-bounds Write vulnerability in multiple products re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme. | 7.8 |
2020-04-20 | CVE-2017-18837 | Netgear | Improper Privilege Management vulnerability in Netgear products Certain NETGEAR devices are affected by vertical privilege escalation. | 7.8 |
2020-04-20 | CVE-2017-18830 | Netgear | Improper Privilege Management vulnerability in Netgear products Certain NETGEAR devices are affected by vertical privilege escalation. | 7.8 |
2020-04-20 | CVE-2017-18829 | Netgear | Improper Privilege Management vulnerability in Netgear products Certain NETGEAR devices are affected by vertical privilege escalation. | 7.8 |
2020-04-20 | CVE-2017-18826 | Netgear | Improper Privilege Management vulnerability in Netgear products Certain NETGEAR devices are affected by vertical privilege escalation. | 7.8 |
2020-04-20 | CVE-2017-18822 | Netgear | Improper Privilege Management vulnerability in Netgear products Certain NETGEAR devices are affected by vertical privilege escalation. | 7.8 |
2020-04-20 | CVE-2017-18849 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection. | 7.8 |
2020-04-20 | CVE-2017-18845 | Netgear | Insufficiently Protected Credentials vulnerability in Netgear R6700 Firmware and R6800 Firmware Certain NETGEAR devices are affected by disclosure of administrative credentials. | 7.8 |
2020-04-20 | CVE-2017-18844 | Netgear | Insufficiently Protected Credentials vulnerability in Netgear D7000 Firmware, R6700 Firmware and R6800 Firmware Certain NETGEAR devices are affected by disclosure of administrative credentials. | 7.8 |
2020-04-20 | CVE-2017-18843 | Netgear | Insufficiently Protected Credentials vulnerability in Netgear D7000 Firmware, R6700 Firmware and R6800 Firmware Certain NETGEAR devices are affected by disclosure of administrative credentials. | 7.8 |
2020-04-20 | CVE-2017-18838 | Netgear | Improper Privilege Management vulnerability in Netgear products Certain NETGEAR devices are affected by privilege escalation. | 7.8 |
2020-04-24 | CVE-2020-12070 | Advanced WOO Search | Information Exposure vulnerability in Advanced-Woo-Search Advanced WOO Search The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to includes/class-aws-search.php. | 7.5 |
2020-04-24 | CVE-2020-11004 | Admidio | SQL Injection vulnerability in Admidio SQL Injection was discovered in Admidio before version 3.3.13. | 7.5 |
2020-04-24 | CVE-2020-6828 | Mozilla | Path Traversal vulnerability in Mozilla Firefox ESR A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. | 7.5 |
2020-04-24 | CVE-2020-6821 | Mozilla | Use of Uninitialized Resource vulnerability in Mozilla Firefox When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. | 7.5 |
2020-04-24 | CVE-2020-12128 | File Transfer Ifamily Project | Path Traversal vulnerability in File Transfer Ifamily Project File Transfer Ifamily 2.1 DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal related to the ./etc/ path. | 7.5 |
2020-04-23 | CVE-2020-11012 | Minio | Improper Handling of Exceptional Conditions vulnerability in Minio MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. | 7.5 |
2020-04-23 | CVE-2018-21139 | Netgear | Information Exposure vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of sensitive information. | 7.5 |
2020-04-23 | CVE-2020-12112 | Bigbluebutton | Path Traversal vulnerability in Bigbluebutton BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File Inclusion. | 7.5 |
2020-04-23 | CVE-2020-11940 | Ntop | Out-of-bounds Read vulnerability in Ntop Ndpi In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library. | 7.5 |
2020-04-23 | CVE-2019-9183 | Contiki OS Contiki NG | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. | 7.5 |
2020-04-23 | CVE-2020-5571 | Sharp | Information Exposure vulnerability in Sharp products SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build number 01.00.01 and earlier, AQUOS L2 (UQ mobile/J:COM) build number 01.00.05 and earlier, AQUOS sense lite SH-M05 build number 03.00.04 and earlier, AQUOS sense (UQ mobile) build number 03.00.03 and earlier, AQUOS compact SH-M06 build number 02.00.02 and earlier, AQUOS sense plus SH-M07 build number 02.00.02 and earlier, AQUOS sense2 SH-M08 build number 02.00.05 and earlier, and AQUOS sense2 (UQ mobile) build number 02.00.06 and earlier) allow an attacker to obtain the sensitive information of the device via malicious applications installed on the device. | 7.5 |
2020-04-22 | CVE-2020-8867 | Opcfoundation | Insufficient Session Expiration vulnerability in Opcfoundation Unified Architecture .Net-Standard This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard 1.04.358.30. | 7.5 |
2020-04-22 | CVE-2020-11506 | Gitlab | HTTP Request Smuggling vulnerability in Gitlab An issue was discovered in GitLab 10.7.0 and later through 12.9.2. | 7.5 |
2020-04-22 | CVE-2020-11505 | Gitlab | HTTP Request Smuggling vulnerability in Gitlab An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. | 7.5 |
2020-04-22 | CVE-2020-7488 | Schneider Electric | Cleartext Transmission of Sensitive Information vulnerability in Schneider-Electric products A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sensitive information transmitted between the software and the Modicon M218, M241, M251, and M258 controllers. | 7.5 |
2020-04-22 | CVE-2019-6859 | Schneider Electric | Use of Hard-coded Credentials vulnerability in Schneider-Electric products A CWE-798: Use of Hardcoded Credentials vulnerability exists in Modicon Controllers (All versions of the following CPUs and Communication Module product references listed in the Security Notifications), which could cause the disclosure of FTP hardcoded credentials when using the Web server of the controller on an unsecure network. | 7.5 |
2020-04-22 | CVE-2020-12066 | Teeworlds Opensuse Fedoraproject Debian Canonical | Improper Input Validation vulnerability in multiple products CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server. | 7.5 |
2020-04-22 | CVE-2020-11795 | Jetbrains | Insufficient Session Expiration vulnerability in Jetbrains Space In JetBrains Space through 2020-04-22, the session timeout period was configured improperly. | 7.5 |
2020-04-22 | CVE-2020-11693 | Jetbrains | Unspecified vulnerability in Jetbrains Youtrack JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue. | 7.5 |
2020-04-22 | CVE-2020-11691 | Jetbrains | Unspecified vulnerability in Jetbrains HUB In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible. | 7.5 |
2020-04-22 | CVE-2020-11688 | Jetbrains | Insufficient Session Expiration vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session. | 7.5 |
2020-04-22 | CVE-2020-11687 | Jetbrains | Information Exposure vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.2.2, password values were shown in an unmasked format on several pages. | 7.5 |
2020-04-22 | CVE-2020-11685 | Jetbrains | Cleartext Transmission of Sensitive Information vulnerability in Jetbrains Goland In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS. | 7.5 |
2020-04-22 | CVE-2020-12059 | Linuxfoundation Canonical | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Ceph through 13.2.9. | 7.5 |
2020-04-21 | CVE-2020-12051 | Mediawiki | Unspecified vulnerability in Mediawiki The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. | 7.5 |
2020-04-21 | CVE-2020-11008 | GIT SCM Debian Canonical Fedoraproject | Insufficiently Protected Credentials vulnerability in multiple products Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. | 7.5 |
2020-04-21 | CVE-2019-4327 | Hcltech | Use of Hard-coded Credentials vulnerability in Hcltech Appscan 9.0.3.14 "HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files." | 7.5 |
2020-04-21 | CVE-2017-18799 | Netgear | Improper Input Validation vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 7.5 |
2020-04-21 | CVE-2020-1699 | Linuxfoundation Redhat | Path Traversal vulnerability in multiple products A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. | 7.5 |
2020-04-21 | CVE-2019-8961 | Flexera | Uncontrolled Recursion vulnerability in Flexera Flexnet Publisher 11.16.2 A Denial of Service vulnerability related to stack exhaustion has been identified in FlexNet Publisher lmadmin.exe 11.16.2. | 7.5 |
2020-04-21 | CVE-2019-8960 | Flexera | Improper Check for Unusual or Exceptional Conditions vulnerability in Flexera Flexnet Publisher 11.16.2 A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. | 7.5 |
2020-04-21 | CVE-2020-1967 | Openssl Debian Freebsd Fedoraproject Oracle Netapp Broadcom Opensuse Jdedwards Tenable | NULL Pointer Dereference vulnerability in multiple products Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. | 7.5 |
2020-04-21 | CVE-2020-11828 | Oppo | Use of Uninitialized Resource vulnerability in Oppo Coloros In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR. | 7.5 |
2020-04-21 | CVE-2020-11968 | Evenroute | Information Exposure Through Log Files vulnerability in Evenroute Iqrouter Firmware 3.3.1 In the web-panel in IQrouter through 3.3.1, remote attackers can read system logs because of Incorrect Access Control. | 7.5 |
2020-04-21 | CVE-2020-11964 | Evenroute | Improper Authentication vulnerability in Evenroute Iqrouter Firmware 3.3.1 In IQrouter through 3.3.1, the Lua function diag_set_password in the web-panel allows remote attackers to change the root password arbitrarily. | 7.5 |
2020-04-20 | CVE-2020-11946 | Zohocorp | Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Opmanager 12.5 Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key via a servlet call. | 7.5 |
2020-04-20 | CVE-2020-3946 | Vmware | XML Entity Expansion vulnerability in VMWare Installbuilder InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service). | 7.5 |
2020-04-23 | CVE-2020-5864 | F5 | Improper Certificate Validation vulnerability in F5 Nginx Controller In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default. | 7.4 |
2020-04-21 | CVE-2020-5268 | Sustainsys | Improper Authentication vulnerability in Sustainsys Saml2 In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. | 7.3 |
2020-04-23 | CVE-2018-21164 | Netgear | OS Command Injection vulnerability in Netgear R6220 Firmware and Wndr3700 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 7.2 |
2020-04-23 | CVE-2018-21163 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 7.2 |
2020-04-23 | CVE-2018-21135 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 7.2 |
2020-04-23 | CVE-2020-4311 | IBM | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Tivoli Monitoring 6.3.0 IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. | 7.0 |
185 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-04-24 | CVE-2018-21228 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
2020-04-24 | CVE-2018-21227 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
2020-04-24 | CVE-2017-18699 | Netgear | Out-of-bounds Write vulnerability in Netgear R7800 Firmware and R9000 Firmware Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-24 | CVE-2017-18698 | Netgear | Out-of-bounds Write vulnerability in Netgear R6100 Firmware, R7800 Firmware and R9000 Firmware Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-24 | CVE-2017-18697 | Netgear | Out-of-bounds Write vulnerability in Netgear R7800 Firmware and R9000 Firmware Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-24 | CVE-2017-18707 | Netgear | Classic Buffer Overflow vulnerability in Netgear R8300 Firmware and R8500 Firmware Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. | 6.8 |
2020-04-23 | CVE-2018-21110 | Netgear | OS Command Injection vulnerability in Netgear R7800 Firmware NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | 6.8 |
2020-04-23 | CVE-2018-21109 | Netgear | OS Command Injection vulnerability in Netgear R7800 Firmware NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | 6.8 |
2020-04-23 | CVE-2018-21108 | Netgear | OS Command Injection vulnerability in Netgear R7800 Firmware NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | 6.8 |
2020-04-23 | CVE-2018-21107 | Netgear | OS Command Injection vulnerability in Netgear R7800 Firmware NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | 6.8 |
2020-04-23 | CVE-2018-21106 | Netgear | OS Command Injection vulnerability in Netgear R7800 Firmware NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | 6.8 |
2020-04-23 | CVE-2018-21105 | Netgear | OS Command Injection vulnerability in Netgear R7800 Firmware NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | 6.8 |
2020-04-23 | CVE-2018-21104 | Netgear | OS Command Injection vulnerability in Netgear R7800 Firmware NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | 6.8 |
2020-04-23 | CVE-2018-21103 | Netgear | OS Command Injection vulnerability in Netgear R7800 Firmware NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | 6.8 |
2020-04-22 | CVE-2018-21151 | Netgear | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. | 6.8 |
2020-04-22 | CVE-2018-21150 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-22 | CVE-2017-18754 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
2020-04-22 | CVE-2018-21119 | Netgear | Injection vulnerability in Netgear Wac505 Firmware and Wac510 Firmware Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
2020-04-22 | CVE-2017-18767 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
2020-04-22 | CVE-2017-18761 | Netgear | Out-of-bounds Write vulnerability in Netgear R8000 Firmware NETGEAR R8000 devices before 1.0.4.2 are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-22 | CVE-2017-18759 | Netgear | Out-of-bounds Write vulnerability in Netgear R8300 Firmware and R8500 Firmware Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-22 | CVE-2018-21114 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
2020-04-22 | CVE-2018-21112 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
2020-04-22 | CVE-2018-21111 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-22 | CVE-2017-18770 | Netgear | Classic Buffer Overflow vulnerability in Netgear Plw1000 Firmware, Plw1010 Firmware and R7800 Firmware Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. | 6.8 |
2020-04-21 | CVE-2018-21148 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-21 | CVE-2018-21147 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-21 | CVE-2018-21146 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.8 |
2020-04-21 | CVE-2018-21145 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-21 | CVE-2018-21144 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 6.8 |
2020-04-24 | CVE-2019-15794 | Linux Canonical | Operation on a Resource after Expiration or Release vulnerability in multiple products Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. | 6.7 |
2020-04-23 | CVE-2019-17101 | Netatmo | Command Injection vulnerability in Netatmo Smart Indoor Camera Firmware Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in firmware versions prior to x.xx of Netatmo Smart Indoor Camera allows an attacker to execute commands on the device. | 6.7 |
2020-04-23 | CVE-2020-8797 | Juplink | OS Command Injection vulnerability in Juplink Rx4-1500 Firmware 1.0.3 Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin from the local network. | 6.7 |
2020-04-22 | CVE-2017-18773 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.7 |
2020-04-22 | CVE-2017-18788 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.7 |
2020-04-21 | CVE-2017-18801 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection. | 6.7 |
2020-04-21 | CVE-2017-18796 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection. | 6.7 |
2020-04-21 | CVE-2017-18795 | Netgear | Injection vulnerability in Netgear D6100 Firmware and D6220 Firmware Certain NETGEAR devices are affected by command injection. | 6.7 |
2020-04-21 | CVE-2017-18793 | Netgear | Injection vulnerability in Netgear R7800 Firmware NETGEAR R7800 devices before 1.0.2.36 are affected by command injection. | 6.7 |
2020-04-21 | CVE-2017-18805 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection. | 6.7 |
2020-04-21 | CVE-2017-18804 | Netgear | Injection vulnerability in Netgear R7800 Firmware and R9000 Firmware Certain NETGEAR devices are affected by command injection. | 6.7 |
2020-04-21 | CVE-2017-18802 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection. | 6.7 |
2020-04-21 | CVE-2017-18806 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection. | 6.7 |
2020-04-20 | CVE-2017-18846 | Netgear | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow. | 6.7 |
2020-04-20 | CVE-2017-18841 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection. | 6.7 |
2020-04-20 | CVE-2017-18851 | Netgear | Injection vulnerability in Netgear products Certain NETGEAR devices are affected by command injection by an authenticated user. | 6.7 |
2020-04-24 | CVE-2020-7134 | HP | Unspecified vulnerability in HP HPE IOT + GCP A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1, 1.4.2, 1.2.4.2. | 6.5 |
2020-04-24 | CVE-2020-4267 | IBM | Memory Leak vulnerability in IBM MQ and MQ Appliance IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. | 6.5 |
2020-04-24 | CVE-2018-21229 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 6.5 |
2020-04-24 | CVE-2017-18704 | Netgear | Information Exposure vulnerability in Netgear products Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. | 6.5 |
2020-04-24 | CVE-2017-18714 | Netgear | Unspecified vulnerability in Netgear Wndr4500 Firmware NETGEAR WNDR4500v3 devices before 1.0.0.48 are affected by denial of service. | 6.5 |
2020-04-24 | CVE-2017-18713 | Netgear | Information Exposure vulnerability in Netgear products Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. | 6.5 |
2020-04-24 | CVE-2017-18712 | Netgear | Information Exposure vulnerability in Netgear products Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. | 6.5 |
2020-04-24 | CVE-2017-18706 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 6.5 |
2020-04-23 | CVE-2017-18747 | Netgear | Improper Input Validation vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 6.5 |
2020-04-23 | CVE-2017-18746 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 6.5 |
2020-04-23 | CVE-2017-18741 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 6.5 |
2020-04-22 | CVE-2020-1983 | Libslirp Project Fedoraproject Debian Opensuse Canonical | Use After Free vulnerability in multiple products A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. | 6.5 |
2020-04-22 | CVE-2020-11649 | Gitlab | Missing Authentication for Critical Function vulnerability in Gitlab An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. | 6.5 |
2020-04-22 | CVE-2018-21129 | Netgear | Information Exposure vulnerability in Netgear Wac505 Firmware and Wac510 Firmware Certain NETGEAR devices are affected by disclosure of sensitive information. | 6.5 |
2020-04-22 | CVE-2017-18752 | Netgear | Information Exposure vulnerability in Netgear products Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. | 6.5 |
2020-04-22 | CVE-2018-21122 | Netgear | Improper Input Validation vulnerability in Netgear products Certain NETGEAR devices are affected by denial of service. | 6.5 |
2020-04-22 | CVE-2017-18766 | Netgear | Information Exposure vulnerability in Netgear Dst6501 Firmware and Wnr2000 Firmware Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. | 6.5 |
2020-04-22 | CVE-2017-18765 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by denial of service. | 6.5 |
2020-04-22 | CVE-2017-18763 | Netgear | Improper Input Validation vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 6.5 |
2020-04-22 | CVE-2020-4085 | Hcltech | Information Exposure Through an Error Message vulnerability in Hcltech Connections 5.5/6.0/6.5 "HCL Connections is vulnerable to possible information leakage and could disclose sensitive information via stack trace to a local user." | 6.5 |
2020-04-22 | CVE-2020-11689 | Jetbrains | Incorrect Default Permissions vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.2.1, a user without appropriate permissions was able to import settings from the settings.kts file. | 6.5 |
2020-04-21 | CVE-2018-21143 | Netgear | Information Exposure vulnerability in Netgear Gs810Emx Firmware NETGEAR GS810EMX devices before 1.0.0.5 are affected by disclosure of sensitive information. | 6.5 |
2020-04-21 | CVE-2018-21140 | Netgear | Improper Input Validation vulnerability in Netgear D3600 Firmware and D6000 Firmware Certain NETGEAR devices are affected by incorrect configuration of security settings. | 6.5 |
2020-04-20 | CVE-2020-5293 | Prestashop | Incorrect Authorization vulnerability in Prestashop In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. | 6.5 |
2020-04-20 | CVE-2020-5288 | Prestashop | Incorrect Authorization vulnerability in Prestashop "In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. | 6.5 |
2020-04-20 | CVE-2020-5287 | Prestashop | Incorrect Authorization vulnerability in Prestashop In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. | 6.5 |
2020-04-20 | CVE-2020-5279 | Prestashop | Incorrect Authorization vulnerability in Prestashop In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. | 6.5 |
2020-04-23 | CVE-2017-18740 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 6.3 |
2020-04-21 | CVE-2017-18798 | Netgear | Improper Input Validation vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 6.2 |
2020-04-21 | CVE-2017-18797 | Netgear | Information Exposure vulnerability in Netgear products Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. | 6.2 |
2020-04-21 | CVE-2017-18790 | Netgear | Information Exposure vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of sensitive information. | 6.2 |
2020-04-21 | CVE-2017-18803 | Netgear | Improper Input Validation vulnerability in Netgear R7800 Firmware 1.0.1.30/1.0.2.16/1.0.2.28 NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect configuration of security settings. | 6.2 |
2020-04-21 | CVE-2020-8099 | Bitdefender | Link Following vulnerability in Bitdefender Antivirus 2020 1.0.15.138 A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. | 6.2 |
2020-04-20 | CVE-2017-18836 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by denial of service. | 6.2 |
2020-04-20 | CVE-2017-18840 | Netgear | Improper Input Validation vulnerability in Netgear products Certain NETGEAR devices are affected by denial of service. | 6.2 |
2020-04-24 | CVE-2020-6213 | SAP | Cross-site Scripting vulnerability in SAP Netweaver AS Abap Business Server Pages SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_PHTMLB, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, is vulnerable to reflected Cross-Site Scripting (XSS) via different URL parameters as it does not sufficiently encode user controlled inputs. | 6.1 |
2020-04-24 | CVE-2020-12245 | Grafana | Cross-site Scripting vulnerability in Grafana Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip. | 6.1 |
2020-04-24 | CVE-2017-18701 | Netgear | Cross-site Scripting vulnerability in Netgear R6700 Firmware and R6900 Firmware Certain NETGEAR devices are affected by reflected XSS. | 6.1 |
2020-04-24 | CVE-2017-18700 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 6.1 |
2020-04-24 | CVE-2017-18715 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by reflected XSS. | 6.1 |
2020-04-24 | CVE-2020-12137 | GNU Debian Fedoraproject Canonical Opensuse | Cross-site Scripting vulnerability in multiple products GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. | 6.1 |
2020-04-24 | CVE-2020-12132 | Fifthplay | Cross-site Scripting vulnerability in Fifthplay S.A.M.I 2019.3Hp Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS via a POST request. | 6.1 |
2020-04-24 | CVE-2020-12131 | App2Pro | Cross-site Scripting vulnerability in App2Pro Airdisk PRO 5.5.3 The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parameter (shown next to the UI logo). | 6.1 |
2020-04-24 | CVE-2020-12130 | App2Pro | Cross-site Scripting vulnerability in App2Pro Airdisk PRO 5.5.3 The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parameter of the Delete function. | 6.1 |
2020-04-24 | CVE-2020-12129 | App2Pro | Cross-site Scripting vulnerability in App2Pro Airdisk PRO 5.5.3 The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder parameter of the Create Folder function. | 6.1 |
2020-04-23 | CVE-2020-12113 | Bigbluebutton | Cross-site Scripting vulnerability in Bigbluebutton BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used. | 6.1 |
2020-04-23 | CVE-2017-18745 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 6.1 |
2020-04-23 | CVE-2020-1760 | Linuxfoundation Redhat Fedoraproject Canonical Debian | Cross-site Scripting vulnerability in multiple products A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. | 6.1 |
2020-04-23 | CVE-2020-12054 | Catchplugins | Cross-site Scripting vulnerability in Catchplugins Catch Breadcrumb The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query). | 6.1 |
2020-04-22 | CVE-2018-18405 | Jquery | Cross-site Scripting vulnerability in Jquery 2.2.2 jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. | 6.1 |
2020-04-22 | CVE-2017-18784 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by XSS. | 6.1 |
2020-04-22 | CVE-2017-18783 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by XSS. | 6.1 |
2020-04-22 | CVE-2019-20102 | Atlassian | Cross-site Scripting vulnerability in Atlassian Confluence Server The attachment-uploading feature in Atlassian Confluence Server from version 6.14.0 through version 6.14.3, and version 6.15.0 before version 6.15.5 allows remote attackers to achieve stored cross-site- scripting (SXSS) via a malicious attachment with a modified `mimeType` parameter. | 6.1 |
2020-04-21 | CVE-2017-18800 | Netgear | Cross-site Scripting vulnerability in Netgear R6700 Firmware and R6800 Firmware Certain NETGEAR devices are affected by reflected XSS. | 6.1 |
2020-04-20 | CVE-2020-11944 | Bitcoin ABE Project | Cross-site Scripting vulnerability in Bitcoin-Abe Project Bitcoin-Abe Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call__ in abe.py because the PATH_INFO environment variable is mishandled during a PageNotFound exception. | 6.1 |
2020-04-20 | CVE-2020-9445 | Zulip | Cross-site Scripting vulnerability in Zulip Server Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality. | 6.1 |
2020-04-20 | CVE-2020-9444 | Zulip | Improper Restriction of Rendered UI Layers or Frames vulnerability in Zulip Server Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality. | 6.1 |
2020-04-20 | CVE-2020-5286 | Prestashop | Cross-site Scripting vulnerability in Prestashop In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflected XSS when uploading a wrong file. | 6.1 |
2020-04-20 | CVE-2020-5285 | Prestashop | Cross-site Scripting vulnerability in Prestashop In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflected XSS with `back` parameter. | 6.1 |
2020-04-20 | CVE-2020-5278 | Prestashop | Cross-site Scripting vulnerability in Prestashop In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflected XSS on Exception page The problem is fixed in 1.7.6.5 | 6.1 |
2020-04-20 | CVE-2020-5276 | Prestashop | Cross-site Scripting vulnerability in Prestashop In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflected XSS on AdminCarts page with `cartBox` parameter The problem is fixed in 1.7.6.5 | 6.1 |
2020-04-20 | CVE-2020-5272 | Prestashop | Cross-site Scripting vulnerability in Prestashop In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflected XSS on Search page with `alias` and `search` parameters. | 6.1 |
2020-04-20 | CVE-2020-5271 | Prestashop | Cross-site Scripting vulnerability in Prestashop In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with `date_from` and `date_to` parameters in the dashboard page This problem is fixed in 1.7.6.5 | 6.1 |
2020-04-20 | CVE-2020-5270 | Prestashop | Open Redirect vulnerability in Prestashop In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. | 6.1 |
2020-04-20 | CVE-2020-5269 | Prestashop | Cross-site Scripting vulnerability in Prestashop 1.7.6.2/1.7.6.3/1.7.6.4 In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminFeatures page by using the `id_feature` parameter. | 6.1 |
2020-04-20 | CVE-2020-5265 | Prestashop | Cross-site Scripting vulnerability in Prestashop 1.7.6.2/1.7.6.3/1.7.6.4 In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflected XSS on AdminAttributesGroups page. | 6.1 |
2020-04-20 | CVE-2020-5264 | Prestashop | Cross-site Scripting vulnerability in Prestashop In PrestaShop before version 1.7.6.5, there is a reflected XSS while running the security compromised page. | 6.1 |
2020-04-20 | CVE-2017-18835 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by reflected XSS. | 6.1 |
2020-04-20 | CVE-2017-18834 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by reflected XSS. | 6.1 |
2020-04-20 | CVE-2017-18833 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by reflected XSS. | 6.1 |
2020-04-20 | CVE-2020-11888 | Python Markdown2 Project | Cross-site Scripting vulnerability in Python-Markdown2 Project Python-Markdown2 python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. | 6.1 |
2020-04-20 | CVE-2020-11930 | Gtranslate | Cross-site Scripting vulnerability in Gtranslate Translate Wordpress With Gtranslate The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. | 6.1 |
2020-04-24 | CVE-2020-1741 | Redhat | Unspecified vulnerability in Redhat Openshift Container Platform 3.11 A flaw was found in openshift-ansible. | 5.9 |
2020-04-23 | CVE-2020-12105 | Infradead Opensuse | Improper Handling of Exceptional Conditions vulnerability in multiple products OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks. | 5.9 |
2020-04-23 | CVE-2020-11806 | Mailstore | Improper Certificate Validation vulnerability in Mailstore Server In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through 12.1.2, the login process does not validate the validity of the certificate presented by the server. | 5.9 |
2020-04-24 | CVE-2020-12135 | Whoopsie Project Mongodb | Integer Overflow or Wraparound vulnerability in multiple products bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. | 5.5 |
2020-04-23 | CVE-2020-8798 | Juplink | Incorrect Default Permissions vulnerability in Juplink Rx4-1500 Firmware 1.0.3/1.0.4/1.0.5 httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network. | 5.5 |
2020-04-23 | CVE-2020-5866 | F5 | Information Exposure vulnerability in F5 Nginx Controller In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments. | 5.5 |
2020-04-23 | CVE-2019-4668 | IBM | Insufficiently Protected Credentials vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. | 5.5 |
2020-04-22 | CVE-2020-8831 | Canonical Apport Project | Link Following vulnerability in multiple products Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. | 5.5 |
2020-04-22 | CVE-2019-19107 | ABB Busch Jaeger | Cleartext Transmission of Sensitive Information vulnerability in multiple products The Configuration pages in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway for user profiles and services transfer the password in plaintext (although hidden when displayed). | 5.5 |
2020-04-22 | CVE-2019-19105 | ABB Busch Jaeger | Insufficiently Protected Credentials vulnerability in multiple products The backup function in ABB Telephone Gateway TG/S 3.2 and Busch-Jaeger 6186/11 Telefon-Gateway saves the current settings and configuration of the application, including credentials of existing user accounts and other configuration's credentials in plaintext. | 5.5 |
2020-04-22 | CVE-2017-18780 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by denial of service. | 5.5 |
2020-04-22 | CVE-2017-18778 | Netgear | Improper Input Validation vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 5.5 |
2020-04-22 | CVE-2017-18789 | Netgear | Information Exposure vulnerability in Netgear products Certain NETGEAR devices are affected by disclosure of sensitive information. | 5.5 |
2020-04-20 | CVE-2020-9070 | Huawei | Improper Authentication vulnerability in Huawei Taurus-Al00B Firmware 10.0.0.133(C00E132R5P1)/10.0.0.203(C00E201R7P2)/10.0.0.41(Sp2C00E41R3P2) Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205(C00E201R7P2) have an improper authentication vulnerability. | 5.5 |
2020-04-20 | CVE-2017-18823 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 5.5 |
2020-04-20 | CVE-2017-18847 | Netgear | Information Exposure vulnerability in Netgear products Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. | 5.5 |
2020-04-24 | CVE-2020-6212 | SAP | Missing Authorization vulnerability in SAP ERP and S/4Hana Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check. | 5.4 |
2020-04-24 | CVE-2018-21231 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 5.4 |
2020-04-24 | CVE-2018-21230 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 5.4 |
2020-04-24 | CVE-2017-18702 | Netgear | Unspecified vulnerability in Netgear R6220 Firmware 1.1.0.46/1.1.0.50 NETGEAR R6220 devices before 1.1.0.60 are affected by incorrect configuration of security settings. | 5.4 |
2020-04-23 | CVE-2020-7132 | HP | Cross-site Scripting vulnerability in HP Onboard Administrator 4.85 A potential security vulnerability has been identified in HPE Onboard Administrator. | 5.4 |
2020-04-22 | CVE-2017-18757 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by incorrect configuration of security settings. | 5.4 |
2020-04-22 | CVE-2020-7642 | Lazysizes Project | Cross-site Scripting vulnerability in Lazysizes Project Lazysizes lazysizes through 5.2.0 allows execution of malicious JavaScript. | 5.4 |
2020-04-22 | CVE-2020-11416 | Jetbrains | Cross-site Scripting vulnerability in Jetbrains Space JetBrains Space through 2020-04-22 allows stored XSS in Chats. | 5.4 |
2020-04-20 | CVE-2020-10935 | Zulip | Cross-site Scripting vulnerability in Zulip Server Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover. | 5.4 |
2020-04-24 | CVE-2019-4751 | IBM | Information Exposure vulnerability in IBM Cloud APP Management 2019.3.0/2019.4.0 IBM Cloud App Management 2019.3.0 and 2019.4.0 reveals a stack trace on certain API requests which can allow an attacker further information about the implementation of the offering. | 5.3 |
2020-04-24 | CVE-2020-12063 | Postfix | Unspecified vulnerability in Postfix 2.10.1 A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character. | 5.3 |
2020-04-23 | CVE-2020-7643 | Idea | Unspecified vulnerability in Idea Paypal-Adaptive paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. | 5.3 |
2020-04-21 | CVE-2020-11891 | Joomla | Unspecified vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.17. | 5.3 |
2020-04-21 | CVE-2020-11890 | Joomla | Improper Input Validation vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.17. | 5.3 |
2020-04-21 | CVE-2020-11889 | Joomla | Unspecified vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.17. | 5.3 |
2020-04-20 | CVE-2020-1803 | Huawei | Improper Authentication vulnerability in Huawei Honor V20 Firmware Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C636E3R4P3),versions earlier than 10.0.0.180(C185E3R3P3),versions earlier than 10.0.0.180(C432E10R3P4) have an information disclosure vulnerability. | 5.3 |
2020-04-24 | CVE-2020-11013 | Helm | Information Exposure vulnerability in Helm Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. | 5.0 |
2020-04-23 | CVE-2018-21166 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by denial of service. | 4.9 |
2020-04-23 | CVE-2018-21165 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by denial of service. | 4.9 |
2020-04-23 | CVE-2018-21142 | Netgear | Unspecified vulnerability in Netgear products Certain NETGEAR devices are affected by denial of service. | 4.9 |
2020-04-22 | CVE-2020-11938 | Jetbrains | Unspecified vulnerability in Jetbrains Teamcity In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator was able to see scrambled password parameters used in a project. | 4.9 |
2020-04-26 | CVE-2019-20789 | Croogo | Cross-site Scripting vulnerability in Croogo Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or admin/taxonomy/vocabularies. | 4.8 |
2020-04-23 | CVE-2020-5865 | F5 Netapp | Cleartext Transmission of Sensitive Information vulnerability in multiple products In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks. | 4.8 |
2020-04-23 | CVE-2020-12071 | Anchorcms | Cross-site Scripting vulnerability in Anchorcms Anchor 0.12.7 Anchor 0.12.7 allows admins to cause XSS via crafted post content. | 4.8 |
2020-04-22 | CVE-2017-18785 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by XSS. | 4.8 |
2020-04-21 | CVE-2017-18809 | Netgear | Cross-site Scripting vulnerability in Netgear Readynas OS NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | 4.8 |
2020-04-21 | CVE-2017-18807 | Netgear | Cross-site Scripting vulnerability in Netgear Readynas OS NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | 4.8 |
2020-04-21 | CVE-2017-18820 | Netgear | Cross-site Scripting vulnerability in Netgear Readynas OS NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | 4.8 |
2020-04-21 | CVE-2017-18816 | Netgear | Cross-site Scripting vulnerability in Netgear Readynas OS NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | 4.8 |
2020-04-21 | CVE-2017-18815 | Netgear | Cross-site Scripting vulnerability in Netgear Readynas OS NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | 4.8 |
2020-04-21 | CVE-2017-18814 | Netgear | Cross-site Scripting vulnerability in Netgear Readynas OS NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | 4.8 |
2020-04-21 | CVE-2017-18813 | Netgear | Cross-site Scripting vulnerability in Netgear Readynas OS NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | 4.8 |
2020-04-21 | CVE-2017-18812 | Netgear | Cross-site Scripting vulnerability in Netgear Readynas OS NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | 4.8 |
2020-04-21 | CVE-2017-18811 | Netgear | Cross-site Scripting vulnerability in Netgear Readynas OS NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | 4.8 |
2020-04-21 | CVE-2017-18810 | Netgear | Cross-site Scripting vulnerability in Netgear Readynas OS NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. | 4.8 |
2020-04-21 | CVE-2017-18821 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-20 | CVE-2017-18832 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-20 | CVE-2017-18831 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-20 | CVE-2017-18828 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-20 | CVE-2017-18827 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-20 | CVE-2017-18825 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-20 | CVE-2017-18839 | Netgear | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
2020-04-24 | CVE-2020-6827 | Mozilla | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox ESR When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. | 4.7 |
2020-04-22 | CVE-2020-8833 | Canonical Apport Project | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. | 4.7 |
2020-04-23 | CVE-2018-21136 | Netgear | Information Exposure vulnerability in Netgear D3600 Firmware and D6000 Firmware Certain NETGEAR devices are affected by disclosure of sensitive information. | 4.6 |
2020-04-23 | CVE-2020-4353 | IBM | Unspecified vulnerability in IBM Maas360 3.96.62/6.82 IBM MaaS360 6.82 could allow a user with pysical access to the device to crash the application which may enable the user to access restricted applications and device settings. | 4.6 |
2020-04-23 | CVE-2019-4735 | IBM | Unspecified vulnerability in IBM Maas360 3.96.62 IBM MaaS360 3.96.62 for iOS could allow an attacker with physical access to the device to obtain sensitive information from the agent outside of the container. | 4.6 |
2020-04-22 | CVE-2017-18769 | Netgear | Information Exposure vulnerability in Netgear products Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. | 4.6 |
2020-04-21 | CVE-2018-21141 | Netgear | Improper Input Validation vulnerability in Netgear products Certain NETGEAR devices are affected by denial of service. | 4.5 |
2020-04-24 | CVE-2017-18710 | Netgear | Information Exposure vulnerability in Netgear R8300 Firmware and R8500 Firmware Certain NETGEAR devices are affected by disclosure of sensitive information. | 4.3 |
2020-04-21 | CVE-2017-18808 | Netgear | Unspecified vulnerability in Netgear Readynas OS NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings. | 4.2 |
10 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-04-22 | CVE-2020-10905 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. | 3.3 |
2020-04-22 | CVE-2020-10903 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. | 3.3 |
2020-04-22 | CVE-2020-10901 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. | 3.3 |
2020-04-22 | CVE-2020-10894 | Foxitsoftware | Out-of-bounds Read vulnerability in Foxitsoftware Phantompdf This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. | 3.3 |
2020-04-21 | CVE-2017-18819 | Netgear | Unspecified vulnerability in Netgear Readynas OS NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings. | 3.3 |
2020-04-20 | CVE-2017-18824 | Netgear | Path Traversal vulnerability in Netgear products Certain NETGEAR devices are affected by directory traversal. | 3.3 |
2020-04-21 | CVE-2020-5301 | Simplesamlphp | Improper Handling of Case Sensitivity vulnerability in Simplesamlphp SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. | 3.1 |
2020-04-24 | CVE-2020-6824 | Mozilla | Session Fixation vulnerability in Mozilla Firefox Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. | 2.8 |
2020-04-22 | CVE-2020-11692 | Jetbrains | Incorrect Default Permissions vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2020.1.659, DB export was accessible to read-only administrators. | 2.7 |
2020-04-22 | CVE-2020-11686 | Jetbrains | Unspecified vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings. | 2.7 |